Story image

Silver Peak on how SD-WAN makes regional hubs a reality

26 May 17

Debate has raged on for decades over WAN architecture. Hub-and-spoke or fully distributed mesh, which is better? 

Hub-and-spoke networks are certainly simpler to design and manage, but the downside is that all branch traffic needs to be backhauled through a central location. Consider an Australian-based company with a branch office in Japan where a user is trying to access a local website. The traffic would need to go from the branch, back to Australia, back to Japan, and then back to Australia, only to be sent off to Japan yet again.

This clearly represents an enormous waste of bandwidth and resource, not to mention impaired user productivity.

Yet a hub-and-spoke design does have advantages, most notably that all security services can be located in the centralised hub. This means all traffic can be inspected and secured at a single point in the network. The hub-and-spoke design also streamlines other tasks like web filtering, load balancing and caching because all Internet traffic passes through a single location.

A fully distributed mesh architecture enables users to access the Internet directly from any branch office, which significantly improves the performance of SaaS applications and enhances productivity.  Because of this, the WAN only carries traffic between the branch and the data centre. 

Also, branch-to-branch connections can be created for more efficient peer-to-peer applications, like video conferencing. The downside, is the complexity of provisioning network services.  Each branch office requires its own firewall, IPS system, load balancer, etc. Resident branch services can be deployed as a standalone appliance, virtual service or part of a multi-function appliance, but network managers require the functionality at the point of egress.

So on one hand there’s the combination of simplified management, but inefficient use of bandwidth.  On the other hand there’s more efficient use of the network, but operational complexity goes through the roof. What if there were a better way?  A best of both worlds solution perhaps.  Well there is, and it’s called regional hubs.

Best of both worlds

The concept of a regional hub is that branches are organised into logical ‘regions’ and they connect back to a hub location that is within a certain proximity that makes sense for that group of locations.  For example, an Australian-based business might have a hub in Sydney, as the primary connection point to trans-Asian connections. Or a globally distributed organisation might use Germany as its regional hub for its European locations. In a sense, this architecture is a set of distributed hub-and-spoke sites.

All network and security services can be placed in the regional hub so that branch traffic can be efficiently backhauled a short distance away.  The only branch office requirement is a broadband connection (or two for resiliency) and a low cost termination device. Historically, the regional hub wasn’t feasible as the configuration and ongoing management wasn’t any easier than a fully distributed architecture.

However, SD-WAN solutions now make this easy to set up and manage.  For example, Silver Peak recently announced enhancements to the Unity EdgeConnect SD-WAN solution,  which now integrates a stateful firewall, SD-WAN, WAN optimisation, BGP routing and other network services.

Regional hub implementation simplified

An SD-WAN makes regional hubs possible because it operates as an overlay. This enables distributed businesses to connect all the sites to the Internet and then applies automated policies, wherever required and in alignment with business intent.  One of the most significant benefits of using an SD-WAN overlay is that the architecture can be changed without a significant amount of manual overhead. 

For example, using the latest technology, if there’s a region that has grown and there’s a need to split it into two regional hubs, it is possible simply to deploy another appliance and point the desired branches to it.

Regional hubs are for everyone but when an SD-WAN is deployed, it’s important to look at the underlying architecture and use the agility of the overlay WAN to design a network that is right for the business.

Article by Zeus Kerravala, founder and principal analyst with ZK Research.

The new world of edge data centre management
Schneider Electric’s Kim Povlsen debates whether the data centre as we know it today will soon cease to exist.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
SUSE partners with Intel and SAP to accelerate IT transformation
SUSE announced support for Intel Optane DC persistent memory with SAP HANA.
Inspur uses L11 rack level integration to deploy 10,000 nodes in 8 hours
Inspur recently delivered a shipment of rack scale servers of more than 10,000 nodes to the Baidu Beijing Shunyi data center within 8 hours.
How HCI helps enterprises stay on top of data regulations
Increasing data protection requirements will supposedly drive the demand for Hyper-Converged Infrastructure solutions across the globe.
Vodafone and PNSol champion new ‘invisble network’ broadband project
"As an industry, we've increased the speed of broadband to one gigabit and beyond, which is a remarkable achievement, but we now have to look beyond speed."
Top 3 cloud computing predictions – what’s in store for 2019?
Virtustream's Deepak Patil shares his predictions for how cloud computing will evolve in 2019.
Rubrik welcomes $261m funding for new market expansion
The company intends to use the funds from new investor Bain Capital Ventures will go toward future innovation and expansion.