Logo der Firma Osyon

Microsoft Gold Partner Logo

OSYON wird Microsoft Gold Partner
more

New Boundary Logo

OSYON GmbH ist Authorized Partner von New Boundary

mehr

Lebensmitteltechnik berichtet über Quan sis

mehr

Sonderdruck PDF

Anuga Food Tec Logo

OSYON auf der Anuga Food Tec in Köln, 10. - 13.März

mehr

NetApp SilverPartner Logo

OSYON wird NetApp Partner

mehr

TeamViewer – die Software für den Zugriff auf PCs über das Internet OSYON Support TeamViewer Gastzugang für unsere Kunden

Hybrid WAN Solutions with FortiWAN

FortiWAN3000B

technology
Product brochure
Product Matrix

Overview

Almost every organization faces the need for increased WAN bandwidth for its data center and branch office networks. The recent explosive growth in cloud-based applications and video is significantly impacting the ability for traditional WAN networks to handle the load and in many cases is adding increased latency. MPLS and metro Ethernet can easily be upgraded in most cases to handle the load, however at a very steep price that most organizations can’t afford. There are many other technologies that offer high-speed bandwidth such as DSL, Cable and LTE, however integrating them into a seamless business-class WAN has proven challenging in the past.

Link Load Balancers have evolved significantly in the past few years into intelligent WAN optimization tools that can manage multiple links from virtually any technology and from multiple carriers. This multi-technology, multi-carrier approach is called the “Hybrid WAN” and is enabled by WAN Link Load Balancers such as Fortinet’s FortiWAN product line.

In this solution guide we’ll take a look at the drivers behind the need for increased bandwidth, introduce you to the key technologies in our FortiWAN products and how they are applied to WAN bandwidth management, provide information on the top use cases for Hybrid WAN implementations, and briefly discuss the integration of the Hybrid WAN into Software Defined Networking (SDN)



Everyone Needs More Bandwidth

It’s tough to find a business that says it has just enough WAN bandwidth to meet its needs and that’s content with its monthly fixed line, MPLS or Metro Ethernet bills. Each year business Internet traffic usage is growing at a 20% rate and is expected to reach over 22 exabytes of traffic by 2017 from 16 exabytes in 2015. To put that in perspective, 1 exabyte is 1 billion gigabytes or roughly equivalent to 3,000 times all the text, audio and video stored in the U.S. Library of Congress. Behind this are the growth of video for business use, cloud-based applications and the consolidation of virtual devices centrally driven by virtualization technologies.

Some organizations have more specific drivers for increased WAN bandwidth. For example, hotel properties with guest Wi-Fi services find that networks optimized for content delivery are stressed when guests are uploading video to YouTube or syncing photos to cloud-based servers. An unfortunate few are in areas where they’ve hit the maximum bandwidth available to deliver business connectivity and don’t have easy or inexpensive options without having to pay their telco carrier to run new higher-capacity WAN links to their locations.

Inbound Load-Balancing

Mit der MultiHoming-Funktion lassen sich eingehende Verbindungen über verschiedene WAN-Links leiten. Dazu wird die patentierte SwiftDNS-Technologie verwendet, die DNS-Antworten in Abhängigkeit der jeweiligen Link-Qualität erzeugt. Unternehmen und Organisation können auf diese Weise internetbasierte Anwendungen mit großer Ausfallsicherheit zur Verfügung stellen.

Old WANs, New Problems

Years ago if you needed to connect a remote location to your data center you added a leased line from your telco carrier. If you added more locations, you added more leased lines ranging from T1s to DS3s and fractions thereof depending on your needs. Technologies like Frame Relay cropped up and faded away giving way to the predominant technology today, Metro Ethernet, usually with MPLS.

Metro Ethernet is a very flexible IP-based technology that connects your locations to a carrier’s Ethernet network and can easily be bridged to the Internet. MPLS is an overlay technology that creates virtual private networks at the layer 2 level that isolates traffic between locations to make it appear that any remote location is directly connected to your data center or other location. Carriers offer the ability to bridge MPLS networks to the Internet for a fee or that can be done at your data center with various routing options.

These technologies continue to work well for organizations that need dedicated SLAs, guaranteed uptime and have deep pockets to pay for bandwidth upgrades as their traffic volumes grow. There are some limitations though.

Metro Ethernet with MPLS will generally only work within the geographic boundaries of a telco carrier. This means if you have a remote location in an area not served by the carrier, you’ll need to look to dedicated leased lines or use a secondary MPLS from another carrier. Also, although Metro Ethernet and MPLS have very high SLAs, usually ranging from 99 to 99.999% uptime, there still exists the possibility of outages from a few hours to a few days each year. Depending on the needs of your organization that can represent significant losses. You can deploy a secondary backup MPLS network, but that isn’t practical in many situations and will be very cost prohibitive except for large organizations.

Many smaller organizations have successfully deployed VPNs over Internet services as a less expensive “DIY” option for remote connectivity. Usually tied to a firewall, they bypass the need for carrier-managed services, but it can be challenging to bridge multiple VPNs for traffic expansion and to add additional bandwidth to an existing platform.

The greatest challenge facing traditional WAN technologies is pricing. Any of the traditional WAN technologies can provide you virtually unlimited bandwidth for your needs, however that comes at a very high price. For example, Metro Ethernet typically is a tiered pricing model where if you only need a few hundred extra megabytes of throughput, you may have to jump to a higher tier for a full gigabyte, which in some cases may double or even triple your monthly service bill.

WAN Connectivity with a Hybrid WAN

In most cases the “old school” WAN backhauled most if not all traffic to the data center. In some cases today that is still needed in certain industries, but for most it’s overkill. Not only does Internet traffic strain your backhaul to the data center, in most situations it introduces a significant amount of latency for things like video and cloud-based applications like SalesForce.com and even Google Docs.

If you really take a good look at your Internet traffic, you’ll most likely find there are many applications that don’t need the guaranteed throughput and SLAs of a carrier-based WAN. There’s a great opportunity to get this off your core network and route it directly from a branch to the Internet without having to go all the way back to your data center to only be sent to the Internet from there.

There are also many low-cost options for Internet connectivity like DSL and Cable modem services. These can be up to 1/20th the cost and offer speeds that are comparable to the lower pricing bands of Metro Ethernet.

The question is how can you leverage lower cost Internet options without the complexity of managing various point solutions for your WAN?

A Hybrid WAN can take your existing WAN infrastructure and seamlessly combine it with other lower-cost Internet technologies to give you the bandwidth you need on a platform that is easy to manage. Virtually any Internet technology such as MPLS, Metro Ethernet, leased lines, DSL, Cable Modems, LTE and Satellite can be implemented to add links to your WAN to either add bandwidth or to provide redundancy and resilience to your network. Hybrid WAN can also link multiple MPLS or VPN networks together into one large network that can span multiple geographies and ensure almost 100% network availability.

The Evolution of the Link Load Balancer

The Hybrid WAN is built on the technology of the humble Link Load Balancer. Most IT professionals today still think of a Link Load Balancer as a tool to provide backup link redundancy should a primary WAN link go down. And yes, there are still many that are sold today expressly for that purpose. There are also many firewalls, routers and application delivery controllers that also include basic link backup and link load balancing.

An advanced WAN Link Load Balancer uses basic link health checking, failover and link restoration functionality and adds many advanced features that take full advantage of the links coming in and out of your data center and remote locations to create a dynamic Hybrid WAN.

There are 5 key features to a WAN Link Load Balancer that enable a Hybrid WAN and separate it from basic link monitoring and failover:

Optimum Routing: Monitoring performance and directing traffic to the best available link.

Policy Based Routing: Configurable business rules that use traffic and application type to route traffic to specific links.

Quality of Service: Prioritization by traffic type to ensure latency-vulnerable traffic (such as voice and video) is provided the bandwidth it needs to minimize disruptions.

Link Aggregation (tunnel routing): The ability to assign individual links to create a larger virtual tunnel that appears and acts as a single link between sites.

DNS Multihoming<: Inbound traffic management and IP reassignment of URLs to ensure seamless access to internal resources from external users.

These features enable you to easily add almost any Internet technology and bandwidth to your WAN by simply adding new links. As long as there’s an Ethernet port to plug into, they can be added to your network and be configured to add backup capabilities, offload Internet traffic from your data center backhaul, or create larger private links without the need for additional investments in your MPLS infrastructure.

FortiWAN WAN Link Load Balancers

Fortinet’s FortiWAN appliances provide the tools you need to manage and integrate WAN links into your network to create a Hybrid WAN using almost any ISP technology. Need back up connectivity? Want to add more bandwidth to your data center, remote offices, VPN or support free Wi-Fi for guest users? Need to expand your backhaul but don’t want to add to your MPLS costs?

FortiWAN Features:

FortiWAN WAN Link Load Balancers are based on over 10 years of proven technology and experience that offer the latest in WAN Link Load Balancing features. From simple link back up capabilities that provide redundant connections to patented Tunnel Routing that creates secure virtual private lines out of multiple links, FortiWAN delivers the features you need to support today’s complex Hybrid WAN environments.

The best way to showcase these features is to illustrate how they solve your problems. In the next section we’ll cover the top use cases for FortiWAN’s Hybrid WAN technologies to give you examples of how they can help solve your bandwidth and redundancy problems.

Common FortiWAN Use Cases

In this section we’ll cover the top use cases for FortiWAN. Although a top use case is simple link backup for WAN connection redundancy, it’s generally understood by most IT professionals as a fundamental feature of a link load balancer. It will be referenced in the use cases below, but not highlighted as a use case by itself.

FortiWAN Use Cases:

Securely Connecting Multiple Locations

When you need more backhaul bandwidth from a remote location to your data center, it’s easy to upgrade your MPLS network or upgrade to a higher-capacity Metro Ethernet tier. With that ease, comes a lot of extra cost, usually requiring you to jump to a new usage tier for your network. If you only need a few extra megabits of bandwidth, FortiWAN can let you add less expensive options like DSL and Cable to your private network by aggregating them with Tunnel Routing.

In Figure UC2, three links are aggregated together into a larger virtual private line that backhauls to the data center. These lines can be any combination of links, including your existing MPLS, additional leased lines or less expensive DSL and Cable. FortiWAN does the heavy lifting of managing the links so that all you see is one large virtual link connecting your locations. If an individual link goes down, private traffic is routed to the remaining links seamlessly. When the link is restored, traffic automatically begins routing to that link again. Please note that in order to use Tunnel Routing, a FortiWAN is required at each end, here at the data center and the branch office.

MPLS Bridging (Multiple MPLS)

Similar to our previous use case, Tunnel Routing also can be used to bridge multiple MPLS networks. We have numerous customers that have deployed this solution to take two separate MPLS networks and bridge them to create a seamless single network spanning multiple carriers and geographies. This can be used also for situations where you may need a second MPLS network for backup. With FortiWAN you can put the idle backup MPLS to use by creating one larger single network from both. If one should fail, the other seamlessly routes traffic without the need for manual intervention.

In Figure UC3 FortiWANs are deployed at points where the two MPLS networks enter your network. Other locations with single MPLS links don’t require FortiWAN appliances. FortiWAN takes MPLS 1 (red) and MPLS 2 (blue) and creates a single network for all locations. The Headquarters and Regional Office are able to take advantage of the increased bandwidth of both MPLS networks where Branches 1 and 2 are seamlessly connected to the broader network regardless of which MPLS network they are connected to.

Adding Wireless to Your WAN

Wireless access like LTE and Satellite can be a great backup where terrestrial based links are unreliable or not readily available. FortiWAN can add wireless WAN for backup connectivity or bandwidth capacity depending on how it’s configured. If you only need wireless WAN for backup at a remote location, FortiWAN can be configured to only use that link when there’s an outage on the primary link. Although more specialized, FortiWAN can also combine multiple wireless links into larger virtual ones to provide up to 45 Mbps of speed for mobile applications (tradeshows, work sites, etc.).

Figure UC5 shows both these scenarios. At the top, FortiWAN is configured to only use the LTE network (green) if the DSL and T1 (red) go down. At the bottom, a mobile tradeshow vehicle uses 3 LTE connections (from different carriers) to achieve near DS3 speeds as long as it can access the wireless networks.

SDN, WAN and “SD WAN”

Just as SDN (Software Defined Networking) has impacted traditional LAN environment planning, Software Defined WAN (SD WAN) is being discussed more as the future of WAN networking.

The goal of SD WAN is similar to SDN, to seamlessly manage traffic at the layer 2 level of the OSI model without the need to manage hardware-based switches or WAN controllers. The latest in SDN controllers are offering the ability to add WAN links to the controller so it can be managed centrally.

Although FortiWAN does not offer direct SDN integration today, it can be used as a single link into an SDN controller where you still can take advantage of FortiWAN’s features like tunnel routing, automatic link failover, and policy based routing. FortiWAN’s upcoming API interface will allow an SDN controller or similar devices to directly manage FortiWAN providing benefits of advanced Link Load Balancing and SDN management and control.

Summary

The high cost of WAN bandwidth challenges most organizations. Lower-cost options like DSL, Cable and even Wireless can provide the bandwidth, but introduce complexities where most organizations don’t think they’re worth the headaches. There are many instances where traffic doesn’t need to be backhauled to a data center and then out to the Internet from there. By implementing an advanced WAN Link Load Balancer such as FortiWAN, organizations can provide cost-effective bandwidth and link redundancy to create Hybrid WANs. By seamlessly integrating links using virtually any ISP technology, FortiWAN enables organizations to address needs such as adding cost-effective bandwidth to their remote locations and data centers, increasing backhaul capacities with tunnel routing, and delivering inexpensive Wi-Fi to guest users.

Öffnet den Druckdialog Ihres Browsers. Startet Ihren Email-Client.