Use Case Overview
The proliferation of 4G LTE cellular networks, the decreased form factor, and the cost of LTE-capable devices are important factors for rapid deployment of new branch offices. LTE networks enable broadband access to the Internet and help you avoid the cost of building redundant physical infrastructure at remote office sites. You can leverage the connectivity through 4G cellular networks as backup lines for the locations that are already equipped with primary wired connections.
Enterprise networks are adopting the software-defined WAN (SD-WAN) technology for business agility and responsiveness to keep up with IT innovations. Financial and operational benefits of SD-WAN include lower WAN operational expenditures (OpEx), lower capital expenditures (CapEx), and automated provisioning. You can use SD-WAN to optimize application experiences and network performance by prioritizing business-critical applications over the links that provide guaranteed Quality-of-service (QoS).
You can combine the next-generation firewall capabilities of the SRX Series device, advanced SD-WAN capabilities, and 4G LTE for wireless connectivity as backup connection, to build a cost-efficient, self-driving networking solution for remote offices.
Figure 1 shows a typical setup of a branch office.
A typical branch office has three independent connections to the Internet.
Wired connection that provides link to HQ with guaranteed QoS. This link is often provided over MPLS.
Local broadband Internet access
Wireless connection with either 2G, 3G, or 4G LTE.
The connections terminate on the SRX Series device. The SRX Series device provides next-generation firewall (NGFW) capabilities along with wired and wireless services to employees on-site that include:
SD-driven access to the Internet
Enhanced web filtering
Intrusion prevention system
Advanced application visibility and control
Application Quality of Experience (AppQoE) QoE monitors the performance of business- critical applications, and based on the score, selects the best possible link for that application traffic in order to meet performance requirements specified as in SLA (service-level agreement). AppQoE utilizes the capabilities of two application security services - application identification (AppID) and advanced policy-based routing (APBR). It uses AppID to identify specific applications in your network and advanced policy-based routing (APBR) to specify a path for certain traffic by associating SLA profiles to a routing instance on which the application traffic is sent as per APBR rules.
The throughput capacity of the three Internet links is often not equal. The primary link (MPLS) provides a lower throughput at a guaranteed-quality of service (QoS) compared to the broadband Internet link. The LTE link delivers lower throughput compared to the broadband Internet connection, but it does not meet the guaranteed QoS of the MPLS link. The LTE link is used only when the primary link is unavailable.
Because of the different capacities and guaranteed-QoS requirement, you need to prioritize business-critical applications over the rest of the traffic when the primary link fails. Noncritical applications can use the spare throughput capacity; therefore, you can rate limit the standby link to lessen their impact on prioritized traffic.
You can configure LTE as a backup link and use only when both primary and secondary links are down or unavailable.
This use case offers the following benefits:
The SRX Series devices mitigates the risks of oversubscription for costly links that provide guaranteed quality of service and routes the non-business-critical applications through inexpensive Internet access circuits.
AppQoE feature ensures that the approved traffic receives the appropriate priority, and bandwidth required to ensure the best quality of experience to the user enabling users to focus on their core business rather than dealing with routing and switching.
Integrated LTE capabilities provide additional guarantees for the business continuity even when the other links prove unreliable.
Configuration of the MPLS link and WAN technology, which is similar to Asymmetric digital subscriber line (ADSL), very-high-bit-rate digital subscriber line (VDSL), and T1/E1, are beyond the scope of this document.