Cisco’s announcement earlier this month that it will add the Viptela SD-WAN technology to the IOS XE software running the ISR/ASR routers will be a mixed blessing for enterprises.On the one hand, it brings SD-WAN migration closer to Cisco customers. On the other hand, two preliminary indicators — one-on-one conversations and Cisco’s refusal to participate in an SD-WAN test — suggest enterprises should expect reduced throughput if they enable the SD-WAN capabilities on their routers.Cisco’s easy migration to SD-WAN
By including the SD-WAN code with IOS XE, Cisco will provide a migration path for the more than one million ISR/ASR edge routers in the field. There’s been a lot of conversation as to whether or not SD-WAN is going to kill the router performance. Delivering SD-WAN code on the ISRs is Cisco’s answer: routers are here to stay but they’ll morph into SD-WAN appliances.To read this article in full, please click here
Cisco’s announcement earlier this month that it will add the Viptela SD-WAN technology to the IOS XE software running the ISR/ASR routers will be a mixed blessing for enterprises. On the one hand, it brings SD-WAN migration closer to Cisco customers. On the other hand, two preliminary indicators — one-on-one conversations and Cisco’s refusal to participate in an SD-WAN test — suggest enterprises should expect reduced throughput if they enable the SD-WAN capabilities on their routers.Cisco’s easy migration to SD-WAN
By including the SD-WAN code with IOS XE, Cisco will provide a migration path for the more than one million ISR/ASR edge routers in the field. There’s been a lot of conversation as to whether or not SD-WAN is going to kill the router performance. Delivering SD-WAN code on the ISRs is Cisco’s answer: routers are here to stay but they’ll morph into SD-WAN appliances.To read this article in full, please click here
The enterprise wide area networks are mission-critical resources for most enterprises. And when it came to managing and running the WAN, enterprises could choose between two distinct models: Do it Yourself (DIY) or managed WAN services. But with the evolution of SD-WANs, we’re seeing a new type of telco solution that merges elements of both capabilities.Traditional WAN management models
With DIY, enterprise IT procures last-mile access at a location and deploys routers, WAN optimization, and network security appliances from several vendors. Continuous monitoring and management is done in house or via a managed service provider. In short, enterprise IT owns the complex task of maintaining, configuring and monitoring the WAN for availability and optimal performance.To read this article in full, please click here
The enterprise wide area networks are mission-critical resources for most enterprises. And when it came to managing and running the WAN, enterprises could choose between two distinct models: Do it Yourself (DIY) or managed WAN services. But with the evolution of SD-WANs, we’re seeing a new type of telco solution that merges elements of both capabilities.Traditional WAN management models
With DIY, enterprise IT procures last-mile access at a location and deploys routers, WAN optimization, and network security appliances from several vendors. Continuous monitoring and management is done in house or via a managed service provider. In short, enterprise IT owns the complex task of maintaining, configuring and monitoring the WAN for availability and optimal performance.To read this article in full, please click here
A new global backbone provider emerged from stealth last week, giving organizations even more choice in how they build their Internet-based SD-WANs. Mode introduced what it calls a “software-defined core” (SD-CORE) network that offers IT “affordable private-network reliability and quality of service” across the globe.The company joins Aryaka and Cato Networks as one of the few independent backbone providers helping enterprises solve the variability problems of the Internet core. Middle-mile performance forms the biggest challenge for delivering stable, global, low-latency connections.To read this article in full, please click here
A new global backbone provider emerged from stealth last week, giving organizations even more choice in how they build their Internet-based SD-WANs. Mode introduced what it calls a “software-defined core” (SD-CORE) network that offers IT “affordable private network reliability and quality of service” across the globe.The company joins Aryaka and Cato Networks as one of the few independent backbone providers helping enterprises solve the variability problems of the Internet core. "Internet testing results: Why fixing the internet middle mile is essential for SD-WAN performance," middle-mile performance, forms the biggest challenge for delivering stable, global, low-latency connections.To read this article in full, please click here
It’s no secret that the public Internet is a quagmire of latency and packet loss problems. No wonder, many of clients are reluctant to trust Internet-based SD-WANs with VoIP and business-critical applications. After all, how can an SD-WAN running over Internet provide a predictable user experience if the underlying transport is so unpredictable?To answer that question, SD-WAN Experts recently evaluated the performance and stability of long-distance Internet connections. Our goal: to determine the source of the Internet's performance problems by measuring variability and latency in the last and middle miles.What we found was by swapping out the Internet core for a managed middle mile makes an enormous difference. Case in point is Amazon. The latency and variation between our AWS workloads was significantly better across Amazon’s network than the public Internet (see figure). Why that’s the case and how we tested is explained below and in greater depth from this post on our site.To read this article in full, please click here
It’s no secret that the public Internet is a quagmire of latency and packet loss problems. No wonder, many of clients are reluctant to trust Internet-based SD-WANs with VoIP and business-critical applications. After all, how can an SD-WAN running over Internet provide a predictable user experience if the underlying transport is so unpredictable?To answer that question, SD-WAN Experts recently evaluated the performance and stability of long-distance Internet connections. Our goal: to determine the source of the Internet's performance problems by measuring variability and latency in the last and middle miles.What we found was by swapping out the Internet core for a managed middle mile makes an enormous difference. Case in point is Amazon. The latency and variation between our AWS workloads was significantly better across Amazon’s network than the public Internet (see figure). Why that’s the case and how we tested is explained below and in greater depth from this post on our site.To read this article in full, please click here
You simply can’t take advantage of all that SD-WAN has to offer without giving branch offices local Internet access and you can’t give them local Internet access without securing them. SD-WAN for all its strengths does not provide robust edge security. Yes, data is encrypted in transit. And, yes, some SD-WAN appliances come with basic stateful firewalling capabilities. But with attacks coming at layer-7, branches require a next-generation firewall (NGFW) and updated IPS/IDS capabilities to protect locations — not a basic firewall. For all intents and purposes, branch SD-WAN needs layer-7 security, which is why you see so many SD-WAN vendors striking partnerships with security vendors or some building security into their appliances.To read this article in full, please click here
You simply can’t take advantage of all that SD-WAN has to offer without giving branch offices local Internet access and you can’t give them local Internet access without securing them. SD-WAN for all its strengths does not provide robust edge security. Yes, data is encrypted in transit. And, yes, some SD-WAN appliances come with basic stateful firewalling capabilities. But with attacks coming at layer-7, branches require a next-generation firewall (NGFW) and updated IPS/IDS capabilities to protect locations — not a basic firewall. For all intents and purposes, branch SD-WAN needs layer-7 security, which is why you see so many SD-WAN vendors striking partnerships with security vendors or some building security into their appliances.To read this article in full, please click here
If the recent WAN Summit in New York where I moderated a panel on last-mile access (more on that later) was any indication, the SD-WAN market is shifting towards a service-delivery model where sufficient network security and predictability are baked into the SD-WAN so the service can replace MPLS.In session and private conversations, topics related to secure SD-WAN services kept popping up. The challenges of today’s managed services. The impact of the cloud. The need for SLAs in SD-WAN services. How encryption complicates visibility and, by extension, enterprise security. These and other issues point to the change and challenges facing SD-WAN services.To read this article in full, please click here
If the recent WAN Summit in New York where I moderated a panel on last-mile access (more on that later) was any indication, the SD-WAN market is shifting towards a service-delivery model where sufficient network security and predictability are baked into the SD-WAN so the service can replace MPLS.In session and private conversations, topics related to secure SD-WAN services kept popping up. The challenges of today’s managed services. The impact of the cloud. The need for SLAs in SD-WAN services. How encryption complicates visibility and, by extension, enterprise security. These and other issues point to the change and challenges facing SD-WAN services.To read this article in full, please click here
Is it only me who finds it just a bit dubious that carriers are advocating SD-WAN? SD-WAN was practically invented to get away from the clutches of carriers, and now we're supposed to trust them to be the stewards of WAN transformation?Carriers lost that privilege when their business model grew out-of-step with how we do business. We grew tired of being charged double Internet prices for MPLS capacity. In an era of self-service, carriers were still making us wait to troubleshoot problems. And we were astonished that new MPLS circuits could take weeks, even months, to bring into a new site when you could often get started with broadband in a matter of days and upgrade to DIA when ready.To read this article in full, please click here
Is it only me who finds it just a bit dubious that carriers are advocating SD-WAN? SD-WAN was practically invented to get away from the clutches of carriers, and now we're supposed to trust them to be the stewards of WAN transformation?Carriers lost that privilege when their business model grew out-of-step with how we do business. We grew tired of being charged double Internet prices for MPLS capacity. In an era of self-service, carriers were still making us wait to troubleshoot problems. And we were astonished that new MPLS circuits could take weeks, even months, to bring into a new site when you could often get started with broadband in a matter of days and upgrade to DIA when ready.To read this article in full, please click here
All too often, IT teams make the mistake of thinking about Internet access as a commodity, failing to consider how well connected a provider is with the rest of the Internet. Picking the right Internet service, especially internationally, can be extremely important when evaluating SD-WAN solutions from companies like Aryaka, Cato Networks, Cisco (Viptela or Meraki), Open Systems, Silver Peak, Versa or VMware (Velocloud).To better understand why looking at the quality of an Internet service is so important, I gathered global pricing and configuration information from my friends at GlobalInternet, a global aggregator of Internet access connections. Here’s what we found.To read this article in full, please click here
I was in the local Best Buy the other day and overheard a conversation between a saleswoman and a father looking to buy a computer for his daughter. Apparently, the daughter is a designer, which of course requires lots of heavy graphics work. Anyway, the saleswoman was trying to explain how he should invest a little bit more in an expensive graphics card because of her work. The father wouldn’t hear of it. He wanted the least expensive machine possible.It was a mistake.Part of the art of life is knowing when and where to invest your resources for maximum return. Sometimes less is, well, less and investing a bit more really can make a difference. I know you didn’t come to this blog for self-help advice, but life’s truism has real-world implications for wide area networks and, in particular, when selecting the Internet infrastructure underlying your SD-WAN.To read this article in full, please click here
I was in the local Best Buy the other day and overheard a conversation between a saleswoman and a father looking to buy a computer for his daughter. Apparently, the daughter is a designer, which of course requires lots of heavy graphics work. Anyway, the saleswoman was trying to explain how he should invest a little bit more in an expensive graphics card because of her work. The father wouldn’t hear of it. He wanted the least expensive machine possible.It was a mistake.Part of the art of life is knowing when and where to invest your resources for maximum return. Sometimes less is, well, less and investing a bit more really can make a difference. I know you didn’t come to this blog for self-help advice, but life’s truism has real-world implications for wide area networks and, in particular, when selecting the Internet infrastructure underlying your SD-WAN.To read this article in full, please click here
More than a decade ago, I launched the forerunner to SD-WAN Experts, MPLS Experts, on a project to China. Back then finding out telecom services in another country, let alone another continent, seemed like a mission impossible. China was among the most difficult.Much has changed in our industry. MPLS has given way to SD-WAN, but some things remain the same. We still need global connectivity and China continues to remain a mystery. My story about China blocking VPN traffic – and potentially SD-WAN traffic – caused quite a stir in the industry, in large part because, like so many things when dealing with China, concrete information remains scarce (particularly for non-native speakers).To read this article in full, please click here
More than a decade ago, I launched the forerunner to SD-WAN Experts, MPLS Experts, on a project to China. Back then finding out telecom services in another country, let alone another continent, seemed like a mission impossible. China was among the most difficult.Much has changed in our industry. MPLS has given way to SD-WAN, but some things remain the same. We still need global connectivity and China continues to remain a mystery. My story about China blocking VPN traffic – and potentially SD-WAN traffic – caused quite a stir in the industry, in large part because, like so many things when dealing with China, concrete information remains scarce (particularly for non-native speakers).To read this article in full, please click here
A new Chinese policy going into effect next week, will have profound impact on businesses relying on Internet VPN or SD-WAN access within China.According to a notice from China Telecom obtained by SD-WAN Experts, the Chinese Government will require commercial Chinese ISPs to block TCP ports 80, 8080, and 443 by January 11, 2018. Port 80 is of course the TCP port commonly used for carrying HTTP traffic; 8080 and 443 are used for carrying HTTPS traffic. Commercial ISP customers interested in maintaining access to those ports must register or apply to re-open the port through their local ISP. The news, first reported by Bloomberg July, was expected to be implemented by February, 2018. This is the first time a specific date has been provided for the action.To read this article in full, please click here
Steve Garson