[PDF]Transitioning to Hybrid WANe27e3a335301d5434f3f-2ad8a26a73e5b573a6c0e67440b8c173.r11.cf5.rackcdn.co...
0 downloads
142 Views
1MB Size
Transitioning to Hybrid WAN Manish Gupta – Intuit
Agenda § Traditional WAN
What
§ Cloud journey driving the WAN transformation
Why
§ Network UP & running during transition to hybrid WAN § Load-balance traffic between MPLS & Internet
How
Traditional WAN @ Enterprises
North Internet
MPLS is a perfect choice: o
When applications lives in the data center
o
Predictability
o
Reliability
o
Privacy
Front End (Non Trusted) Web
o
Very Expensive
o
No Control
o
Limited or Delayed Availability
Apps
dbase
Center Back Data End (Trusted) Data Center
But MPLS is also : Rigid
Front End (Non Trusted) dbase
Back EndWeb (Trusted)
MPLS-A
o
Apps
Site-A
Site-B
West
Legend
MPLS - B
Site-N
Internet MPLS MPLS
South East
Need to Operate at “Cloud Speed” As apps move to the cloud… • MPLS backhaul limits performance • Users frustrated with sluggish apps
Internet
• New sites take months to connect Branch
Branch
• Adds/moves/changes take too long MPLS
• Cannot see & control all apps
MPLS
DataData Center Center
Branch
Branch
• Costs go through the roof Branch
Branch
The WAN Transformation North Internet
Internet
Legend
MPLS MPLS
Front End (Non Trusted) Web
Apps
Front End (Non Trusted) dbase
Back EndWeb (Trusted)
Apps
dbase
Center Back Data End (Trusted) Data Center
MPLS - B
MPLS-A
Front End (Non Trusted) Web
Apps
Front End (Non Trusted) dbase
Back EndWeb (Trusted)
Site-A
Site-B
Site-N
Apps
dbase
Center Back Data End (Trusted) Data Center
South East
West
Keep The Network Running
✓
“Transit” Site-C
✓ ✓
DIA
Site-A
✓
MPLS Site-B
✓
✓ Legend “Transit” Site-D
Internet MPLS
Wait a second. That’s was an end state. What about during transition?
Network Transformation During Transition “Transit” Site-C
DIA
MPLSB
MPLS-A Hybrid Site-A
MPLS Only Site-B
Legend “Transit” Site-D
Internet MPLS MPLS
Secure Enterprise Traffic Over Internet q UTM (Unified Threat Management) ü Security / Threat mitigation ü URL filtering / IPS / IDS ü Hardened security policies q Full mesh site-to-site overlays over Internet links q Full mesh site-to-site overlays over MPLS links
MPLS
Internet
Overlay over MPLS link
Overlay over internet link
Campus-A
UTM Campus-N
Branch-A
UTM
UTM Branch-N
DC
F E
B E DC
Internet
Legend
MPLS Overlay over Internet Overlay over MPLS
Load-Balancing Rules Over Hybrid WAN q Site to Site traffic (mission critical traffic) Ø Ø Ø
Primary path - Overlay @ MPLS transport Secondary path- Overlay @ Internet transport Backup path (Overlays failure) - Directly over MPLS transport
q Site to Site traffic (non-mission critical traffic) Ø Ø
Overlay over MPLS link
Overlay over internet link
Load-Balance – Both overlays @ MPLS & Internet transport Backup path (Overlays failure) - Directly over MPLS transport Campus-A
q Internet / Cloud bound traffic Ø Ø
MPLS
Internet
UTM Campus-N
Branch-A
UTM
UTM DC
Branch-N
F E
DC
Primary path – Directly over Internet transport Backup path (local Internet failure) – Re-route to transit site using MPLS transport Internet
Legend
B E
MPLS Overlay over Internet Overlay over MPLS
In Closing…... § Performance and Reliability § Security § Visibility and Control § ü ü ü ü § §
60%+ traffic is Internet bound à Improved experience Internet as transport à reliable Single Internet provider à SLA / QoS Overlay technologies à secure data Dynamic control à SD-WAN Huge cost saving à reduction in OPEX Faster Time-To-Market à delivery / availability
Thank you !