Using the Internet for Your Enterprise WAN
Enterprise networks are special. They require bomb-proof design, micro-second convergence and service-level agreements so good that the WAN will only be down for half a second every year scheduled six weeks ahead of time for midnight over a holiday weekend. That’s what we’re taught from the time we’re young Network Engineers sitting on our parents’ knees. An Enterprise network is something special they taught us. We should never consider running our mission-critical traffic over the dirty, unreliable Internet! Such talk would be blasphemy akin to looking for a date at a funeral. It might work for some, but our network is special and must be treated that way.
So what is all of this talk then, coming from Cisco no less, of using Internet links to run an Enterprise-class network? Cisco recently introduced the Intelligent WAN (IWAN) solution that promotes exactly this sort of “illicit” behavior. So what’s changed?
The concept of using Internet connections to run a business network is not a new one. The idea has been around for years, but has really begun to garner interest from IT departments recently. Several recent changes make an Internet-based WAN a real possibility. Changing traffic patterns, new features adding intelligence to the network, increased reliability of commodity services, and constant IT budget pressures all converge to change the way we think about that “dirty” Internet circuit. This video explains it nicely:
Changing Traffic Patterns
Remember the good old days when all your business-critical applications lived on either a tightly-controlled employee desktop or a tightly-controlled centralized data center? Those were the days when IT was fully in control and could proactively handle any security or performance concerns as part of Good Network Design.
Well those days are gone. Today we live in a much more malleable world. Applications now run in the ubiquitous cloud – somehow everywhere and nowhere at once. Employees use their own wide-array of devices to access company secrets in the office, at home, or wherever they happen to be. It’s a difficult time to have to worry about the network connecting everything.
The changing face of business applications means that Enterprise WAN traffic patterns are also shifting. The move to public cloud applications means that branch and remote users now often spend more time going out to the public Internet than they do connecting to a corporate data center. That means there is an increasing desire to dump that traffic directly on to the Internet at the branch rather than backhaul everything to the corporate data center across that expensive Enterprise WAN link.
Like it or not the Internet Edge is being pushed out to the branch for efficiencies bringing with it all of the sleepless nights worrying about security you would expect. With an integrated firewall in the branch, like the Cisco ISR G2 includes, providing a direct Internet handoff becomes a real possibility with a consistent security policy across the Enterprise. To make that Internet connection even more valuable, Cisco recently announced a partnership with Akamai to bring their acceleration technology all the way into the Enterprise branch on the Cisco ISR G2. We’re working together on some really ground-breaking technology that will make the Intelligent WAN even more amazingly efficient.
Are Reliable Commodity Links an Oxymoron?
Expensive Enterprise-Grade leased line and MPLS connections exist for a reason. Traditionally an IT organization needed a purpose built backbone to achieve the reliability the business called for. With more and more companies relying on their network as a critical part of their daily business, these service levels are more important than ever.
Of course, the assumption has always been that an Internet service, even so-called business-class Internet service, has never been able to provide that same level of reliability. Competition between carriers means that you can now find business-class Internet circuits with availability of 99.9% or higher in most areas. That’s approaching the availability of most MPLS circuits of around 99.95%. The real-world difference amounts to about 4.3 hours per year at a substantially lower cost.
Intelligence within the Network
Of course 99.9%, or 3-nines, availability is still 8 hours 46 minutes per year. For some businesses that might be fine, but for many they don’t want to assume those 8 hours won’t fall during the most important times for their business. Imagine a retail store closing for 8 hours on Black Friday or a tax office closing on April 14th.
That’s when a secondary WAN link is a real business requirement. With business-class Internet circuits, it is reasonable to deploy two circuits at a site for much less cost than a single MPLS or leased-line connection. Doing so can increase availability to 99.999% (5-nines) which equates to less than 5 minutes of down time per year. But why deploy a second backup link with bandwidth you’re paying for but not using? Wouldn’t it make more sense to use both of those connections all the time with the intelligent network actively monitoring both links to find the best path for each type of traffic?
That’s exactly what Performance Routing (PfR) does in an Intelligent WAN from Cisco. PfR constantly monitors the reliability and response-time for both network connections and constantly sends traffic across the right link for the needs of that traffic. PfR is smart enough to send voice traffic over the lowest-latency link while sending database backups over the links with the most available bandwidth.
All of this is possible without complex routing or peering relationships and is constantly monitored and maintained by the network itself.
The New Economy
In most Enterprise networks the cost of WAN bandwidth can be the biggest line-item in the budget every quarter. IT groups are constantly looking for ways to conserve this precious resource and ways to make their dollar go further. The Intelligent WAN can do that by increasing the options an Enterprise has forcing service providers to compete for the WAN transport business.
The other key feature of the Intelligent WAN that makes this a real option for an Enterprise network is Dynamic Multipoit VPN. DMVPN is considered an over-the-top design meaning that it works just as well across leased-lines, MPLS circuits or the public Internet. That makes DMVPN uniquely portable so you can start with it in a leased-line or MPLS environment then seamlessly transition to a business Internet service in the future. Because all of the addressing and routing remains hidden from the provider it becomes very easy to change circuits to find the most affordable option in an area.
Transitioning from expensive MPLS services to business-class Internet circuits can result in a 75% savings for a single WAN connection. Using market prices in San Francisco as a gauge, that equates to a savings of $655 a month for each 10Mbps WAN circuit. In the new economy where all IT organizations are being asked to do more with less, that savings can have a real impact on the bottom line.
Tell Me More
This is all just the tip of the IWAN iceberg. Using intelligent features widely available in Cisco network devices such as the ISR G2 and ASR 1000, businesses can find new flexibility and significant savings in their monthly operational cost.
If you’d like to learn more, there is much more information available at the Intelligent WAN solution site. We also hosted a webinar with Akamai and discussed this very topic titled “How Smarter Branches Lower Costs”. Visit our community for the replay.
More information about the Cisco – Akamai partnership: