Transitioning to Hybrid WAN

---

Transitioning to Hybrid WAN Manish Gupta – Intuit

Agenda §  Traditional WAN

What

§  Cloud journey driving the WAN transformation

Why

§  Network UP & running during transition to hybrid WAN §  Load-balance traffic between MPLS & Internet

How

Traditional WAN @ Enterprises

North Internet

MPLS is a perfect choice: o 

When applications lives in the data center

o 

Predictability

o 

Reliability

o 

Privacy

Front End (Non Trusted) Web

o 

Very Expensive

o 

No Control

o 

Limited or Delayed Availability

Apps

dbase

Center Back Data End (Trusted) Data Center

But MPLS is also : Rigid

Front End (Non Trusted) dbase

Back EndWeb (Trusted)

MPLS-A

o 

Apps

Site-A

Site-B

West

Legend

MPLS - B

Site-N

Internet MPLS MPLS

South East

Need to Operate at “Cloud Speed” As apps move to the cloud… •  MPLS backhaul limits performance •  Users frustrated with sluggish apps

Internet

•  New sites take months to connect Branch

Branch

•  Adds/moves/changes take too long MPLS

•  Cannot see & control all apps

MPLS

DataData Center Center

Branch

Branch

•  Costs go through the roof Branch

Branch

The WAN Transformation North Internet

Internet

Legend

MPLS MPLS

Front End (Non Trusted) Web

Apps

Front End (Non Trusted) dbase

Back EndWeb (Trusted)

Apps

dbase

Center Back Data End (Trusted) Data Center

MPLS - B

MPLS-A

Front End (Non Trusted) Web

Apps

Front End (Non Trusted) dbase

Back EndWeb (Trusted)

Site-A

Site-B

Site-N

Apps

dbase

Center Back Data End (Trusted) Data Center

South East

West

Keep The Network Running

✓

“Transit” Site-C

✓ ✓

DIA

Site-A

✓

MPLS Site-B

✓

✓ Legend “Transit” Site-D

Internet MPLS

Wait a second. That’s was an end state. What about during transition?

Network Transformation During Transition “Transit” Site-C

DIA

MPLSB

MPLS-A Hybrid Site-A

MPLS Only Site-B

Legend “Transit” Site-D

Internet MPLS MPLS

Secure Enterprise Traffic Over Internet q UTM (Unified Threat Management) ü  Security / Threat mitigation ü  URL filtering / IPS / IDS ü  Hardened security policies q Full mesh site-to-site overlays over Internet links q Full mesh site-to-site overlays over MPLS links

MPLS

Internet

Overlay over MPLS link

Overlay over internet link

Campus-A

UTM Campus-N

Branch-A

UTM

UTM Branch-N

DC

F E

B E DC

Internet

Legend

MPLS Overlay over Internet Overlay over MPLS

Load-Balancing Rules Over Hybrid WAN q  Site to Site traffic (mission critical traffic) Ø  Ø  Ø 

Primary path - Overlay @ MPLS transport Secondary path- Overlay @ Internet transport Backup path (Overlays failure) - Directly over MPLS transport

q  Site to Site traffic (non-mission critical traffic) Ø  Ø 

Overlay over MPLS link

Overlay over internet link

Load-Balance – Both overlays @ MPLS & Internet transport Backup path (Overlays failure) - Directly over MPLS transport Campus-A

q  Internet / Cloud bound traffic Ø  Ø 

MPLS

Internet

UTM Campus-N

Branch-A

UTM

UTM DC

Branch-N

F E

DC

Primary path – Directly over Internet transport Backup path (local Internet failure) – Re-route to transit site using MPLS transport Internet

Legend

B E

MPLS Overlay over Internet Overlay over MPLS

In Closing…... §  Performance and Reliability §  Security §  Visibility and Control §  ü  ü  ü  ü  §  § 

60%+ traffic is Internet bound à Improved experience Internet as transport à reliable Single Internet provider à SLA / QoS Overlay technologies à secure data Dynamic control à SD-WAN Huge cost saving à reduction in OPEX Faster Time-To-Market à delivery / availability

Thank you !