Bridgeworks features in this article from Digitalisation World about the latest trend in WAN management and critical infrastructure security.
August 23, 2023
Wide Area Networks run the world. The most famous of which is the internet. Just about every person and organisation depends on it. Without the web, the world would just grind to halt; and that’s what can happen to individuals and organisations when they are blighted by network latency, packet loss and poor bandwidth utilsation.That music video of your favourite band on YouTube grinds to a halt when its affected by jitter; worse still, an organisation might find it impossible to continue their operations when their servers go down, due to a manmade or natural disaster. A hacking event or a ransomware incident, could grind everything to a standstill, leaving a company exposed for breaches of, for example, the European Union’s General Data Protection regulations, fines, lost customers and lawsuits.
Robert Sturt, Founder of Netify, writes in Forbes during 2022, ‘What To Consider When Identifying Your Company’s SD-WAN Needs’. He looks at what SD-WANs are and what they can replace. He also suggests that organisations need to examine their implementation and deployment strategies, as SD-WANs are cloud-first and they employ intelligent application routing across WANs. He also considers bandwidth and the optimisation of traffic. He argues that SD-WANs can help to select the optimal route for any type of traffic, based on configuration and policies. For other factors, organisations should consider include granular Quality-of-Service (QoS); DIY Vs. Managed SD-WAN; Private Backbone; Public Gateway Or VPN; Integration with Cloud Marketplaces; SASE and Added Security.
What he didn’t discuss, is why SD-WANs are often not enough. Yes, they are a great technology, but they can often also benefit from WAN Acceleration overlays. WAN Acceleration can also be deployed aside from any SD-WAN. So, how an organisation goes about boosting their WAN performance should consider more than just one technology to ensure that its data can travel across a WAN efficiently at speed, with latency as well as packet loss minimised, while maximising bandwidth utilisation. To find out how they can achieve a secure and highly performant WAN, organisations should conduct and audit and – where possible – conduct proofs of concept.
Before that, Davd Trossell – CEO and CTO of Bridgeworks – urges organisations to go back to basics. That means asking questions about what problems are impacting WAN performance or functionality. This is crucial because, as he explains, just adding SD-WANs or WAN Acceleration may not resolve the issues that are causing a drop in network performance and functionality. “Once we have these facts, we can now start to review the technologies in terms of how this will affect the key issues with the current WAN setup”, he explains.
Now, what’s the first tool that organisations tend to migrate to? SD-WANs. They are well publicised as the answer. As Trossell says, the hope is that they alone will solve all their issues. But can they? To a certain extent the answer is a resounding, “Yes” However, not every issue will be resolved with the implementation of SD-WANs. That doesn’t mean that SD-WANs aren’t a worthy technology. They are, but they may not resolve all of a company’s current issues.
The trouble is that there are many myths surrounding SD-WANs. Trossell explains: “First up, is will it solve latency issue? Well, latency is latency! It’s a fact of life and the greatest fixed constant in the universe – the speed of light. Nobody has found a method of increasing it, and latency is the biggest killer of performance. What is worse is if you add a small sprinkling of packet loss as well, it compounds the effect of latency. Typically, a 10ms of latency will rob you of 90% of your performance.”
Tuning WAN performance
He says that there are several options for tuning WAN performance that organisations could consider with SD-WANs. These include having layers of WANs, such as MPLS, a dedicated WAN connection to the internet or broadband. With these, you can define which WAN path, including a dedicated connection to the cloud, branch office or MPLS link to a head office, is required. Yet, he suggests that while broadband connections may be attractive and offer lower costs, they are often prone to congestion, reliability issues and adverse changes in latency. The greater the distance, the greater the latency with broadband connections.
Despite these challenges, there are resolutions that can help to mitigate the effects of latency and packet loss. They enable the intelligent routing of data to prioritise traffic on these links. One of the most common techniques for this is deduplication. Trossell explains: “This works extremely well with files or data that are compressible or traverse the WAN frequently. However, this does not work well with encrypted or pre-compressed files, such as pdf files. As many organisations now have a policy of encrypting traffic over their LAN, this is going to negate any benefit from data deduplication when the files traverse the WAN.”
All organisations have time-sensitive data, or data that has a higher level of importance. He says this includes reconciliation back to the Head Office and this is where a Quality-of-Service (QoS) option may be advantageous. It’s very much like a traffic policeman’s car forcing all vehicles other than your own out of the way, as it speeds to the scene of an accident. The trouble is that IT estates aren’t static, they are always changing because new users, new offices, new data flows, cloud migrations and offside back-ups all demand changes to SD-WAN setups.
Building skills and efficiency
Trossell stresses that while SD-WANs are easy to setup and deploy, “…it still takes time to build these skills and maintain the efficiency of the configuration. It’s about time these SD-WANs incorporated AI to lessen the burden on the network administrator. That said, SD-WANs have been a great step forward for WAN management.” He adds: “With the constant need to transport data over WANs over increasing distance, as we move data around the world for processing, two factors need to be addressed: speed and security.”
Latency and packet loss are the most critical factors to address. If organisations fail to address them, they will not see an exponential increase in WAN performance, nor increase their bandwidth utilisation with their existing WANs. By mitigating them, it’s possible to maximise WAN performance – even at higher speed bandwidths, which Trossell says are now available to organisations at more sensible prices than in the past.
The trouble is that most customers are only obtaining a fraction of the data and traffic throughput over their existing WANs – wasting money (ROI), as they are not able to fully utilise their existing bandwidth to its fullest. This increases the time it takes to transfer and receive data. A consumer might become frustrated by a slow YouTube link, so a slow WAN can be costly because time is money in business.
He adds: “Whilst deduplication can be employed within the SD-WAN appliance to give a level of performance increase, this tends to be at the lower WAN bandwidths. This is because as we increase the WAN bandwidth, we start to consume more and more CPU and memory cycles managing the deduplication process.”
“I’m a great fan of SD-WANs they provide great flexibility and the auto roll-out is a great bonus to travelling around updating routers and firewalls. But they do have their limitations and maximising the throughput is one of the major issues. To release the full performance of the WANs, we need to tackle the to two factors that seriously affect performance: Latency and Packet Loss. The technology that addresses these two issues head on is WAN Acceleration.”
WAN Acceleration camps
He says WAN Acceleration falls into one of two camps: Those that use UDP and those that use TCP/IP to transfer data over the WAN. Organisations can use TCP/IP as an Accelerator if that is the cause of the problem. He adds: “The UDP products tackle the latency issue by bypassing TCP/IP and just firing our UDP packets as fast as they can. However, packets will be lost and it is up to the source and destination programs to sort out what went missing and resend them.”
He finds that the downside of this is that it takes up memory and CPU cycles. This limits the bandwidth capability, and they create their own cut-down version of TCP/IP.
As for TCP/IP, there are usually several virtual connections opened between the source and the destination. Transmission begins when the first connection is made, and after it receives the acknowledgement (ACK) signal. It can then send more data along the second connection, and so on until the pipe has been filled up to the point of reaching the maximum capacity of the WAN.
The benefits of this approach include a low CPU and memory overhead because he explains that it – makes use of the new network cards. They offload tasks from the CPU. “These can scale to 80Gb/s and above, and with all that spare CPU and memory we now have, we can add Artificial Intelligence to manage the whole process including packet loss mitigation”, he explains.
WAN Acceleration: data agnostic
WAN Acceleration is comparatively data agnostic. What does this mean? The performance of WAN Acceleration products, such as PORTrockIT, is not governed by the deduplication ration. The data is not manipulated in any way. It can be received in any form: compressed or encrypted. No data is touched, and time to transfer is repeatable. All this is achieved without agents on the servers or clients. As a process, it’s totally transparent, opines Trossell.
When we combine SD-WANs and WAN Acceleration, he suggests that “we have a much more powerful solution because time-sensitive data transfers, such as offsite backup, recovery and data distribution, can now be achieved with encryption”. Together they can enable cross-site backups to reduce the cost of cloud-based solutions – even across continents.
He elaborates: “Even though we have the best solution when we combine WAN-Acceleration with SD-WAN, there is a limitation with this solution and that is the throughput performance of SD-WANs devices. Currently, there are few SD-WAN devices that have capability over 10Gbs.”
Data type, data usage and performance
When considering how to improve and maximise WAN performance, he concludes by saying that there is a need to consider the data type, the data usage and the performance requirements of the organisation and its WANs. Measuring latency is of no consequence to an individual watching YouTube, but it is to an international organisation. So, when data becomes more critical to organisation’s operations, the need for measuring latency increases.
By taking latency and packet loss into consideration, organisations can apply solutions to maximise WAN as well as data performance and bandwidth utilisation. WAN Acceleration is great to have when organisations move up into the high bandwidths with more performance requirements over WANs that suffer from higher latency. He concludes that with even higher performance requirements – where we are talking 10Gb or multiples and higher solutions – organisations then need to deploy WAN Acceleration direct access across the WAN ( via firewalls). Key to this determination is the identification of needs.
Click here to read the article on Digitalisation World.