In the latest Network Break, Network Break 213 from Packet Pushers, they discussed some of the latest news in networking, such as Amazon Outpost. With the rise of SaaS applications, the questions was also raised, do I even need a WAN?
Let’s assume you are running Office365. Your e-mail and office application is in the cloud. You are using Salesforce for your CRM. You ERP is also cloud-hosted. You’ve moved pretty much all of your previously internal apps to the cloud. Do you still need a WAN? I would argue yes. Considering all the applications mentioned previously have been moved, what do we still have left?
All though we’ve been talking about paperless societies for ages, have you ever seen an office environment without a printer? Neither have I. Your printers likely need to reach a print server. Do you have Active Directory? Would you be comfortable putting it entirely in the cloud? How do you provision PC images? Do you use something like SCCM? Do you have lighting, doors, larms etc that are connected to the network? Are all of your stored files in the cloud? Probably not depending on how sensitive they are. Do your offices call each other over Skype? Even in a world where SaaS is dominant, it will be difficult, if not impossible, to completely remove traffic flows between offices or from an office to a HQ/DC. So if we care about that traffic, which we should, then we still need a WAN.
What are the other benefits of having a WAN? Preferably one with SD-WAN capabilities.
- Ability to reroute traffic based on path conditions
- Traffic engineering
- Service chaining
- Central management
There are many more of course but any organization of decent size will need to either run their WAN or completely outsource it.
In the episode, there was also a discussion on AWS Transit Gateway which is a way of connecting different VPCs with each other as well as your on-premises networks. You may be familiar with the concept of Transit VPC. It’s a design that’s been used to connect VPCs and this is Amazon’s answer to that. To help their customers simplify the networking design. In the NB episode above, there was a discussion if this would mean that vendor routers like the CSR1000v would decline in popularity. This might very well be true but I still see reasons for using a custom router. Some of them are:
- Provide direct cloud access from your offices instead of transiting a IPsec tunnel from your HQ/DC to the Transit Gateway
- Support a larger number of routes, the number of routes supported in Transit Gateway may not be enough for the largest enterprises
- Manage your routers in cloud the same way as your other routers
- Better visibility, on AWS owned infrastructure it’s difficult to see which routes were installed and why
- Segmentation, you may need more or another form of segmentation than the Transit Gateway can provide
- Firewalling, IPS functionality etc which the Transit Gateway does not provide
This is not at all a criticism of the Transit Gateway. I really like the concept but as always in network design, it depends! It depends on use case, requirements and your operational strategy, if it’s for you or not.