bluebay2014 - Fotolia


SD-WAN configuration options: Is active-active configuration best?

Highly distributed organizations might not benefit from an active-active SD-WAN configuration. Learn how to assess which option is best for your company.

SD-WAN is a broad topic, and it means different things to different people. One element of the technology that...

seems to be common across companies of all sizes and verticals, however, is using SD-WAN to create active-active connections in which all connections are available and free to carry traffic, rather than having one reserved for backup. But in some situations -- particularly for large, distributed organizations -- an active-active SD-WAN configuration might not be right.

Historically, the only way to architect a network with multiple paths was to put the multiple links in active-passive mode, where only one connection was passing traffic. The backup, or passive, connection only becomes active when the primary link fails. In legacy networks, active-active connections can be complicated to configure without having traffic pingpong everywhere and create routing loops.

SD-WAN significantly simplifies this. A number of SD-WAN configuration options use an always-on virtual private network (VPN) overlay that manages traffic flowing to both links simultaneously, while also using a feature called path control to route various types of traffic down the different links. For example, the network could be configured to send voice and video traffic down the most reliable path, like MPLS, while best-effort traffic is sent over a broadband connection. A third connection could be dedicated to something like backing up data over the WAN. This active-active configuration allows multiple connections to pass traffic simultaneously. 

When active-active SD-WAN configuration isn't the best option

Conceptually, active-active configurations make sense. But in some scenarios, active-active isn't the best choice. These situations arise most often when locations can't support two terrestrial connections, when IT needs greater path diversity, and when overall cost and availability are greater concerns than total network performance. 

Because path control enables traffic to be routed to specific networks, it can be better used over passive metered backup links, like cellular service or satellite, to increase uptime by using those links only when required. By using an always-on VPN overlay and enabling applications to maintain state and dynamically switch connections within a few seconds of a WAN issue, network and application availability is greatly increased, while the overall impact to the user is minimized. This solves one of the biggest problems with legacy active-passive connections, which often take several minutes of downtime to switch to the backup connection. This downtime can cause applications to lose state and reset because they could not withstand the outage.

Advantages of WAN optimization functionality

There are situations -- particularly for large, distributed organizations -- where active-active configuration might not be right for SD-WAN.

Regardless of the type of SD-WAN connections selected, it is important to understand the significance of using WAN optimization. Path control is often used to redirect traffic when the primary link is degraded. But WAN optimization can improve the performance of the primary circuit, thereby eliminating the need to switch links. Also, while high-bandwidth connections are readily available in metro connections, nationwide and global connections are still at T1 or E1 speeds. So, the primary link typically has a maximum speed of 2 Mbps. Some higher-speed connections are available, but it's rare to see a transoceanic link of more than 6 Mbps. WAN optimization can help squeeze more traffic over these links and significantly improve network performance. 

Once the primary circuit has been optimized, the next step is to understand the best way to leverage the backup connections. That assessment should be based on the type of network service available and the unique business needs of the location. 

Assessing your network

If bandwidth is limited, the best configuration would be to augment the main connection with a broadband connection, like DSL or cable, and operate in active-active mode, because the cost of the connection is fixed, regardless of how much traffic is generated. In fact, an MPLS and broadband hybrid WAN configuration is often the first step in migrating to an all-broadband WAN. The downside of DSL and cable is throughput and performance can vary, depending on time of day or location, since they are shared services and are often oversubscribed. 

If bandwidth is not as much of a concern, and your company is trying to increase network resiliency and cost-efficiency, a better option could be using satellite or cellular 3G and 4G connectivity for a backup link. These services are usually low cost to purchase, but they are metered; so, the more bandwidth that traverses the network, the more expensive the service gets. Putting a metered circuit on an active-active connection could cost a company thousands of dollars per link, per month, and offset any other cost savings gained by moving to SD-WAN.

How to choose your SD-WAN configuration

Here's a summary of how highly distributed businesses should think about using multiple WAN links:

  • Deploy WAN optimization to use the circuits more efficiently.
  • If more bandwidth is needed on an MPLS network, use an active-active hybrid model by adding broadband connections. Consider moving to an all-broadband WAN later.
  • If resiliency and cost-efficiency are more important than bandwidth, then stick with active-passive with satellite or 3G or 4G connectivity.
  • If your company wants to achieve all of these features, consider MPLS with broadband and cellular or satellite to architect a network that is active-active-passive. 

It's important to note that the active-active-passive configuration may seem like the best option, but it's the most expensive and complicated to deploy. If this is the desired approach, consider a managed service. 

All companies should be looking at how to capitalize on the benefits of SD-WAN. But how the multiple connections are used should depend on the unique needs of the company. Starting with these assessments will help you determine whether an active-active configuration would work for your organization.

Next Steps

Prep for SD-WAN deployment with these steps

Stay ahead of your concerns about SD-WAN management

Find out your SD-WAN return on investment

This was last published in August 2017

Dig Deeper on Software-defined WAN (SD-WAN)