Rething your WANTraditional network design dictated that each branch was connected to headquarters or the datacenter where mission critical applications were hosted with dedicated and redundant connections. These Wide Area Network (WAN) connections were typically MPLS circuits that came with service level agreements that guaranteed quality.  Typically, there were two circuits to provide fail-over capabilities – the secondary line is commonly an underused or unused safety net. It worked well, it was expensive and it was the cost of doing business for companies dependent on a global reach or being closer to the customer.

With new applications, device proliferation and cloud destined traffic patterns, companies are being forced to rethink the efficiency of this old model.  In today’s use cases, branches are simply exceeding the capabilities of these traditional connections and new technology makes moot paying the premium for point-to-point dedicated lines.

In fact, Tech Target findings note that 80% percent of a company’s staff reside in a branch or satellite office environment.  This new paradigm completely upturns the traditional thinking of budgeting the majority of your traffic within a LAN and only reserving the WAN for incidental traffic.  Furthermore, backhauling cloud and guest traffic over expensive MPLS pipes, only to then send it to the Internet creates unnecessary expense and latency. And as traffic volumes explode with cloud, video and other apps, costs for dedicated MPLS lines skyrocket and the user experience suffers.   For many global companies, relying solely on MPLS lines has simply become an unsustainable model.

With the Internet’s significant evolution in terms of performance and reliability in the last 10 years, it now holds the potential for the most efficient and effective path for the oncoming flood of data.

The Intelligent WAN

Today, many customers are looking to move from MPLS to Internet to significantly lower costs. However, prior to making this shift, one needs to  have a validated strategy to navigate some of the lingering potholes of the Internet.  While the Internet can be a high performance transport, it still has more variance in reliability than most businesses can tolerate – typically an average downtime of around 9 hours a year. Clearly, no CIO can afford the wrong nine hours of downtime – it can be devastating to the business.  Not to fear, with the right tools and designs there are proven ways of achieving the five 9’s of uptime – using nothing but internet.

To create uncompromised user experience independent of the connection used, companies must move beyond basic routing, and adopt advanced applications services and security. Enterprises not only need be able to route their traffic through lowest cost path, but also to make intelligent decisions regarding these choices to each specific state.  In other words, they need to have up to date visibility of the number and type of applications from the branch to set policies and make real time decisions on application priority, security, delay, loss, and jitter for a host of critical traffic types based on each specific time, condition and profile.

Cisco’s Intelligent WAN (IWAN), powered by the ISR-AX router, offers a suite of capabilities that help IT visualize, optimize an secure traffic to directly address the challenges for supporting a hybrid WAN.  The ISR-AX is the branch router that provides these comprehensive “Application Experience” services through an all-in-one platform.   The three principal considerations of the IWAN architecture should to be:  availability, performance and security.   These three components need to work in concert regardless of transport design and provide operational simplicity, scalability and modularity within the network.

Availability – Getting to the five 9’s

46 percent moving to internet as wanInternet can not only augment an existing branch’s connectivity, but can also serve as the only connectivity an Enterprise uses at remote sites.  A recent study by Nemertes research in 2013 revealed that 46% of all enterprises in the study had already or planned on moving to the Internet as WAN.   And its no wonder; testing has shown that companies using Cisco ISR-AX at the branches with dual WAN paths using Performance Routing (PfR) features enabled can result the same levels of availability and reliability by using dual Internet connections as those companies that rely on dedicated MPLS lines.  The only difference?  A healthy reduction in telecommunication costs. PfR understands the traffic conditions across the WAN paths, and determines the best path based on application type. This improves application performance and network reliability – not to mention better utilizes your full WAN investment.

Performance  – Turbo charging your applications

The ISR routers also enable application visibility and control (AVC), quality of service (QoS), and application acceleration (also known as Cisco Wide Area Application Services or WAAS), to obtain the levels of experience and availability needed for enterprise level connectivity.

AVC provides the capability to both monitor thousands of applications without deploying expensive and difficult to manage probes, and then apply QoS based on the bandwidth and priority for critical applications.  This also provides IT with the tools to gain insight and control to the traffic to fine tune and manage the data streams.  With visibility to over 1000 applications, being able to prioritize traffic has given enterprises the ability to run business critical applications with up to 70% reduction in bandwidth.  Moreover, by off-loading the Corporate WAN by breaking out Internet traffic directly at the branch improves performance for the growing number of public cloud applications, and provides both guests and office workers with experience they are used to outside of the office.

Furthermore, once the most pertinent applications have been identified, then WAAS (Wide Area Application Services) can be used to turbo charge those applications that are put the largest strain on the pipeline.

Security – The fortress in the cloud

Of course the thought of having employees pushing traffic through generally available broadband access raises a big red flag for security conscious enterprises.  The first question inevitably is:  am I exposing these customers to security threats?  The capability of providing strong encryption becomes increasingly important to protect information from intrusion.

As you would expect, the ISR-AX offers an extensive set of security capabilities in an integrated form factor – finally giving us the ability to enable rich services in the branch environment, without compromising on the security and without the need to deploy any additional appliances.  To enable secure connectivity across a hybrid WAN model, IT can easily scale with Cisco Dynamic Multipoint VPN (DMVPN). This enables companies to mix and match different transport options, giving network designers maximum design flexibility with a single secure network domain for ease of management.

In addition, IWAN provides a comprehensive threat defense solution at the branch offices and in the cloud — both are paramount to ensure that your organization is not exposed to security breaches. At the branch, Cisco zone based firewall ensures all branch endpoints are protected from malicious threats. And, in the cloud, Cisco Cloud Web Security (CWS) offers a centralized location in the cloud that enforces URL policies as well as protect from Internet malware and viruses.

Cisco’s recent acquisition of SourceFire now also provides the industry’s best security in the form of Advanced Malware Protection (AMP).   There will be a deep dive discussion specifically on the fundamentals as well as deployment principles of this by Cisco experts on May 8th.  You can register for this free webinar here.

IWAN Outline

This combination of software and horsepower from the Cisco ISR-AX branch router enables IT to build an Intelligent WAN that helps deliver a great application experience over any connection without compromising performance, reliability or security. Even better, it has steadily delivered payback within 6-12 months on its investment.  It’s time to consider cutting the MPLS cord.  Explore your options for  how you can get more from your WAN investment with Cisco Intelligent WAN.


Vivek Kesaree

Marketing Manager

Enterprise Networks