This article is more than 1 year old
While we weren't looking, the WAN changed
Maybe ISPs don't have to be dumb pipes after all
Sysadmin Blog: Wide Area Networking (WAN) solutions are not discussed enough in the tech press. We babble incessantly about consumer broadband, or some new top end fibre speed achieved in a lab, but this is merely a fraction of the story.
There is a very real revolution in WAN connectivity that is occurring right now, today. It goes largely unnoticed and largely undiscussed: in part because the complexities are difficult to understand, and in part because – let's face it – networking is pretty boring.
We carry smartphones around in our pockets every day. Servers have cool blinkenlights. TVs have all those pixels and we all have horror stories about storage that failed and ruined everything. These are tangible. You can wrap your arms around them. This gives us – as administrators and as end users – a sense of control.
This sense of control is important. Talking about WAN technologies means talking about telcos and other Internet Service Providers (ISPs). It means discussions about an area of IT – internet connectivity – that has become absolutely vital, but over which we feel we have no control.
For many of us, the price of WAN connectivity is the price. Rotary shopping the few providers available for a given location isn't going to net much difference. We have been trained for decades to simply hold our noses, eat what's put on the plate in front of us and pretend we like it.
Hybrid WAN technologies are changing this.
Let me start by saying VPNs over the public internet suck. They're a pig to set up, every now and again the hardware has back doors, they're often quite slow and they're at the mercy of the vagaries of public internet connectivity.
Latency and jitter are very real problems for real-time applications like voice and video, and anything over the public internet will experience spikes and variations in both. Peering spats between ISPs can and do cause throughput problems when different locations are on different ISPs.
In short, unmanaged public internet is not really a great choice when reliable connectivity (such as between different locations within an organization) is required. Even with a VPN to "hide" the traffic from the bad guys.
This is not news. Companies have used traditional managed services such as Multiprotocol Label Switching (MPLS) for years to solve this problem. ISPs providing traditional managed WAN services guarantee a given amount of throughput, latency and jitter conditions on links between locations.
There are downsides to traditional managed WAN connectivity. Remote locations send all their internet traffic through to the central (or regional) HQ. This worked fine when internet traffic was negligible, but as it increases the organisation has to buy more and more capacity, both at the individual sites and at the HQ(s).
This feeds into the other major problem of managed WAN connectivity: it is usually outrageously expensive.
The result of that is that organizations don't always directly interconnect all sites, but instead have smaller sites connect to larger ones, and larger ones interconnect amongst themselves. This can lead to packets taking a bit of a longer journey than ideal to get from one site to another. Something of a problem for real-time applications.
Everything about enterprise IT evolved around this. If internet access from individual sites is hauled back to a handful of central locations, then you can concentrate your defences in those handful of locations. You can also buy fewer pieces of expensive equipment (such as WAN optimisers) and install them centrally. Central IT is a lot easier than managing a bunch of stuff in each branch office.
Of course, things are never that simple. The public found out that the NSA is spying on everyone and this has caused the world to slowly start encrypting and properly defending everything. There's also this "cloud" thing, and it too is changing things.
Now instead of all organisational IT being handed out from the same central locations serving as nexuses for WAN communications, critical business services are simply delivered over the internet. These will almost certainly be encrypted and that encryption almost certainly won't be under corporate control. This is a very real problem for the WAN optimisers and various layers of security infrastructure that IT teams have traditionally relied upon.