WANs Take Centerstage: what's making them faster, secure and more reliable?

There's an increasing need for organizations to
communicate more effectively, whether it's within the office between offices
across different geographical locations. This calls for a robust communication
infrastructure. While local communication isn't so difficult, as you have
plenty of bandwidth on the LAN, and voice calls are also pretty cheap, the
trouble comes while communicating over long

distance. Using basic email and phone calls is just not
sufficient anymore. For instance, you can afford to have a web page not loading
from a website, but what if it's your business application? You can't afford
to have packet losses on that. Moreover, this communication has to happen over
secure links and in encrypted format. This also raises another question. Is your
business application optimized to work over WAN links? Can it work over a low
bandwidth connection? Several key trends are taking shape in WANs, which can
help in answering these questions. For instance, one Web technology making waves
in the Internet world is AJAX, which can help enterprise applications run over
low-bandwidth connections. IPVPNs are picking up for secure communication over
long distances, and there's even an option to outsource your WAN
infrastructure management. In this story, we look at all these and more for your
consideration.

IP-MPLS is the default choice

Deepak Maheshwari Secretary — ISP Association of India Being more nimble and closer to the customer as well as operating in a highly competitive market, it should not come as a surprise that ISPs began offering VPN services in India in 1999. Slowly, VPN based on IP-MPLS technology has become the de facto platform of choice for WAN-again, a trend started by the ISPs in India almost five years back. Large organizations could extend leased line networks only to select sites due to high cost and the skills required to manage the same, even they are choosing VPN to augment more and more sites within their networks. At the same time, for many SMEs who could not ever think of multi-location leased line networks, VPN opens up new opportunities. One needs to connect to the local PoP of the service provider at the respective locations and thereafter, the service provider ensures the transmission across different locations. Moreover, the CIO can add and modify locations, bandwidth, priority and even the physical media and/or routing-all this on-the-fly on a real-time basis using a dashboard on his screen and respond to the mission-critical business support system. In the times to come, security and manageability would become more crucial as well as anything that lets the users manage the priority in an even more dynamic and challenging fashion. There would be a higher mix of physical media; the size of the WANs is also set for massive growth-to thousands of locations as the enterprise connectivity is extended to partners, vendors, suppliers and customers! Thus, a VPN offers reliability, security and quality on a public network with the added benefit of flexibility. Actually, VPN also bestows us with the benefits of openness and efficiency inherent in the Virtuous Public Network better known as the 'Internet'. Usage has also evolved to beyond just data to include voice and video. For more than one and a half year, the confusion over the licensing pre-requisites for VPN have kept many a prospects to take the plunge for VPN - more than anything else. However, that stage is over. In fact, in the latest amendments to the licenses 'leased line' itself has been defined as VPN!

IP VPNs

IP VPNs are emerging as a popular WAN connectivity solution, since it
provides both technological and business benefits over traditional VPN
technologies. In fact, the world over, they're fast replacing legacy Frame
Relay and ATM networks that were used by enterprises. This is largely because of
the huge cost advantage that they offer over the legacy technologies.

Currently, there are several different types of deployments
available for IP VPNs. If the requirement is to provide remote access to
individual users, then that would use SSL or IPSec encryption for the job. As
SSL doesn't require any clients, it makes for the cheapest extranet solution.
As a result, SSL VPNs are the obvious choice for remote-access technology as
they integrate end-point security and stronger authentication within themselves
in the times to come.

If multiple sites are to be connected, then the solution is
site to site IP VPN, while if a very large enterprise class IP VPN is required,
then there's the Multi-Label Protocol Switching based IP VPN, which uses a
large carrier's MPLS solution. MPLS has gained momentum because with this one
technology you can converge all means of data transfer that include data, video
and audio. Consequently, standardization efforts need to be made for both
network-to-network and user-to-network interfaces. While MPLS seems to offer
great convergent solutions, quality of service and support for firewalling, spam
and content filtering, it lacks on one factor: that it does not offer the
required level of encryption. And that's the end where the IPsec picks up
from. It provides the necessary encryption to make use of the Internet as the
carrier for transferring data across WANs. 

So these technologies have turned out to be serious
contenders with the enterprises for both fresh deployments as well as upgrades.
And what remains to be seen is which sectors of the enterprise go in for
building them themselves and which ones would want to buy them.

WAN optimization

The philosophy deals with removing the latency associated with data transfer
over WANs. Current WAN optimization devices claim to provide three to five times
the native transfer speeds. For this, the devices use CIFS (Common Internet File
Sharing) protocol. This is in line with the increase in the number of vendors
offering WAFS (Wide Area File Services)-which is basically, file and print
services over WANs. WAFS has a two-fold purpose: one, it helps take over file
server facilities at branch office levels as well as provide a common data
storage location for compliance purposes. WAFS devices are expected to take over
a major share of enterprise WAN based file services in the coming years and a
number of products are available from vendors such as Cisco, Juniper Networks
and F5. 

However, manageability of WAN optimization devices are
still not quite yet on-par with similar devices and systems-so, you would need
to seriously sit down with your vendor and look at what features it offers
before making the investment since downtimes here can become quite costly to
your business.

Adaptive WANs

How would you like a network that is always available, ultra-reliable and
very predictable at all times? Well, if Ciena's offering is not a dream, it
does just that. It's called an 'Adaptive WAN' and is

being pushed forward for business continuance applications in enterprises. This
WAN does not require new deployments and can be used with your existing
deployments. Multiple applications can be

collated into one 'wire' (so to speak), enabling a high degree of
manageability. Applications can be monitored and tuned for reliability. The
Adaptive WAN is suited for

enterprises that have multi-site assets and operate on time-sensitive
applications.

Wireless broadband

Devices that are wireless and online are significantly going mainstream.
These include both personal computers like laptops and smart phones. The advent
of high-speed mobile communications (although not yet prevalent in India) like
3G are increasing the number and criticality of the enterprise applications that
can be used from such devices. 

The TIA (Telecommunications Industry Association, UK)
predicts that there would be about 270 million wireless devices in use and
online worldwide in the next three years. Already, we are well on the way there,
with 25 million wireless devices being deployed in the past one year alone.
This trend could well be helped along by the shot in the arm that wireless
services are due to get quite soon with the

introduction of UTMS TD-CDMA that offers 40-70 Mbps transfer rates when you're
moving at nearly 130 Kmph. UTMS TD-CDMA is an emerging 3G standard (packet
switched data and VoIP transmissions with QoS) that is slated to significantly
change the way our mobile networks operate.

Outsourcing

A high 74% of the IT executives surveyed by a London-based firm earlier in
February reported they outsourced their WAN worries, mostly because of lower
running costs and manageability. Other major pain points included the ability to
troubleshoot quickly, timely restoration of links and billing.

Running costs go on a rise when more workers logon to their
workplace from all over the globe as enterprises expand operations and move out
of their single-campus presence and seek out the world.

The ability to guarantee connectivity and reliability of
that connection to your remote workers needs personnel presence at those remote
sites, not a very pocket-friendly prospect for most enterprise, regardless of
size and skill. This necessitates off-loading those concerns to a third-party
entity, who may do it at a lesser cost.

Higher bandwidth

Bandwidth costs have plummeted and availability has doubled over the past
year. ISPs in India have correspondingly passed on those benefits to their
customers-by upgrading bandwidth packages at no additional cost twice in the
last one year.  However, it appears that this has not come completely free
of cost. There is a raging debate going on about how the rising costs of
maintaining smooth functioning of the Internet be managed.

Some say that the costs should be off-loaded onto the home
user, which has been subsidized by business accounts for a long time. This would
be accomplished by a user-neutral policy, where both sets of customers would be
treated on par by the ISP and provided QoS on par with each other. The other
camp believes that current parity needs to be maintained for fear of losing the
pie completely. A third camp advises an application-fee based regime where the
cost of service would be linked to the type of application (meaning high QoS
requiring applications like VoIP and video on the Net for instance would attract
higher fees). In this system, it would be the application service provider who
pays the fee, subsidizing the end-user.

IPv6 comes of age

IPv6 is no longer a protocol that's best implemented in a lab or a network
run by geeks. It has come of age and is proving itself on both performance as
well as robustness. In response to the Internet2 challenge, the University of
Tokyo along with Pacific Northwest Gigapop, JGN2, WIDE Project and Chelsio
Communications successfully achieved a data rate of 6.18 Gbps over five
different public international networks covering well over 18,600 miles of
cabling. In comparison, the IPv4 record stands at 7.99 Gbps for the same
distance but over eight networks. This is being seen as proof that IPv6 can now
handle high-performance network applications and can take over from IPv4.

On the software front, the new Windows OS (Vista)
integrates support for IPv6 protocol in a big way- it is installed by default
and wherever you can configure IPv4

settings, you can also provide corresponding IPv6 settings. See our seperate
feature on Vista elsewhere in this issue.

Triple play

Triple play is the term used to

refer to the simultaneous transmission of data, voice and video over the same
wire. Increasingly, this is becoming mainstream in both the business and home
segments. For the home user for instance, IPTV is driving the boom forward. With
fixed line operators seeking to push broadband Internet and high-bandwidth media
applications onto their wires, the cable TV operators themselves are getting
into the action by offering Internet as well as IPTV on their network to counter
the move by the fixed-line operators.

This war of course is well-watered down in India. However,
in the USA, which is seeking to battle with the penetration levels of broadband
Internet in the ASEAN, this is an aggressive

contest, with companies (telecom and ISP) seeking to consolidate their market
positions. The recent takeover of AT&T Wireless by Cingular is perhaps a
good example.

The Net Neutrality bill (so to say, 'Internet Non
Discrimination Act 2006') introduced in the US

Senate by Ron Wyden (and discussed in the 'Higher bandwidth' section earlier
in this story) seeks to encourage fair play in triple play services by
restricting fat-pipe owners from proffering preferential treatment to particular
entities and hand the others a rough deal.

High-speed routing

We are all used to our network speeds not being 'quite there', even if
we're using theoretically fat pipes (like 100 Mbps or even gigabit links).
This is because of the way standard TCP works. TCP is, when you get down to
analyzing it for high-traffic networks, a really really bad and miserly
protocol.

What it does is when it detects the slightest hint of
sluggishness on the wire, it compensates heavily and ends up sending much
smaller packets than it actually can. In the same way, it never makes full use
of the pipe when the traffic is low enough either. This is easily fixed

if you implement HS-TCP (High Speed TCP, IETF RFC 3649). This is a protocol
optimized for high- traffic high-latency networks and responds better to network
congestion. The current state of HS-TCP is that it is still classified
'experimental'. However, some

researchers consider it stable enough to warrant an inclusion into the standards
and implementable class. Using its re-designed algorithms, HS-TCP is able to
adjust its packet transfer windows to a more optimum size and recover quickly
from high-latency conditions compared to standard TCP. Keeping pace with this
requirement, the new Vista OS has a completely re-written TCP stack called the
'Next Generation TCP/IP'.

In India, both ISPs and vendors are talking about MPLS in a
big way. Banks have already adopted it. When will other sectors like
manufacturing and business services follow? That's worth watching.

Rinku Tyagi and Sujay V Sarma