Ten reasons why it's time to retire traditional routers in branch offices

Over the years, we've dutifully upgraded our routers because there weren't many options. Routers aren't just the foundation of a business network; they're the business network. We need them to connect our offices, stores, and warehouses.

[[246515]]

However, we are slowly finding that routing is insufficient. It cannot account for application differences. All of this tells us that enterprises should move away from routers and move to SD-WAN.

Gartner has also predicted that SD-WAN will replace routers, so today we will talk about the reasons why SD-WAN replaces traditional routers.

What is routing?

Fundamentally, the routing protocols used in most enterprises today are designed to solve the problem of endpoint reachability in large networks. Scale, convergence time - these attributes prompted companies to abandon RIP in the 1990s in favor of a link-state routing protocol for Internet Protocol (IP) networks, namely OSPF.

OSPF routers collect connection status information, i.e., link state information, from each router in their network area. This information is then forwarded to other routers in the network, providing each router with raw data for building a complete routing table. The router determines the shortest path by adding up the path cost of each segment - the lower the path cost, the shorter the path. In practice, most companies calculate path costs in relation to link bandwidth. The router runs Dijkstra's algorithm on this data to determine the shortest path between two points, which becomes the route.

It’s time to retire traditional routers in branch offices. Reason 10: The world is becoming more cloud-based!

In November 2017, Forrester predicted that more than 50% of enterprise applications would be in public and private clouds by 2018. In 2018, we found that 96% of the 997 SMB and enterprise companies surveyed now use cloud services. The pace of migration to cloud-based applications and infrastructure is accelerating and happening faster than anyone predicted. Therefore, a question arises: the enterprise router-centric WAN architecture is not designed for the cloud.

Traditional router-centric WANs typically backhaul SaaS and IaaS traffic to the data center, where traffic can be inspected by applying advanced security filtering before being routed over the internet, but it is too costly to deploy advanced security filtering in each branch. This backhaul impairs SaaS and IaaS performance due to increased latency. As a result, enterprises are unable to achieve productivity and efficiency gains by migrating applications to the cloud.

Advanced, application-aware SD-WAN solutions address this challenge by enhancing secure, "direct-to-the-web" access from the branch to trusted SaaS applications and IaaS instances. By intelligently directing trusted SaaS and IaaS traffic from the branch directly over the Internet, application performance is significantly improved. Web traffic that requires authentication or further inspection can be directed to secure services and infrastructure in the cloud or at headquarters.

Advanced SD-WAN solutions must also keep up with the ever-changing IP address tables of popular SaaS applications such as Office 365, Salesforce.com, Box, etc., and automatically update each site every day. While some available SD-WAN solutions may be able to selectively interrupt web communications for applications using ACLs, they are powerless when IP addresses change. Highly manual reprogramming or reliance on third-party application signature libraries simply cannot keep up with the speed of address updates. This is when you need to understand how SD-WAN solutions can improve SaaS and IaaS performance by protecting branch offices from threats through rapid application identification technology, secure Internet breakthroughs, and cloud intelligence.

A complete SD-WAN solution can include an integrated firewall, full routing capabilities, and optional WAN optimization to create a unified branch WAN edge solution. Advanced SD-WAN solutions can not only replace traditional routers at the branch, but also replace firewalls in most typical branch environments. Need more security? No problem. Security can be extended through seamless service chaining.

It’s time to retire traditional routers in branch offices. Reason 9: Poor SaaS performance!

We hear employees frequently complain that Salesforce.com (or Office 365 or Workday or any of the countless SaaS applications) is more responsive at home or at Starbucks than at the branch.

Why? Because traditional router-centric WAN architectures typically backhaul all SaaS and IaaS traffic to the data center for more economical security verification than branch sites. Backhaul is often based on expensive MPLS transport, and MPLS bandwidth is limited, which increases latency and thus undermines the performance of SaaS applications and IaaS services. As a result, employees become frustrated with the quality of experience and are likely to give up working in the branch. Even worse, if workers are less productive, it can lead to increased operating costs or even reduced revenue.

In order to provide high-performance SaaS and IaaS services as possible, why not connect users directly to these cloud services from branch offices over the Internet? Why not send this traffic to high-speed broadband links that are cheaper than MPLS services? But the challenge of doing so is to solve the reliability and security issues of enterprise applications in Internet services. With SD-WAN, this goal can now be achieved. Let's take a look at both.

• Reliability: Packet loss and latency are prone to occur in Internet services, and if the latency exceeds the acceptable threshold (power outage), this may affect SaaS and IaaS performance. This is exactly the challenge we want to overcome! If a service experiences a power outage, an advanced SD-WAN can continuously monitor packet loss and latency and redirect traffic to the "best performance" link, thereby maintaining high SaaS and IaaS performance for users. When the damaged service is restored, it will automatically return to the WAN transmission bandwidth pool.
• Security: Not all web applications are created equal. Therefore, SD-WAN solutions must include the ability to enforce granular application-driven security policies. A possible policy is to direct trusted SaaS applications such as Salesforce, O365, Workday, Box and Dropbox directly from the branch office to Internet services, because the enterprise can safely rely on the security measures supported by these applications themselves. But for recreational or unknown network traffic, the policy may dictate more advanced security inspections. An advanced SD-WAN solution can intelligently and automatically direct traffic to cloud-based security services, or transfer this traffic to the headquarters' next-generation firewall and IDS/IPS services through service links.

SD-WAN solutions must also keep up with the ever-changing pace of IP address tables used by popular SaaS applications such as Office 365, Salesforce.com, Box, etc. These updates must be captured and distributed daily and automatically sent to all sites, similar to the virus protection signature updates you might experience on your laptop. SD-WAN solutions simply cannot keep up with this pace if they manually reprogram IP addresses or rely on third-party signature libraries.

The following article is "Ten Reasons Why Traditional Routers Are Abandoned (Six, Seven, Eight)"

Original link: http://blog.silver-peak.com/think-outside-router-reason-10-its-getting-cloudy