Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Future of WAN. Why WAN When You Can Internet

Future of WAN. Why WAN When You Can Internet

The market is converging on HTTP and SSH as protocols. Future versions of HTTP/2 (presaged by QUIC/SPDY and others, and Microsoft SMB3 protocols means that encryption is the default. WAN Optimisation, IDS, Transparent Caching and VPNs will become problems. In fact, a security risk.

This is my presentation from WAN Optimization: Challenges and Options Session Code: IN31
Location: Lagoon H
Date: Wednesday, April 02
Time: 11:45am-12:45pm

EtherealMind

April 02, 2014
Tweet

More Decks by EtherealMind

Other Decks in Technology

Transcript

  1. About Me ‣ Host of Packet Pushers Podcast ‣ Freelance

    Network Architect/Engineer YOU CAN HIRE ME! ‣ Blog - EtherealMind.com ‣ NetworkComputing.com  ( http:/ /networkcomputing.com/blogs/author/Greg-Ferro) ‣ gregferro.com - personal blog
  2. Agenda - Part 1 Part 1 - WAN Business Part

    2 - Changing Technology WAN Part 3 - The Rise of “Internet as WAN”
  3. Takeaways ‣ Complexity is expensive ‣ WAN Accelerators, Proxy Servers,

    QOS, Network VPN are not the future ‣ The WAN & WAN Services can be replaced by Internet & Cloud ‣ Connectivity is commodity and services are valuable ‣ Cheaper to buy more bandwidth
  4. The Value of the Dedicated WAN ‣ Dedicated Bandwidth ‣

    Shared Backbone ‣ Assumed Secure ‣ Certainty / Guarantees ‣ Known
  5. WAN Pain Points ‣ Service Provider ‣ Highly profitable ‣

    Oversubscription is good profits ‣ Service Guarantees are expensive to deliver ‣ Collapsing ecosystem. ‣ Enterprise/Customer ‣ Operating the overlay is expensive ‣ Cloud Services are a problem ‣ Slow provisioning.
  6. Internet Everywhere ‣ Internet Ubiquity ‣ Tablets & Smartphone are

    not connected to the WAN ‣ Internet is everywhere. ‣ Paradox: Internet is always cheaper because it is oversubscribed, commodtiised. ‣ roughly equivalent to “cloud WAN”. ‣ WANs will shrink which will make the service even more expensive
  7. Key Business Issues ‣ Dedicated WANs are increasingly painful ‣

    expensive ‣ ecosystem decline ‣ The Rise of Mobile Internet is undermining need
  8. Agenda - Part 2 Part 1 - WAN Business Part

    2 - Changing Technology WAN Part 3 - The Rise of “Internet as WAN”
  9. Network Protocols ‣ Old Protocols are dying ‣ only HTTP

    & SSH matter ‣ but…. HTTP is ‘dying’ too
  10. Encryption as Standard ‣ HTTP/2 with TLS by default ‣

    Microsoft SMB3 ‣ Compression on encrypted payloads ? ‣ Inspection of encrypted payloads requires private keys
  11. New Protocol Formats ‣ SPDY, QUIC ‣ optimising HTTP &

    HTML for fast web services ‣ SPDY = Mulitplexing over TCP ‣ QUIC = multiplexing over UDP ‣ HTTP2 ‣ binary format ‣ Payload uniformity ‣ JSON, REST, Cloud
  12. WAN Acceleration Basics ‣ Acceleration Methods ‣ TCP Optimisation ‣

    Data Suppression ‣ Payload Compression ‣ Why they are working less well
  13. TCP Optimisation ‣ Windows sizing now handled better by OS.

    ‣ Windows dynamically allocated 1GB memory to TCP session ‣ TCP Packing ‣ works well on high latency links ‣ there are no high latency links any more ‣ Works poorly on encrypted protocols ‣ Diminishing returns
  14. Data Supression ‣ Local protocol acknowledge ‣ Caching ‣ Two-sided,

    inline deployment ‣ Must be close to source and destination
  15. Payload Compression ‣ Unpack the protocol payload ‣ library compression

    ‣ repacking ‣ Must recognise, analyse and process protocol ‣ Encryption defeats
  16. Protocol Interception ‣ Deployment ‣ Redirection ‣ WCCP ‣ Inline

    ‣ SDDC / virtualization ‣ redirection is problematic ‣ WCCP not suitable ‣ Inline only option, other issues
  17. Decryption / MITM ‣ Decryption is Man in the Middle

    Attack ‣ Decryption is a security risk ‣ Standards are working to actively prevent MITM ‣ Key Management ‣ works in hardware. ‣ badly in software.
  18. Key Management ‣ Interception will require access to private keys

    ‣ Key management is a two decade problem that has no practical solution ‣ Managing and widely distributing private keys is a major security risk
  19. Summary ‣ Modern protocols are proofed against inspection ‣ proxy

    services like security inspection, acceleration and caching are losing effectiveness
  20. Agenda Part 3 Part 1 - WAN Business Part 2

    - Changing Technology WAN Part 3 - The Rise of “Internet as WAN”
  21. Internet as WAN ‣ Internet is cheap, ubiquitous ‣ short

    provisioning times ‣ support for mobile users e.g. smartphones, home working, tele working
  22. Technology ‣ IP SEC and particularly DMVPN ‣ used for

    site-to-site only ‣ SSL VPN ‣ best overall option
  23. Cloud VPN Providers ‣ Commercial ‣ Pertino ‣ Aryaka ‣

    CohesiveFT ‣ Retail ‣ LogMeIn ‣ Dynamic and transparent VPN services
  24. Cloud VPN ‣ Some are offering acceleration as part of

    service ‣ but all other points still apply ‣ built in analytics and monitoring ‣ per session, per user
  25. Hybrid Cloud ‣ Data exchange from Private Cloud to Public

    Cloud ‣ Almost exclusively Internet based ‣ You don’t need bandwidth guarantees of dedicated WAN ‣ Always buy more Internet bandwidth and all services are improved
  26. Cloud VPN ‣ Replace dedicated WANs ‣ encryption is from

    device to device ‣ server to desktop ‣ cloud to device ‣ server to server i.e. public to private cloud ‣ Replaces routers, firewalls, VPN concentrators
  27. Takeaways ‣ Protocols are becoming secure ‣ prevents interception and

    inspection ‣ reduces outcomes for WAN optimisation ‣ bandwidth is cheaper ‣ Internet as WAN prevents effective deployment
  28. Takeaways ‣ Technologies based on protocol interception and analysis face

    an uncertain future ‣ further undermined by cloud initiatives where compute intensive applications are problematic
  29. Please Rate Me ‣ If its good they might invite

    me back ‣ I’ll know the effort is worthwhile. ‣ If it’s not good, then I will be prevented from inflicting this on anyone else.
  30. Question Time ‣ Host of Packet Pushers Podcast ‣ Freelance

    Network Architect/Engineer ‣ Blog - EtherealMind.com ‣ NetworkComputing.com  (http:/ /networkcomputing.com/blogs/author/Greg-Ferro) ‣ Slides: speakerdeck.com/etherealmind