Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Enterprise WAN Design Considerations

 

This section focuses on high-level design considerations of enterprise WAN use cases. Each of the considerations should have high-level design goals that inform the choices made during the design of a new or upgraded enterprise WAN. The prime design consideration are:

  • Easy to deploy—A top goal in any network architecture should be ease of deployment. A fantastic solution that features complicated deployment scenarios can encounter more issues than a network that features an easy and documented deployment.

  • Easy to manage—An effective design features simple and centralized management. The ideal scenario has a single operator with a single pane of glass who is able to manage the entire network. Designing ease into the management of the network is as important as any other factor in the network design.

  • Easy to operate—Availability of automation tools means greater visibility, actionable insights, and the ability to self heal and self drive the networks through AI. Automation reduces errors and outages while lowering operational costs.

  • Flexible and scalable—New network architectures should be designed to grow and change as business needs dictate. Installing a design that just meets the needs of business today is a recipe for increasing expenses and complexity as the network is upgraded piecemeal.

  • Resiliency and security—Architecture that is vital to business success should be designed with the expectation that failure and security breaches are not only possible but also probable. Rather than designing around unplanned outages and attacks, design in a way that expects outages and attacks on the network and its protected resources.

  • Services ready—A network should be able to easily adopt new services. The ability to introduce services in line with existing network flows is a key design consideration. This lets you add services like WAN acceleration, content caching, elevated security (antivirus, intrusion detection and prevention), to name a few, to the network (often without the addition of new hardware).

Ease of Deployment/Designed for Flexibility and Scalability

Organizations can have thousands of remote sites spread out among geographical locations that have labels like branch office, regional site, or headquarters. WAN aggregation design should inform the building of a network for all locations, regardless of their label or purpose. This means building a network that scales. Standardization is one way to design for scalability. By introducing and adopting a small number of standard designs for common portions of the network, the options for network deployment are limited and simplified.

To enhance scalability further, use a modular design approach. Begin with a set of standard, global building blocks. From there, design a scalable network that meets business requirements. For instance, in an enterprise network, we might start with a core module and then connect an Internet edge module and a WAN module to build the complete network.

Many of these modules are the same for service design. This provides consistency and ease of scalability in that you can use the same modules in multiple areas of the network to maintain the network. These modules follow standard layered network design models and use separation to ensure that interfaces between the modules are well defined.

Resiliency and Security

A key to maintaining a highly available network is building in the appropriate redundancy to guard against failure, whether it is link or circuit, port, card, or chassis failure. This redundancy is carefully balanced, however, with the complexity inherent in redundant systems.

Overly complex redundancy features can cause more problems than they prevent by introducing failures. Over engineering a network’s resiliency can result in communications failure. While all organizations require redundancy, you need to avoid making the redundancy too complex and reliant on too many other modules. The failure of a single component can cause a network failure.

With the addition of a significant amount of delay-sensitive and drop-sensitive traffic such as voice and videoconferencing, we also place a strong emphasis on resiliency in the form of convergence and recovery timing. Choosing a design that features failure detection while reducing recovery time is important to ensuring the network stays available in the face of even a minor component failure.

Network security is another important factor in designing the architecture. As networks become larger and more complex, there are more entry points and areas where security vulnerabilities exist. Effective WAN aggregation and enterprise WAN designs ensure a secure network that does not restrict usability for the end user, hindering the customer experience in the process. The security design should address vulnerability and risk while enhancing the user experience as much as possible.

Ease of Management

An effective WAN aggregation and enterprise WAN architecture should be designed to be easily managed and operated. Ideally, you would use a single pane of glass in the form of a network management application, or a collection of applications, to implement, maintain, and troubleshoot the network.

Old methods of using CLI and truck rolls to manage the network become more of a burden as the complexity of the network grows and as it becomes more vital to the user experience. An architecture that focuses on making the network easy to manage includes all of the elements found in FCAPS, an ISO model and framework for network management.

FCAPS includes the following network management elements:

  • Fault management by a central system that polls network elements via SNMP to verify status while network events are sent to the network management system via SNMP traps.

  • Configuration management via third-party tools that manage and execute scripts, or through GUI-based systems that allow bulk changes throughout the network.

  • Accounting management is essential when multitenancy, or “pay to play” are in use. When you have multiple business units with discreet billing and service requirements, you need to tie usage to those accounts.

  • Performance management lets the organization verify that service-level agreements are met, either between the enterprise and the service provider, or between the enterprise IT organization and the business units (internal SLAs).

  • Security management is essential to the network. The ability to coordinate security throughout the enterprise and at the service points where security policy is applied is crucial to securing the network. Beyond the configuration of security, the management system should support the reporting of security events so policies can be evaluated and changed to meet evolving security threats.

An effective management system provides a complete FCAPS functionality and enhances the management, security, and accountability of the underlying network design.

Ease of Operation

As enterprise bandwidth grows so does the WAN size and complexity. However, the complexity associated with managing such infrastructure does not have to increase proportionally thanks in part to automation tools. Automation of network operations is less error prone and therefore avoids outages while reducing the CAPEX.

A future-proofed network is designed to stream telemetry, not just provide visibility. It can also extend analytics to provide actionable insights with further extensibility to self-driving networks by self-discovery, self-monitoring, self-configuring and self-healing. The success of any self–driving network depends on algorithms that can predict the state of the network and the necessary action with a high-level of accuracy. The performance of predictive algorithms depends on the data models (correlation engines), and the fidelity of such data models is directly proportional to the amount of data collected (telemetry) over time.

Services Ready

Flexibility, scalability, resiliency, and security all are characteristics of a services-ready network. An architecture featuring a modular design enables technologies and services to be added when the organization is ready to deploy. In a services-ready architecture, new platforms and extensive network changes are not required to enable service adoption—the network is modular and built to accept these new services with little change required.

A network architecture that is designed and configured with class of service (CoS), for instance, is ready to support high-quality voice and video. A network that is designed and configured with multicast is ready to support efficient voice and video delivery. A network with customer edge (CE) platforms that support WCCP is ready to add caching and acceleration services without requiring extensive changes. Other services that you should consider are VPN services, NAT, and stateful firewall services. A network that is designed and built to support these services from day one can be considered services ready.