Saturday, June 15, 2024

Back Away From the (network) Edge: How cloud-based WAN Optimization can Finally Free Enterprises From MPLS

For years, SD-WAN edge appliances have helped organizations optimize their WANs by balancing performance, traffic priorities, limited MPLS bandwidth, and cost. This balancing act, however, requires an edge appliance at each end of the traffic flow to prioritize, cache, deduplicate, and compress traffic.

With increasing use of cloud-based infrastructure, requiring an edge appliance in the cloud becomes a major headache. New SD-WAN as a Service (SDWaaS) solutions represent the next phase of WAN optimization and SD-WANs, providing SD-WAN as a cloud service that eliminates the need for costly MPLS bandwidth, and by extension, WAN optimization appliances.

MPLS links: reliable…and reliably expensive

 With their efficient routing and low packet loss, MPLS services have been the mainstay of enterprise WANs. Great for remote desktops and other loss-sensitive applications, MPLS services charge a premium for bandwidth. But as the bandwidth requirements for applications have grown and more bandwidth consumed by often non-critical Internet services, bandwidth costs have become an increasingly pressing issue for many enterprises.

The big problem for MPLS services has been two-fold. One, the capacity or the rate of data that could be sent in a session across a global network. The interaction of distance and packet loss conspired to undermine throughput even when locations are connected by access services with large amounts of bandwidth.

WAN optimization devices provided some relief. Through the use of compression and data deduplication, WAN optimization devices made better use of the data that could be sent. And with application-layer proxying and caching, WAN optimization devices were able to minimize the effects of latency, which also helped improve TCP capacity and the user experience

WAN optimization no longer needed?

But as the WAN has changed there’s been increasingly less of a need for these capabilities. Content delivery networks (CDNs) and the distributed, geographically-redundant nature of major SaaS platforms have continued to push the data closer to the user. With the data closer, there are fewer hops and thus less latency, reducing the need for the latency-reduction techniques of WAN optimization.  Coupled with the use of large, inexpensive broadband pipes, available capacity grew, reducing the need for deduplication and compression.

The first-generation SD-WANs, implemented by edge appliances, overcome MPLS bandwidth problems by offloading MPLS services using broadband Internet access services. Routing non-critical application traffic across the Internet saved on MPLS bandwidth. Overall, the SD-WAN provided to be a great step forward in maximizing WAN usage.

But SD-WAN appliances ran into their own problems. As they required physical infrastructure to be installed on the network edge, SD-WAN appliances where inherently limited to improving only the performance and cost-effectiveness of traffic which stays entirely within the WAN.

Workflows which depend on cloud-based tools (e.g. Dropbox, Azure, Office 365, Google Apps) bump up against the reality that their data won’t be prioritized above anyone else’s.  And if cloud applications are to be optimized, appliances also need to be installed in the cloud, something that’s often difficult if not impossible.

SDWaaS: WAN optimization from above

The first-generation SD-WANs were designed to augment MPLS but they could never replace the service. They still relied on MPLS to carry latency- and loss-sensitive applications, particularly across global networks. Coupled with the fact that SD-WAN required devices to be installed in or near the cloud resources, it’s easy to see why SD-WAN has had to evolve.

The next-generation of SD-WAN, SD-WAN as a service (SDWaaS), do away with the dependency on a private MPLS backbone and provide a cloud-ready solution.

Here’s what makes these solutions work:

  • A global, SLA-backed backbone fed by multiple global Tier 1 IP transit providers which enables reliable and consistent worldwide connectivity at a more affordable price point. Now, branch locations can connect to each other and to central datacenters via the cloud and enjoy the bandwidth of the high-quality last-mile Internet, as well as the lower latencies and packet loss rates associated with MPLS. Throughput optimization (via TCP Proxy) occurs within the backbone, while application QoS prioritization and PBR takes place at the last-mile link to the cloud.
  • Several points of presence (PoPs) strategically placed to provide optimal egress to key cloud service infrastructures, such as Microsoft Azure, AWS, Office 365, and Dropbox. This greatly improves the performance of SaaS by minimizing the latency and packet loss.
  • A full network security stack integrated into the SDWaaS backbone. Since WAN connectivity and security are fully converged in the cloud, network security appliances such as IPS and next-generation firewalls don’t need to be deployed at each remote location to ensure secure direct Internet access.

SDWaaS solutions eliminate the need to backhaul WAN traffic to a central datacenter, thereby solving the problems like trombone routing and saturated MPLS links. Since the network edge effectively moves to the cloud, SD-WAN platforms reduce the complexity, risks, and cost for enterprise networks – all while achieving even better WAN optimization.


Latest articles

Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these...

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a...

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.Resecurity...

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million...

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery...

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection...

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.The...

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles