Kiss Your Branch Router Goodbye

Secure SD-WAN, which offers several advantages over branch router architectures, lets businesses fully realize the power and value of their digital innovation investments.

Kiss Your Branch Router Goodbye
(Image: Pixabay)

Today’s organizations are being built around cloud applications, services, and resources to help them conduct business and compete more effectively. And many of those applications and services they rely on not only consume significant amounts of bandwidth, but they are also highly sensitive to things like lag times, jitter, and dropped packets. That problem becomes more pronounced when static branch connections, such as a traditional branch router and MPLS solution, provide no visibility into applications while requiring those resources to be routed through the core network.

In a world of constant digital innovation, branch routers and their related architectures are unable to adequately address today’s business requirements – let alone those of the future. Instead, Secure SD-WAN solutions that include things like application identification and steering, bandwidth management, and deeply integrated security technologies create the most reliable, effective, and secure branch offices. They enable branch users to leverage unified communications, use critical SaaS applications, access resources stored in cloud infrastructures, and collaborate instantly with team members located across the extended network. They are also simple to manage, and unlike routers, actually simplify WAN operations.

The limitations of branch routers

Branch routers are subject to a variety of challenges that limit their ability to keep up with business demands. These include:

Lack of application agility: Routers operate from the perspective of a packet. As a result, they are unable to provide deep visibility into applications. The challenge is that a majority of organizations have now migrated to business applications such as Office 365, or have an investment in cloud applications and services. Being unable to identify business-critical applications and apply protocols to support their unique bandwidth and connectivity needs can degrade the user experience and impact the business.

Lack of scalability: MPLS connection speeds and volumes are pre-determined, which means that a sudden spike in traffic – such as multiple high-speed unified communications connections, or the need to process a large amount of data – can affect everyone. And at the same time, adding new sites or services is not only time-consuming, sometimes taking weeks or months, but also resource-intensive, often requiring site-by-site configuration.

Costly investment: Expensive hardware combined with individual site-by-site management, and MPLS dependence can seriously increase both capital and operational expenses. Branch routers are often complex to install, upgrade, and maintain – even when they are supposed to be a “low touch” solution. Configuration requires expertise with a router’s command line interface (CLI), and because of its complexity, it can rarely be performed by anyone onsite at a branch location.

Poor link and traffic management: When MPLS is supplemented with split tunneling to allow direct access to the internet, branch routers provide little to no management of links or connections. Even when traffic fails over or is moved to an alternative path, they lack the sub-second proactive steering required to avoid dropped connections, and don’t have the ability to mitigate transport issues or provide things like dynamic jitter buffering. They are also unable to actively regulate traffic before congestion becomes an issue. Worse, because routers lack effective security, these non-MPLS connections expose your organization to additional risk.

Replacing branch routers with Secure SD-WAN

Secure SD-WAN enables organizations to fully realize the power and value of their digital innovation investments. They provide users with uninterrupted access to critical applications and services, even bandwidth-heavy solutions such as unified communications or video conferencing. Here are a few advantages of an SD-WAN solution over a branch router architecture.

Advanced application steering: Like many routers, SD-WAN solutions are designed to select the most appropriate path to critical resources and services based on link health and business policies. And they can also monitor those connections and automatically alter routes to mitigate application performance degradation. But unlike routers, they are also able to identify and steer applications over SP or cloud provider backbones to ensure optimum application performance. In addition to identifying applications, SD-WAN can also create SLAs for sub-groups of applications, such as Office 365 chat versus an Office 365 file upload. And they have the ability to update business applications on a daily basis to ensure users are running the latest versions and updates. 

High scalability: SD-WAN enables organizations to dynamically and securely scale to tens of thousands of branches, seamlessly interoperate with existing physical and cloud infrastructures, and provide remote troubleshooting to eliminate costly physical interventions by skilled technicians. Administrators can also deliver zero-touch provisioning via text, enabling them to deploy a new site in minutes.

Advanced security: SD-WAN solutions also need to include fully integrated security. All traffic backhauled through the core network receives the inspection and protection services of the full stack of network security solutions in place. SD-WAN solutions on their own do not adequately replace these protections. And because of the dynamic nature and high scalability of SD-WAN, overlay security is not only very expensive to deploy and maintain, but often ends up reacting to connectivity changes after the fact, leaving critical connections and data vulnerable. An integrated system ensures that SD-WAN connectivity, traffic management functions, and advanced security function as a single, holistic solution.

Simplified management and orchestration: Centralized SD-WAN management ensures that new services and policies can be easily delivered and that connectivity and security configurations and policy changes can be seamlessly propagated throughout the extended WAN – eliminating the need to configure or manage each device or service individually.

Not all SD-WAN solutions are the same

Of course, organizations require connectivity solutions designed to address a variety of use cases, and not all SD-WAN solutions are able to meet the needs of every organization. Even more challenging, those use cases evolve over time. For example, an SD-WAN solution designed for a smaller, regional deployment may not be able to scale up and out should an organization switch to a more global deployment strategy. Likewise, simple security solutions or bulky overlay security solutions will not be able to react to the demands of dynamic SD-WAN environments, especially as increasing bandwidth and application loads require more complex traffic and connectivity management.

It is essential, therefore, to not only recognize the need to transition away from a traditional router-based WAN strategy but also to carefully select a Secure SD-WAN solution designed to provide the full spectrum of functionality and the broadest possible number of use cases. This helps ensure that your new SD-WAN deployment not only meets the needs of your organization today but that it can also adapt to your rapidly evolving requirements.

About the Author(s)

Nirav Shah, Vice President of Products and Solutions, Fortinet

Nirav Shah is vice president of products and solutions at Fortinet. He has more than 15 years of experience working in the enterprise networking and security industry. Nirav serves as the products and solutions lead for Fortinet’s Security-Driven Networking portfolio with a focus on SD-WAN, network firewall, SASE, segmentation, and NOC products. Prior positions include senior software developer and senior product manager for enterprise networking and security solutions at Cisco.

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights