Oct 25, 2016
The Dyn DDoS Attack, Explained
What happened during Friday’s massive internet outage on the East Coast?
What happened during Friday’s massive internet outage on the East Coast?
Hybrid WANs that employ a combination of technologies—such as MPLS and internet connectivity—have become increasingly popular as enterprise customers and service providers embrace the software-defined WAN (SD-WAN).
But how do you know if a hybrid WAN is right for your network?
Here's what end users, service providers, and manufacturers shared about their experiences and lessons learned at the WAN Summit. These insights touch on:
While the desire to reduce network spend is often the topic that opens the door to migrating to a hybrid WAN, it's not always the driver for adopting the solution.
Potential cost savings will “get the discussion going . . . it opens doors,” observed Carl Flaherty of De Lage Landen (DLL), a global financial services organization that has adopted a hybrid WAN approach.
DLL took its first step toward a hybrid WAN to solve an isolated problem. The company was opening a branch office in the relatively remote community of Moberly, Missouri. As Flaherty recalled, management told him, “It needs to be up yesterday.”
After Flaherty and his team deployed a site-to-site VPN to address the need for quick, secure connectivity, management asked, “Why aren’t we doing that everywhere?”
For DLL and other enterprises, hybrid WAN deployments that move even a portion of an organization’s traffic from a dedicated MPLS connection to an internet connection raise security issues that must be addressed.
As Steve Woo of SD-WAN technology provider Velocloud explained, when enterprises allow direct internet access from every branch site, organizations end up with a “big attack surface" that can also prove costly.
According to Woo, the way to address this is with what he called “security in the middle—not at the branch, but not all the way back to the data center.”
Rather than traditional centralized security where traffic is backhauled to a single data center, he cited the use of regional data or security centers. This has been difficult to orchestrate in the past due to managing the service chaining of internet traffic to multiple sites.
However, SD-WAN makes this process less complex, focusing on policy based routing rather than a device by device solution, thus a more viable option for organizing "security in the middle."
If you're considering SD-WAN and want to know the market for security features, get our 2025 SD-WAN Guide. It outlines the evolving vendor landscape so that you can understand the full scope of SD-WAN services offered by vendors, relevant security features, and emerging partnerships between companies developing these technologies.
Security concerns can also be organizational, rather than just technological, noted Flaherty.
“Sometimes you have to manage relationships outside the technology box,” he commented. For example, he advised IT personnel to “forge internal relationships with governance” and meet with those stakeholders regularly to discuss technologies under consideration.
Traditionally, Flaherty would get “four words into” a conversation about the internet and his governance contacts’ eyes “would glaze over” because they wouldn't consider moving corporate traffic to the Internet. Flaherty focused on education to assuage their fears, explaining how much corporate traffic already went over the internet without creating any major concerns.
Scott Cressman of cloud-based security provider ThousandEyes offered another take on the topic of hybrid WAN security: “It’s a mistake to think of security only in a network context,” he said. “It has to a holistic approach” that is also “application and data-centric.”
He noted, for example, that some end-user organizations are taking an approach that assumes a machine will be on an unprotected network, relying instead on security delivered from the cloud.
Organizations will not be comfortable moving to a hybrid WAN approach unless they receive assurances that performance will be as good as what they were getting previously from an MPLS-centric network. Performance needed to not only be assessed at the network level, but also at the application level.
“Everybody has a network performance management platform” but “don’t forget about the application,” advised Flaherty. He noted that it’s common for end users within an organization to point to performance reports of the Oracle software on which they rely, which differ substantially from IT reports about the performance of the network on which the Oracle software actually runs.
Any organization adopting a hybrid WAN should “make sure application performance is baselined” before undertaking the migration, Flaherty advised.
While it is important for IT personnel to be prepared to ensure the same level of performance when moving to a hybrid WAN, they may encounter some pleasant surprises in terms of performance improvement.
Alastair Johnson of SD-WAN technology developer Nuage Networks noted that organizations may find latency improves with a hybrid WAN approach because traffic could have shorter distances to travel.
He pointed to the example of a company that achieved 25-millisecond latency between the U.S. and Australia over an Internet link – a big improvement over previous architecture, which routed traffic over multi-hop dedicated connections.
In Part II of TeleGeography's Mythbusters presentation at SubOptic 2016, Alan Mauldin busted five myths that ranged from whether capacity demand is doubling every two years to a quote from the movie Gravity that the destruction of a single satelite would lead to half of North America "losing their Facebook." In the concluding part of this series, Tim Stronge returns to the stage to take on myths about energy costs pushing decisions about content providers' data center locations, multiple parties building on the same route and "adult" content driving most Internet traffic.
In the first part of TeleGeography’s Mythbusters presentation at SubOptic 2016, Tim Stronge busted myths about NSA surveillance, decreases in connectivity to the United States, and shark attacks on the internet.
In Part II, Alan Mauldin investigates whether submarine cable capacity is doubling every two years, if content providers really need fiber pairs everywhere, if the global network is more resilient than ever before, whether Netflix has huge subsea capacity requirements and the possibility that the destruction of a single satelite would cause half of North America to "lose their Facebook."
TeleGeography’s Tim Stronge and Alan Mauldin returned to the triennial SubOptic conference this year to deliver a follow-up to their popular and humorous submarine cable mythbusting master class from the 2013 event. In just over an hour, Tim and Alan “exploded” eleven of the most prevalent myths about the submarine cable industry. To cover the scope of the master class, we’ll be recapping the entire presentation over the course of a three-part blog series.
Copyright © 2025 TeleGeography.
