While we weren't looking, the WAN changed

You do have options

Fortunately, there are solutions. In fact, the "quiet revolution" in WAN connectivity is that while most of weren't looking the number of options absolutely exploded and the entire space has become thick with startups. Telcos are actually competing with one another based on the richness of technologies and services they can bring to the table and all of this is presenting entirely new (and substantially less expensive) ways to build corporate WAN topologies.

The simplest technology to discuss is called "local internet breakout". This is telcoese for "putting an internet connection into each branch office". Instead of all non-local traffic being sent to a central location, the router in the branch office is aware of the subnets served by the other sites on the corporate network and only sends traffic bound for those sites across managed WAN link. Everything else goes out a "wide and cheap" internet connection, in many cases simply rebadged consumer broadband.

The basics of local internet breakout isn't exactly rocket surgery, but doing it right can be just as hard. Nobody wants to take all that WAN equipment from the HQ and start putting a copy of it at each location. That's expensive, takes up a lot of rack space, and local branches don't exactly need enough horsepower to defend a nation state.

Fortunately, that rack's worth of WAN gubbins that sits at HQ is available in innumerable virtual appliances. You can mix a little of this with a pinch of that until your branch office WAN connectivity is just the right flavour.

If you don't want to bother with all that, there are still options. All your internet-bound traffic can be routed to hosted security solutions provided by your telco, ISP, tech vendor or various startups. They will then do all the analysis, security, WAN optimisation and so forth for you.

Some telcos also offer the ability to simply send all your traffic to them and they will do the internet breakout internally: corporate WAN traffic will be dumped on the MPLS network directly from the point of presence in the telco's data centre and internet traffic will go through some security VMs and be punted out onto the wild, woolly internet.

There's also an emerging technology called Dynamic Path Selection (DPS). DPS actually looks at what types of traffic are in use (for example, by looking at destination port numbers) and chooses different paths for the traffic based on that.

The traffic routing can be complex, and is largely done on a customer-by-customer basis. For example, latency-sensitive applications can be fired over managed WAN connections for some or all of the journey. These can ride the MPLS connectivity all the way to the destination, or merely take advantage of the lower latency in order to get to an internet breakout point that is geographically (or logically) closer to the destination.

Consider the example of hosted voice communications. If the voice server were located at a data centre in Seattle, and you had a branch office there, it might make sense to configure organisation of voice traffic to use the MPLS network to get to the Seattle office, and then exit to the internet from there.

This is only one example, of course. DPS is a young and versatile technology, and many of the various technologies discussed can be combined or used to complement one another.

When it comes to WAN connectivity, our options as customers have changed. It isn't simply managed or unmanaged WAN and that's it. What's more: there's a lot of scope for telcos and other ISPs to add real value. They needn't be "just dumb pipes". There are a great many services that once lived on racks at organisational HQs that ISPs can be handling. Intermixing all these technologies will almost certainly require consulting and analysis services, most likely provided by the ISP.

It's about time. ®