Unifying Internet Carriers

As companies begin to consolidate services into Software as a Service (SaaS) offerings vs. running data centers, campus connectivity becomes a more significant focus. In traditional architectures, enterprises may have both a private circuit and an internet VPN connecting the campus to the data center. Now that the data center is becoming a dispersed set of SaaS offerings, enterprise customers are eliminating their private circuits. For redundancy, customers add a 2nd or even third internet circuit.

Two common questions arise.

1. How do you load balance between the two circuits?

2. How do you leverage the bandwidth of the two circuits?

 Original Approach

Back in the old days of just a couple of years ago, we'd use policy-based routing to accomplish both. Single circuit failover was simple. Both circuits might terminate into a router located on customer premises. That router would detect if the primary physical circuit was up or down. If down, the router would send traffic over the backup circuit.

 While simple, it proves an inefficient use of resources. If the customer has a 100Mbps circuit from AT&T and a 100Mbps circuit from Comcast, traffic only flows through one circuit. The obvious question, how do you unify the circuits?

 Since the technology rides two different carrier networks, there's no simple way to create a single communications channel. In the past, companies would develop static configurations to send specific types of traffic down each path. For example, all VoIP traffic may route over the AT&T circuit while all other traffic routed over the Comcast circuit. Not terribly efficient but it leveraged both circuits.

 There are several disadvantages to this approach. It's rarely as simple as "send voice here and FTP here." The reality? Data patterns are dynamic. During volatile internet loads, selecting which pipe to send real-time data impacts user and customer experience. Predictably, adjusting static configurations to dynamic environments proved futile. It has been the Holy Grail of networking for years.

 Enter SD-WAN

There's not a single product solving the challenge. There are well over a dozen solutions. The industry has standardized on x86 based solutions that dynamically monitors and routes traffic based on several conditions and policy. The solution is Software-Defined WAN (SD-WAN). SD-WAN solutions terminate both connections in our example. Based on the policy you define, the SD-WAN appliances balances traffic across the two (or more) internet connections.

The technology has advanced that solutions even select the best route for a given SaaS solution. O365 traffic may take one path and Salesforce another. It's a much more intelligent solution that requires less administration than previous approaches.

SD-WAN solutions come in all different shapes and sizes. There's an offering for the single office setup to global footprints in the 1000's of offices. Of course, all of the major network vendors offer a solution, and they are a good place to start. I did an interview with VMware that provides a solution via a recent acquisition Velocloud.

Our friends over on the PacketPushers maintain a list of the current SD-WAN solutions on the market.