Wide area network (WAN) managers are replacing certain expensive private circuits with broadband Internet connections...
in order to contain the cost of expanding WAN connectivity requirements.
WAN managers have always accepted that the reliability, control and security offered by T1 lines and MPLS networks are worth paying for. However, as branch offices are multiplying, enterprises are more distributed than ever, and WAN connectivity is threatening to become a budget buster.
"Sure, it'd be ideal to have every site on an MPLS connection [with an] SLA and fully-managed link, but at the end of the day, that's a tough sell," said Brent Wolfram, director of technology architecture at Lafarge North America, a building materials supplier based in Herndon, Va. "For a small site … it would be hard to justify the local loop costs for an extraneous $500 [per month]."
MPLS costs have dropped, but broadband Internet quality is improving
Even though MPLS prices have declined, more enterprises are "thoughtfully and tactfully" outfitting some remote sites with standard broadband and Internet-based virtual private networks (VPNs) when "the premium of MPLS over broadband is not worth it," according to Ted Chamberlin, a research director at Gartner Inc.
"That's something that's been happening in very small increments in the past two years, but we think that's going to turn up [in 2011]," Chamberlin said. "Network budgets have gone from flat to a couple of percentage point increases, but we've seen that when enterprises have more money to spend on the WAN, the data center takes priority. They're going to be smart about it and not put site-to-site voice over IP or video conferencing over [Internet] VPNs."
IT director Tim Hays isn't ready to unplug all of the legacy T1 lines at Lextron Inc., a supplier of animal health products based in Greeley, Colo. But he "absolutely" anticipates a day when standard broadband can be a primary source of WAN connectivity.
Only a small handful of Lextron's 60 sites -- those with two or three users -- use solely broadband connections.
"If a [3G] card costs you say $55 a month and the average T1 line is $1,000 a month, that means -- break even -- I can have 18 people with a T1 in their back pocket," Hays said. "Until I get [more than] 18 people, it's cheaper just to give everybody a WAN card."
Multiple tiers of WAN connectivity includes broadband
WAN managers can adopt a three-tiered WAN architecture that defines a site's WAN connectivity requirements according to its size and function, said Johna Till Johnson, president and senior founding partner of Nemertes Research. Enterprises will still use expensive T1s and MPLS circuits for Tier 1 sites like data centers and regional headquarters, but standard Internet will be acceptable for primary WAN connectivity at smaller sites, she said. For these enterprises, the MPLS isn't the WAN. It is only part of the WAN.
"People talk about a WAN and they say, 'The WAN is MPLS.' Well, it's not and never really was," Till Johnson said.
We don't do after-hours monitoring [for broadband-only offices] … and our reaction time for Internet VPN sites is significantly different than for sites on MPLS.
Director of Technology Architecture, Lafarge North America
Wolfram categorizes his company's 700 locations across the United States and Canada based on size. Data centers are Type 1 sites and receive the highest quality connections -- redundant MPLS circuits. Small and mobile offices that support five users or less are Type 4 and 5 sites, which rely on VPN connections over a non-redundant DSL, cable modem, 3G/4G card or fixed mobile broadband services. About half of the company's branch offices get WAN connectivity through an Internet VPN.
Branch size is not the only factor for determining the class of WAN connectivity at Lafarge, Wolfram said. Wolfram also considers which business unit is using the branch and what business processes are performed at the site.
"More critical locations -- regional sales offices, service centers, cement plants, dispatch offices, etc. -- are all put on redundant IP MPLS, as connectivity interruption at these types of locations is less tolerable," he said. "For those locations on Internet VPN, obviously the SLAs around availability, monitoring and [mean time to repair] are not comparable to the service levels associated with our IP MPLS offering, and that is something which we communicate clearly to the business."
Working around broadband WAN connectivity imperfections
Although economical, standard broadband as a primary WAN connection isn't for the faint of heart. Enterprise WAN pros have no control over Internet routing, and congestion is inevitable. Additionally, service providers don't make the same performance, throughput and uptime guarantees for broadband as they do for private WAN links.
"It is the quality of service that's been available up until this point that's kept people from doing it. That's exactly why we haven't eliminated the T1s from our network, even though we could in fact run our business across the Internet," said Hays, of Lextron. "The Internet just doesn't yet have the quality of service that we demand as business customers."
Some vendors offer WAN managers technology that can mitigate the Internet's inherent shortcoming.
Until recently, Hays had configured the routers at his larger branches to fail over to a backup DSL or 3G connection if the primary T1 circuit suffered an outage. But service usually degraded during a failover -- even when the Internet connection was faster -- leaving call centers without the ability to take calls or sales personnel without access to customer data, he said.
Hays also considered it wasteful to leave backup broadband lines unused when the T1 lines were functional. Configuring his routers to use the T1s and the Internet simultaneously was too complicated, he said.
Instead, he deployed Mercury Adaptive Private Networking appliances from Talari Networks in 13 of his larger branch offices. The appliances continuously monitor multiple WAN links -- including Internet connections -- for latency, jitter and packet loss. Rather than bonding multiple circuits or alternating between failovers, the appliances use all connections simultaneously, firing traffic over whichever link is faster at the moment.
Hays configures the appliances to prioritize some types of traffic, such as voice, for the fastest available connection. Deployed symmetrically, the appliances can also send duplicate packets across all links simultaneously and drop off whichever copies don't make it there first, he said.
"We've kept and maintained our T1s, but … instead of having to duplicate the number of T1s that we have by two or three to get the bandwidth we want to a location, we can now install high-speed Internet [connections] and use that for a fraction of the cost that it would've taken to expand our network and get 10 or 12 times the amount of bandwidth," Hays said.
At Lafarge, where 48% of locations rely solely on Internet connections and VPNs for WAN connectivity, Wolfram relies on the cooperation of users to make Internet-based WAN connectivity work. Users at those broadband-only sites can complete some work offline in the event of an outage, Wolfram said. The main applications can queue requests or some work can be done by hand, he said.
Still, performance monitoring and support for those locations are "on a best effort basis," Wolfram said.
"We don't do after-hours monitoring … and our reaction time for Internet VPN sites is significantly different than for sites on MPLS," he said. "It's not that we're trying to punish the units, but we have only a certain number of bodies."
In an effort to bridge that performance and support gap, Wolfram is evaluating managed Internet VPN services from his service providers.
"Yes, [those sites would] still get the lower SLA and nonguaranteed end-to-end performance, but they're at least getting a more consistent level of monitoring," he said. "We're trying to bring the Internet VPN [sites] a little bit closer to where the MPLS is while still keeping costs down."
Let us know what you think about the story; email: Jessica Scarpati, News Writer.