I was recently in the Belgian Ardennes and the wifi or 4G didn’t work or was slow. This makes it difficult to do any work. We mainly work with Google G-suite, in the Cloud, and are satisfied with it. But I was reminded again that an available and fast internet is very important! It probably happened to you too.

Bundling multiple
internet connections is not self-evident

How redundant are your internet lines?

Companies don’t like to bet on one horse. In the enterprise world the importance of fast internet, the need has risen to open up important branches with multiple internet connections. This is called redundancy. Redundancy helps guarantee continuity when one connection fails.

But does redundancy also automatically imply that you work faster, because you use more bandwidth spread out over multiple connections? Is it also possible to use multiple internet connections, like fiber, copper and 4G? And can all these connections be used simultaneously (active-active)?

On paper it is correct. Everything is promised. Stable cloud access, fast applications, working securely and much more. But, what is really needed for this and how does a ‘multiple internet lines’ actually work?

How does SD-WAN work?

Edge SD-WAN or ‘traditional SD-WAN’ works as follows: You place a device (Software defined wide area network edge appliance) on the site, at the edge of the network. The device recognizes various applications (‘Nextgen’) and distributes the associated (outgoing) data streams over the available internet connections. This division of data streams is often called ‘failover’ because normally only one connection (primary link) is used (active-passive). Recurring data streams (downloads) come in via the same internet line. If both connections are used simultaneously (this is referred to as ‘active-active’ and ‘load-balancing’), the different data streams are sent simultaneously over several connections.

With edge SD-WAN, cloud traffic is routed directly to the appropriate cloud. This is also known as ‘local internet breakout’. The site, viewed from the internet, is accessible via different public IP addresses, associated with the respective internet connections.
A firewall is required to secure Internet access. This functionality is built into the device: the security is provided by ‘on-premise’ hardware. If your company only uses cloud applications, this is often an excellent solution. An example is SD-WAN from Cisco, Meraki, Citrix, or Versa. The main advantage is that end users at the site can connect directly to the Cloud.

SD-WAN doesn’t mean continuity

Suppose you are looking for a solution to supplement or replace a traditional MPLS network. Or you want mission-critical applications such as Microsoft Office 356 or ERP to be stable and securely accessible at all times. In the Cloud, or ‘on-prem’: your employees and other end users must be able to work from anywhere and at any time.

If you’re considering or already using SD-WAN for this, it’s often a good idea. Yet there are pitfalls. Edge SD-WAN isn’t always stable. This is because edge SD-WAN alone is not sufficient, but must be supplemented with security functionality. In this way, different technologies and services from multiple suppliers are linked together. Because of ‘updates’, for example, those technologies can suddenly not understand each other, so that your network is temporarily ‘weakened’.

If SD-WAN and firewalls (but also routers, switches, and any WAN acceleration devices) do not communicate well with each other, failures will not immediately switch to an alternative, with all the consequences that entails. For example, in the event of a connection failure or degradation of that connection. Because various issues are linked together, it can be difficult to determine the root cause. Failure or degradation can potentially lead to significant costs and is actually not an option!

This is often the problem called ‘Telco-managed SD-WAN’: You think complexity is irrelevant to you because you rely on someone else to manage it for you. But in the end the problem does not disappear, the complexity remains. Either way, you’re presented with the bill in the form of outages or overcharges, or worse, hacks. Even if your network infrastructure is managed by a renowned international Telco.

Hoe does SASE SD-WAN work?

With edge SD-WAN, you place a device (SASE SD-WAN edge appliance) on site. With edge SD-WAN, the device recognizes different applications and distributes the associated (outgoing) data streams over the available internet connections. This division of data flows is always active-active. It means that all connections can be used simultaneously.

The edge device normally sends all encrypted traffic to the worldwide SASE Cloud. The public internet is only used for transport to the nearest SASE node! So it no longer matters which outgoing and returning data flows run via which internet line! The data traffic is not sent directly (directly) from the location to the relevant cloud. The firewall, to secure internet access, is provided from the SASE Cloud.

If your company has strict security requirements (‘Zero-Trust’), this often turns out to be a better solution. This also applies if your company does not only use cloud applications.

How is business continuity ensured?

IPknowledge ensures your business continuity by ensuring uninterrupted and secure delivery of critical applications to all your sites and end users. The foundation is a fully resilient network architecture based on SASE SD-WAN. That is slightly different from what we call ‘traditional SD-WAN’.

Multiple internet connections
to combine

We cleverly combine multiple lines from different Internet Service Providers (ISPs) and ensure that every branch, anywhere in the world, is fully redundantly connected.

The highest degree of redundancy

The highest degree of redundancy is achieved when SASE is used. How it technically works is that the new (visible) public IP address becomes an IP on the SASE SD-WAN Network. So you are no longer visible or dependent on the IP addresses provided by the Telco, which also makes IP Address Management (IPAM) much easier. And that’s not the only advantage: Your company is behind the SASE cloud (Attack surface), and also absorbs all the blows for you, for example from DDOS attacks.

Results of SASE SD-WAN

The advantages of SASE therefore go further than using all (2 or 3) internet lines simultaneously. The most important results at a glance:

• All available internet capacity is used.
• You are no longer limited by the CPU processing power of the ‘on-prem’ firewall.
• You have full visibility and control, because all traffic runs through the SASE Cloud.
• You can easily and uniformly connect home workers, 3rd parties or cloud services.
• You can scale your security level up and down as you wish.
• Security is applied uniformly, whether they are users in offices, 3rd parties, home workers or IaaS services.
• Complete end-to-end traffic control, so your important applications are always prioritized.
• The highest achievable availability and security of your network at all branches, (cloud) data centers and for all home workers.
• Existing internet lines, or new ones, are used actively-actively.
• QoS functionalities can be deployed: Business-critical data traffic is always given priority over traffic with a lower priority in case of network problems.
• Scalability in number (tunnels), regardless of other sites.
• For any location, such as a head office, factory site, logistics distribution center, warehousing warehouse, retail branch or sales office, you simply choose the optimal price/performance ratio: you are in control and we are happy to advise where things need to be a little different.

Doing just a little more

An important core value of IPknowledge is “Here to help.” This means that as a Network as a Service partner we do not react reactively, if the problem has already occurred, but proactively. “Prevention is better than cure”.

Bert-Jan Kamp – CTO IPknowledge

multiple internet connections