We have written in the past about the trombone effect or the implications of traffic backhauling on network security and the user experience. Backhauling is a way a network team is solving a security problem: providing secure internet access for all locations. Backhauling moves the traffic to a datacenter where firewalls are deployed and a secure Internet access is available. The obvious benefit is that there is no need to deploy a network security stack at each location – that would be the approach of the security team.
Which approach is better? In a survey conducted by Spiceworks, respondents were asked what approach they take to secure internet access at remote locations. The survey shows organizations are evenly split in implementing backhauling vs. local security stack.
Historically, the performance and cost hit associated with backhauling Internet traffic was limited because the use of Internet-based applications was limited. Backhauling had a better cost/performance vs. distributed security appliances. Backhauling also allowed for a single domain answer to secure direct internet access in branch offices. The networking team solved this problem with its resources without requiring collaboration with the security team (which managed the data center firewalls that covered ALL internet traffic for the organization).
A recent survey published by Webtorials, presents 2 key findings on WAN usage:
58% of respondents see public Cloud and internet traffic increasing both Internet and MPLS usage
50% of the respondents backhaul most of their Internet traffic over MPLS
The IT landscape is shifting. Backhauling is going to be severely challenged due to the massive increase in Cloud and Internet traffic. This increase will overload expensive WAN links (such MPLS) and make the negative user experience impact, the so-called Trombone Effect, more profound.
In the midst of this massive transition to Cloud which drives the need for secure internet access, SD-WAN technology had entered the scene. SD-WAN is using an “Edge optimization” approach to offload application traffic, that doesn’t require low-latency MPLS links to a “parallel” internet link. Using the edge for network optimization, cannot compensate for unpredictable latency of a routing traffic over an Internet connection (what we call the “middle mile”). As a result, customers always have to use MPLS links to address their low-latency applications.
One of the main drivers of SD-WAN is backhauling optimization: offloading Internet traffic from the MPLS link to an Internet link (as long as the Internet link behaves well). SD-WAN, in that context, is optimizing a network security approach that is not compatible with the increase in Cloud and Internet traffic that drives the need for a direct, secure, Internet access – everywhere.
Could there be other major benefits to deploying SD-WAN? The Webtorials survey ranked the the top 3 potential benefits of the technology as: “Increase Flexibility”, “Simplify Operations” and “Deploy new functions more quickly”. The authors noted that these are all soft benefits, with “reduced opex” showing up as a fourth benefit (likely a long term benefit as MPLS cost will remain fixed for the foreseeable future).
The risk for IT organizations is that they will double down on the wrong architecture. With the tradition of “silo decisions”, the goal of direct, secure internet access everywhere could remain out of reach, if networking teams continue to look for a networking way to solve a security problem.
We should think about this problem from our stated goal – backwards. We want:
– Direct, secure Internet access that
– With no backhauling
– and no local security stack
A new set of solutions are emerging to provide these capabilities. At a minimum, they can reduce backhauling, solve the trombone effect and secure Internet access. More broadly, they can offer an affordable alternative to MPLS links.
How will your Next Generation WAN look like? Will it evolve to accommodate the needs of the future or optimize the dated design of the past?