Warakorn - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

The new cloud network: More than an Internet link

Learn about the virtual WAN, the software-defined WAN and other new cloud network possibilities.

Enterprises are committing more -- and more mission-critical -- workloads to cloud platforms every day.

In doing so, though, they are also pushing up against the limitations of the traditional WAN and Internet model. This model focuses on controlling and optimizing the flow of traffic across the (expensive) private network and it backhauls most Internet traffic across that network to and through data centers.

The initial rise of software as a service (SaaS) and the continued decrease in the cost of dependable, high-bandwidth broadband led to the first wave of cloud-driven changes in the WAN: the rapid spread of Internet-enabled and Internet-only branches. Even as enterprises are delivering public cloud applications through Internet connections to smaller branches, they are also becoming more comfortable with the prospect of installing Internet-only connectivity to larger and more important branches.

To these trends add the following:

  • The ongoing high relative cost of MPLS bandwidth;
  • The increasing importance of the workloads being delivered from external resources; and
  • The need to integrate SaaS as well as platform as a service (PaaS) and infrastructure as a service (IaaS) workloads with the in-house workloads, to create a service-oriented architecture built around numerous microservices.

With these forces at play, enterprises are looking to improve the performance and the security of the services they deliver over their own mixture of WAN and Internet connectivity.

WAN Virtualization

Where they are going broadband-only, enterprises are more often using multiple carriers and connection paths to ensure continuity of connections.

To boost performance, whether going Internet-only or Internet-augmented, enterprises are layering on link aggregation tools that make multiple connections look and work more like single giant pipes. This tactic makes more bandwidth available to any individual flow than any separate link would. It also reduces the impact of link failures and variations in performance.

As SD-WAN evolves, enterprises will look to do more than VPNs over the Internet.

Link aggregation is just the beginning of what is increasingly called WAN virtualization, or vWAN. Traditional application delivery optimization (ADO) techniques -- such as traffic shaping -- can be layered on. Aggregation approaches vary widely, much of them centered on the granularity and frequency of routing decisions. VWAN endpoints, for example, can look at traffic per application, per flow or per packet. They can also evaluate which connection is best based on what the links are doing right that second, or on some historically smoothed prediction of how it will be doing in the next instant.

Enterprises often deploy Elfiq, Mushroom and Talari products to build a vWAN, or they turn to a traditional ADO vendor such as Allot, Cisco, Ipanema or Riverbed.

Next up: Software-Defined WAN

Software-defined WAN (SD-WAN) is an approach that encompasses even more abstraction of WAN functions from the underlying connectivity medium.

As SD-WAN evolves, enterprises will look to do more than VPNs over the Internet. The hope is to extend the controller/data plane paradigm to the WAN and allow seamless integration of WAN control into a broader SDN. The SD also makes such approaches easily available to workloads living in an IaaS cloud.

New SD-WAN options range widely. Saisei, for example, offers a suite of API-enabled products that include policy-driven ADO along with security and traffic control. Viptela is tacking the market with a "virtual IP fabric" built around a specific edge device for each topology. And VeloCloud prices each “as a service” product individually in its branch-in-a-box offering. Traditional WAN vendors such as Cisco and Juniper are also rising to the challenge.

Another approach increasingly appealing to the enterprise: network as a service (NaaS). Instead of connecting appliances in branches back to appliances in data centers or other branches over the Internet, for example, a NaaS approach might connect each location to the nearest service-provider backbone point-of-presence (POP). The provider can use that backbone to bypass the public Internet (or use it in heavily optimized ways) for an enterprise's internal communications. At the same time, it can a deliver the enterprise's external communications to an egress point close to its destination -- e.g., in a NaaS-provider POP inside the same data center or carrier hotel.

Aryaka, BatBlue and VeloCloud are among vendors offering NaaS products, as can more traditional carriers (especially in partnership with an SD-WAN design) or virtual network operators such as Masergy.

The bottom line

Before using any of these technologies to link your network branches, carefully assess your risk, cloud strategy and the applications used. If you understand what you’re trying to achieve and the associated security implications, that knowledge will help you guide your choice and enable you to reach your WAN performance and cost goals.

Next Steps

Learn more about WAN aggregation.

SD WAN may be a game-changer.

This was last published in June 2015

Dig Deeper on Cloud Networking