Re: Internet at every location or Just in the DCs as Cloud is getting

raracmonito · ‎12-23-2023

Folks I am here again for your valuble suggestions.

We have Branches and Big sites. As more and more applications hosting in the cloud and all the data heavy Applications like Webex and Teams needs internet. How do you accomplish Maximum uptime and less letency?

Should you backhaul all of your Internet Traffic to the DC as the LAN traffic?

Or should you put a firewall at each location and let the branch have internet that way.

Thank You in advance!

VidMate

Torbjørn · ‎12-23-2023

The answer to this is very dependent on your specific usecase/organisation.

To achieve the highest uptime and lowest latency for SaaS applications you would have redundant circuits(private and internet, depending on requirements) on all sites with redundant firewalls(if your security policy requires it) and use Direct Internet Access for all traffic or Cloud Onramp for SaaS to route SaaS specific traffic directly to the internet. This will give you the best results in terms of uptime and latency, but the cost of this is quite high and is therefore likely not the best design for all of your sites.

Backhauling the traffic to DCs to perform all firewall functions/traffic inspection will increase the latency for the traffic. This design will also require that you scale your central routing/firewall infrastructure to handle the traffic from the branches. If backhauling traffic is required by your org you should consider using application aware routing(routes specific applications over transports that meet SLA requirements that you define) or Cloud OnRamp utilizing gateways(routes the SaaS applications over paths with the best measured performance through central "gateway" devices).

The best design for your usecase will likely be to use a mix of these technologies. For your largest branches it might be best to use local Internet access using redundant circuits and redundant hardware, while medium branches might have a single internet connection Internet/SaaS traffic with the option to fail over to using a private circuit to the DC, for small branches you might have a single MPLS circuit and backhaul all traffic to reduce cost.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

M02@rt37 · ‎12-23-2023

Hello @raracmonito

Implement local internet breakout at each branch by deploying firewalls or security appliances locally. This allows branch users to access the internet directly, reducing latency for internet-bound traffic.

Utilize SD-WAN solutions to intelligently route traffic based on application requirements, ensuring optimal performance.

Also, ensure redundancy with diverse internet connections and multiple WAN links to mitigate the impact of link failures.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Kanan Huseynli · ‎12-26-2023

Hi,

@raracmonito wrote:

As more and more applications hosting in the cloud and all the data heavy Applications like Webex and Teams needs internet. How do you accomplish Maximum uptime and less letency?

based on above I understand that latency and availability is the key. If cost does not matter you should have DIA everywhere at branches and backhaul branch internet traffic to DC over private networks (like MPLS) for the cases when internet does not provide normal SLA. You can accomplish this with Cloud OnrRamp for SaaS for well-known applications.

If private network is not an option and only DIA or S2S to DC and going to internet via DC are the only options, then you definitely need DIA. Because S2S (SD-WAN overlay) over internet based TLOCs will add latency in any case.

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

Internet at every location or Just in the DCs as Cloud is getting bigg