Working at ThousandEyes I frequently talk to customers looking to move away from MPLS wide area networks to direct internet access (DIA), typically as part of a branch/edge router refresh and often incorporating cloud proxy and SD-WAN technologies. The success of these network transformations generally depends on uncovering issues related to a greater reliance on 3rd parties for application delivery early on, creating proof points with impartial data and enabling workflows to proactively manage such issues. This two part blog seeks to cover some of the reasons why companies are making this shift; the journey to SD-WAN; the pitfalls in these upgrade projects; and how to use wide area network monitoring techniques and data to avoid them and ensure your project is a success.
At ThousandEyes we get to work with companies who have some of the most complex networks out there. In fact, the more complex and distributed your WAN is the more important it is to change your approach to wide area network monitoring. With the goal of simplifying the user experience the network itself is being asked for a lot more; more scale, more integration, more services. So it’s always interesting to see how our customers are responding and how that’s altering their WAN architectures and wide area network monitoring strategies.
I’ve met with a number of customers in recent weeks who all seem to be making very similar decisions about what their modern WAN will look like. Until recently the corporate standard for most companies has been MPLS which allows them to scale effectively, linking multiple diverse geographic locations over a private network wrapped in an SLA. MPLS provides prioritisation of traffic and end-to-end QoS to confidently run latency-sensitive services such as voice or video. With MPLS, responsibility for maintaining a good service lies with the supplier and it continues to be a robust connectivity choice for many companies. However, there are some important reasons why more organizations are dropping MPLS in favour of direct Internet connectivity.
Why Migrate: Cost and User Experience Considerations
Saving money is a big driving factor for reducing usage of MPLS. Historically MPLS has carried a premium for the SLA associated with guaranteed bandwidth and Quality of Service. With the increasing speed and availability of Internet access there is now an alternative. But cost isn't the only reason companies are moving away from MPLS.
In a traditional MPLS-based private network, branch offices are connected directly over the backbone to company data centres. The assumption here is that most traffic is accessing applications that sit in the data centre, but increasingly this is no longer the case. Cisco states that 77% of all corporate traffic now flows over the Internet and 92% of all enterprise workloads will be processed in cloud data centres by 2020.
Cloud networks have also changed to better serve a global customer base. Below we can see how Salesforce has invested in their backbone over the last 3 years, pushing their edge closer to customers to improve network performance and availability.
In legacy networks, branch office traffic typically breaks out to the internet at the data center, sometimes in only one location. In a world where most applications sit in the cloud this is inefficient from a network design perspective and doesn’t take advantage of the distributed edge of cloud platforms. In a traditional WAN, for a US headquartered company, users in Europe and APAC would be backhauled over the corporate network to the US where they breakout to the Internet and hit the cloud provider’s US network edge. This is not ideal if the cloud provider has a presence in Europe and APAC, far closer to the user.
As more traffic moves to the cloud, workloads have become more bandwidth intensive and latency sensitive. Also users expectations are higher. Adding extra latency means users will have issues with slow page load times, call and video quality.
The modern branch office architecture features local Internet breakouts via regional ISPs. This reduces latency to SaaS applications, reducing the need for MPLS. DIA means better user experience and more flexibility when choosing what applications can be moved to the cloud.
The Journey to SD-WAN
Often, as part of their network review, customers are also evaluating SD-WAN, or at least considering it as part of their wider networking strategy. SD-WAN is a technology that promises cost savings and operational agility through the ability to centrally select the optimal network route based on policy-informed algorithms offered by the SD-WAN vendor. This capability means customers can opt for lower cost dual Internet circuits as a replacement for MPLS and deploy both links in an active-active configuration with the algorithms making intelligent routing decisions to optimize quality. Common vendors include Cisco Viptela, Silver Peak and Aryaka.
Although SD-WAN is a compelling technology and typically features at some stage in a WAN transformation, it is not always in the first phase. Many companies start with using policy based routing to split traffic between Direct Internet Access (DIA) for SaaS applications and VPN tunnels for those still hosted in the data centre. At this stage it is also common to take advantage of a cloud-based secure web gateway (SWG) such as Zscaler, Forcepoint or BlueCoat.
Wait, There’s More in Part 2!
I’ve covered some of why you might want to migrate away from MPLS, and some considerations around SD-WAN. In an upcoming blog post around this same topic, I’ll cover the growing pains of migrating to Direct Internet Access and how wide area network monitoring needs to evolve. If you’d like more on our take on the network monitoring for the modern WAN, feel free to check out our Network Intelligence for the Modern Enterprise WAN eBook.