Wrestling With the Woes of WAN Application Delivery

Small- to medium-sized enterprises (SMEs) require that inventory, customer relationship management, sales and accounting applications be available beyond the LAN (local area network) via the Internet. Local employees, telecommuters, business partners and customers must have unhindered access to critical applications or a company risks adversely affecting productivity and profitability.

When applications are deployed over the WAN (wide area network), performance often degrades, causing user productivity to suffer. WAN applications can be adversely affected by poor ISP (Internet service provider) link performance, ISP link failure and congestion from too much traffic going over the WAN link.

A dual WAN router uses simple policy to route outbound-only traffic over one of two lines without WAN and ISP link load balancing and failover for inbound traffic.

Without intelligence in the technique nor method to avoid or minimize congestion, the technique’s rigid nature frequently adds to congestion problems. A more cost-efficient and flexible solution is using specialized WAN link controllers that provide ISP multi-homing along with load balancing and failover.

Advanced WAN optimization controllers bring together all of the capabilities required for ensuring network availability, reliability and security for applications.

These products should include four key capabilities:

1. ISP and WAN link aggregation
2. ISP and WAN link load balancing
3. ISP and WAN link failover; and
4. Security

Content caching, compression and TCP (transmission control protocol) optimization are all excellent approaches to improving application delivery.

Even with all these capabilities, if a WAN link is congested, or a service provider has an outage, application delivery suffers.

ISP and WAN Link Aggregation

Outbound bandwidth aggregation: An advanced WAN link controller provides outgoing bandwidth aggregation at the TCP/UDP (user datagram protocol) session layer. The user defines weights based on the bandwidth capacity of each WAN link. When a session is generated from the LAN, the WAN link controller computes which link has the most available bandwidth and routes traffic there. The WAN link controller allows the selection of two link load balancing algorithms: symmetrical round robin or intelligent (weighted) load balancing.

This diagram shows how a WAN link controller automates the process of load balancing multiple, diverse WAN links from several service providers. This provides total aggregated throughput with link failover protection. Click on image to enlarge.

Incoming bandwidth aggregation is accomplished by the WAN link controller acting as the domain’s authoritative DNS server. The WAN link controller advertises all available WAN links to the DNS cache servers, which resolve the domain names to queries in a round robin format. All externally initiated sessions are load balanced over all available links. Since the WAN link controller is resident at the domain site and can directly monitor the link status, failed links are removed immediately from the DNS tables. By setting the host name record Time-to-Live (TTL) to a short period, the DNS caching servers will flush their address tables and will update them from the WAN link controller regularly.

A WAN link controller’s multi-homing ability connects a single LAN or WAN to multiple ISPs. Bandwidth aggregation combines these WAN links into what is effectively one large connection, or can maintain these links separately and allocate Internet traffic across them as needed. Both techniques result in larger pools of available bandwidth and greater reliability. Both require WAN link load balancing and automatic link failover.

(click on image to enlarge)

Border Gateway Protocol (BGP) has been used for multi-homing, but its cost and complexity make it impractical for most SMBs. WAN link controllers use a simplified and more up-to-date architecture based on Network Address Translation (NAT) and Dynamic Domain Names Service (DNS).

The diagram above shows a WAN link controller high-availability implementation. Click on image to enlarge.

ISP and WAN Link Load Balancing

Availability: A WAN link controller automatically detects a WAN link or site failure and redirects traffic among the remaining links and sites, without service loss. They can also be configured in a high-availability mode with one WAN link controller acting as the primary, and a second WAN link controller as a standby.

Performance: Application performance over the WAN directly affects response time. This includes total average transaction time, and it assures that users located at performance-challenged sites (such as branch offices) still receive acceptable performance levels.

Quality of Service (QoS): QoS is the ability to prioritize network traffic to ensure that adequate bandwidth is always available to specific applications, especially during periods of congestion. QoS rules use load balancing and automatic failover to direct traffic to links with sufficient bandwidth.

ISP and WAN Link Failover

Reliability and business continuity: WAN link controllers provide uninterrupted access to data centers and remote locations, ensuring business continuity when disaster strikes or WAN infrastructure is compromised. They enable intelligent control of bandwidth throughput by managing diverse WAN and ISP links, and they automatically apply techniques to avoid link failures and bottlenecks.

Site redundancy: Many businesses need to redirect Internet traffic to a disaster recovery site if catastrophe disrupts a main site. WAN link controllers ensure that site failover and failback occur automatically and reliably.

Redundant Internet access: Virtually every organization now requires some form of redundant Internet access, or the ability to connect to multiple ISPs or WAN links and redirect traffic from congested Internet links to functioning links.

Scalability: WAN link controller scalability implies the availability of several products that span the performance and cost requirements across data center environments. Performance requirements for accessing data center applications and data resources are usually characterized based on the aggregate WAN link controller throughput and the number of simultaneous application sessions supported.

Site-to-site channel bonding: Multiple Internet links are bonded into a single high-bandwidth channel for uninterrupted availability for applications that require point-to-point connectivity. Channel bonding, a form of load balancing, allows for stateful failover of traffic to the best performing links to ensure critical applications avoid problems when stopped on one link and restarted over another link.

(click on image to enlarge)

Security: WAN link controllers address required levels of encryption, authentication and maximum reasonable usage profiles (for detecting denial of service attacks, intrusions and virus behavior).

Firewall and VPN load balancing and redundancy: Maintaining a VPN connection between remote offices or the corporate network is critical for preserving WAN security. By using multiple ISPs, data and applications can securely travel through the aggregated VPN (virtual private network) from any transmitting side links to any receiving side links. VPN load balancing can switch the order of IPSec packets coming from the VPN server, and randomly send them to multiple sites’ WAN link controllers located at both ends. This capability hinders intruders from assembling IPSec packets, organizing them in the right order, and decrypting them.

It is essential that critical applications and network infrastructure be considered together as application infrastructure for supporting strategic business objectives. WAN link controllers are an affordable solution designed to ensure optimal performance, reliable delivery and protection of applications. WAN link controllers are designed to optimize network bandwidth and the delivery of critical applications, secure network, data and application assets, and ensure business continuity.