chris - Fotolia


What you need to know about the hybrid WAN

The ballooning amount of data generated by users and applications is fueling the development of hybrid WANs. Here's what you need to know.

Editor's note: This is the first in a three-part series examining the evolution of the hybrid WAN. This installment describes the basics; upcoming articles will examine hybrid WAN designs and what you need to know to get the most out of private and public IP. Writer Robert Sturt has created a TechTarget step by step IT managers field guide to MPLS and VPLS procurement.

The days of the wide area network (WAN) supporting straightforward data requirements are over. Today's hyper-connected world is generating and consuming data at significant rates across multiple types of virtual private network (VPN) connectivity, ranging from Ethernet and Multiprotocol Label Switching (MPLS) to Internet Protocol Security (IPSec) over 3G, 4G and leased-line Internet.

Indeed, the growth of IP traffic is expected to increase significantly due to the capability and processing power of ubiquitous and feature-rich applications that run across laptops, PCs, tablets and phones. At the same time, IT budgets remain under pressure, even as enterprises are required to provide seamless access to resources -- regardless of location and access type.

Internet and traditional WAN services play an equally significant role for enterprise connectivity, and therefore must be served with equal importance. The hybrid VPN enables both the public Internet and private WAN to be deployed through its ability to terminate multiple interfaces -- each with the capability to serve traffic differently based on source.

To that end, network designs are increasingly including a hybrid WAN-- one underpinned by solid integration between private IP and public IP to ensure performance. In the past, corporate network connectivity has often existed within silos, with IT provisioning multiple hardware devices to deal with a particular termination type. Today, IT teams are looking to consolidate -- not only for cost reasons, but also to ease management. A hybrid WAN device allows an organization to mix and match connectivity, terminating Layer 2 and Layer 3, as well as public Internet access from broadband to 3G and 4G -- each of which adheres to specific security and traffic policies. 

A hybrid WAN incorporates three approaches:

  • A network VPN: Uses global and national service providers, generally MPLS and virtual private LAN-based VPN services.
  • CPE hardware-based VPN: Anchored by routers and firewalls capable of running IPSec between end sites. The customer premises equipment (CPE) resides at the customer's location.
  • Application VPN: Application tunnels from hosts are created independently on a per-user or per-application basis.

The overall supportable features of a hybrid WAN include:

Transport independence: The ability to terminate all traffic sources from both office and remote users, including MPLS, virtual private LAN service and IPSec over the Internet. Transport independence also supports policy-based application routing; in other words, the CPE will send traffic to the appropriate resource based on certain parameters.

Network flow control: Includes application awareness, which is the capability to deny or deliver applications intended for a subset of users; statistical reporting, or the ability to report on bandwidth usage, latency, jitter and uptime per connection; policy-based routing, permitting traffic to be routed based on network performance requirements. In these cases, less mission-critical traffic may be routed over a lower-priority circuit or connection. Flow control for a hybrid WAN also includes the ability to load-balance over multiple connections, providing aggregated bandwidth.

Application performance optimization: This encompasses sending applications through a specific network path to create an optimized delivery path, based on acceleration and application optimization via caching and local packet acknowled gment services.

Security: Is achieved through capabilities that include IPSec and Secure Socket Layer termination with further support for token access and network firewalling to restrict traffic types, certain users or to segregate extranet partners.

Regardless of the capability of these hybrid services, IT managers must pay special attention to application and security requirements. As with all designs, your specific goals and objectives will dictate how a hybrid WAN approach may work for you. If, for example, you need branch connectivity for only limited times or you require fast provisioning via broadband providers, a hybrid approach may be the answer. But enterprises must also gauge how they want to segment users and applications, and enable overall access to their network.

Next: The latest hybrid designs and what they mean to your organization.

Next Steps

Internet as WAN gains traction

SD-WAN providers eye hybrid space

This was last published in March 2015

Dig Deeper on WAN technologies and services