In-Depth
How Device Consolidation Benefits Your WAN Infrastructure
When it comes to WANs, look for the weakest link.
by Marc Goodman
Small and midsize enterprises (SMEs) often find that complexity and cost make WAN infrastructure provisioning a daunting task. Without a consolidation strategy, IT equipment can become a significant area of unnecessary budget expenditures, from multiple equipment purchases with redundant features to underutilized equipment. As network equipment infrastructure complexity increases, substantial overhead is required for skilled resources to manage it, rack space to house it, and power to run it. However, these issues can be solved through device consolidation. Although WAN infrastructure complexities and the associated costs can affect any IT organization, SMEs are especially sensitive to these issues as their budgets and resources are considerably smaller.
The rule of "weakest link in the chain" applies to the purchase of network devices and their relative performance. For example, if a company purchases a firewall capable of handling 50 Mbps of throughput, and a WAN link load balancer capable of handling 1 Gbps of throughput, it essentially paid 950 Mbps too much for the load balancer. Add several devices (such as a traffic shapers or VPNs) and whatever device handles the least amount of throughput will be the element that restricts overall performance. Therefore, for every device that has throughput levels higher than that of the least-capable device, the highest throughput cannot be utilized.
Complexity within the WAN infrastructure can directly affect network performance, the ability to react and adjust to adverse performance changes, and can even cause a network to go down. Most WAN infrastructure devices are located in-line with the traffic flow. Stringing together an ISP aggregator, intelligent link load balancer, firewall, and traffic shaper within a redundant WAN infrastructure can create a quagmire of redundant cross-connections.
The devices need to be chained so they are within the traffic flow, and this must be done in such a way that if any of the elements were to fail, the traffic would be diverted to the secondary device without disrupting upstream or downstream flows. Although this can be accomplished through dual-homing interfaces, NIC teaming, NAT, floating IP address schemes, etc., it can be complicated and difficult to troubleshoot.
Adding Up the Cost
When adding up the cost of multiple, diverse types of equipment, organizations often discover that the costs for multiple devices do not match the size of their budgets. An organization may need to choose between an inexpensive device with very limited functionality and an expensive device with a high degree of functionality. An organization might purchase a simple dual WAN router for several hundred dollars. A dual WAN router uses simple policy to "route outbound-only traffic" over one of two lines. There is no intelligence in the technique and no method to avoid or minimize congestion. A dual WAN router does nothing in terms of load balancing and failover for inbound traffic. If a link goes down, all users within the LAN will be unable to connect to the WAN.
On the other hand, a WAN Optimization Controller (WOC) specializing in intelligent WAN link aggregation, load balancing and failover will combine multiple WAN links into what is effectively one large network connection. Alternatively, the WOC uses bandwidth aggregation to maintain WAN and ISP links separately and allocates Internet traffic across them.
These WOCs can automate both inbound and outbound link load balancing and failover, and some devices can also provide for site failover and fallback. Larger enterprises have enjoyed the benefits of this technology first; however, these devices are now affordable and available to the SME market.
Multi-homed networks are becoming increasingly popular because they provide networks with greater reliability and higher performance. ISPs and large enterprises have multi-homed for years using Border Gateway Protocol to connect to multiple Internet backbones, requiring that ISPs cooperate with each other and set up "peering" agreements between routes. BGP requires expensive routers, designated address blocks, and an Address Space Number (ASN), which are sometimes not available to small businesses. BGP also requires that gateway hosts exchange dynamic routing tables, which must be constantly synchronized and which can lead to delays of up to 30 minutes in changing the traffic direction.
A WOC specializing in WAN link aggregation accomplishes multi-homing by using Network Address Translation (NAT) to unify traffic coming from and going to different destination IP addresses on the Internet. WOCs can achieve outgoing and incoming load balancing and failover without defining BGP routing tables or utilizing any of the underlying complicated routing techniques, which makes them an exceptional value for SMEs.
Device Consolidation Benefits SMEs
Through device consolidation and combining the functionality of several stand-alone, single capability devices into one multi-function device, an SME's IT department can address multiple issues related to network complexity, over-provisioning, and cost.
Figure 1: A multi-function WOC with built-in link load balancing,
QoS policy management, VPN gateway, and firewall.
WAN infrastructure device consolidation brings together a network firewall and WAN link load balancer. Until recently, firewalls and WAN link load balancers were separate devices, yet they were increasingly being deployed next to each other. They both provided necessary services to a WAN infrastructure, with the WAN link load balancer providing link load balancing and failover for reliability and performance, directing traffic among multiple and diverse WAN and ISP links.
Today, WAN link load balancing vendors are beginning to bundle firewall capabilities into their devices. There is only one redundant system to configure, and managing and securing WAN traffic is much easier through a single interface..
Device consolidation continues to expand as technology integration becomes more efficient and solutions become commoditized. VPN devices, which once enjoyed a rapid popularity within the headquarters, are rapidly becoming commoditized and bundled within other network devices. Although they are useful as standalone solutions, the benefits don't always make up for the cost and complexity of their deployment.
WAN link load balancing and failover also help to consolidate multiple, diverse WAN and ISP links. For example, an organization may have two 768 Kbps DSL links that can be combined for a total aggregated bandwidth equivalent to a T1 at a fraction of the cost. SMEs can add lower speed links such as xDSL, cable, wireless, and others with a relatively small increase in cost that can more closely match their needs. In addition to receiving more cost-effective bandwidth, companies are dramatically increasing the reliability of the WAN network due to the new levels of redundancy through the aggregation of multiple Internet links.
Today, VPN security is being bundled within WAN link aggregation controllers. By adding VPN security into a WAN link aggregation device, the cost associated with VPN security is significantly reduced, while added value is brought to the WAN link load balancer.
WAN link load balancing and failover, firewall, VPN security, and other functionality are becoming integrated within a single device called a WAN Optimization Controller. It is easier to manage traffic flows and redundancy with a single redundant pair of devices than with several pairs of disparate equipment. If there is a single device, there will be less concern over paying for performance capabilities that would otherwise be unused by the lowest capacity device within the flow of traffic.
Marc Goodman is the director of marketing at Ecessa, a manufacturer of advanced WAN Optimization products that provide WAN and ISP link aggregation, intelligent WAN link load balancing, failover, QoS and VPN load balancing and failover within a single device. You can reach the author at info@ecessa.com.