How can you get the most of your network?

It’s a simple fact: optimizing your network is necessary for your business to keep pace in today’s evolving world. But where do you turn when you need professional support for your network? AT&T Business offers designed solutions and support with your business requirements at the heart of every detail. Let’s take a look at the technical facts around why customers need private networks.

Private Ethernet-based layer II and layer III network services continue to provide compelling value for customers with high capacity, high performance, high security, multicast/anycast, enhanced transport for Voice over Internet Protocol (VoIP) and legacy applications, concurrent internet access, concurrent cloud access, and as an alternative for countries with encryption restrictions. Private networks are increasingly moving to internet price parity. Customers need private networks for a variety of reasons. They are:

1.  To compliment SD-WAN

Much of the software-defined wide area network (SD-WAN) value proposition is to help mitigate the issues of relying upon lossy and variable performing internet for enterprise-critical applications. Mature SD-WAN solutions rely upon greater application performance monitoring to quickly steer packets away from a degraded path or sending duplicate packets to overcome dropped internet packets. While SD-WAN can help overcome some underlying network issues, private networks perform better with more consistent delay, jitter, and loss metrics. The single most vexing issues internet users face are brownouts. Brownouts occur in the “no-man’s land” where loss and delay are not so catastrophic as to trigger the reconvergence of the routing protocol, but where loss and delay severely degrades the user application experience. A private network allows an SD-WAN implementation to redirect traffic to a consistent underlay when these internet brownouts occur and to leverage the best performing path at all times for important traffic.

2.  To compliment SASE/SSE (or to skip SD-WAN altogether)

SD-WAN was designed to enhance site-to-site connectivity and has an implied trust for all the different site LANs. In SD-WAN’s relatively short life, the networking industry and customers have already redefined SD-WAN from an end-state network architecture comprising an overlay and underlays, to just one component of a larger and more useful Secure Access Service Edge (SASE) and Secure Service Edge (SSE) architecture. Gartner, the framework creator, identifies SASE’s five components as [1] SD-WAN, [2] secure web gateway, [3] zero trust network access (ZTNA), [4] firewall as a service, and [5] cloud access security broker. The shift to a holistic SASE architecture is based on ever-growing security risks and the accelerated move to teleworking from home, multi-tenant workspaces and working while travelling.

While customers hope vendors can seamlessly integrate these five SASE elements and can operate it all via a single pane of glass, the reality is that each vendor has strengths and weaknesses across this spectrum. Vendors can be categorized into two generalized camps: [1] SD-WAN vendors adding security features or leveraging partners (e.g. VMware/VeloCloud), or [2] firewall vendors incorporating SD-WAN (e.g. Palo Alto acquiring CloudGenix). SASE vendor selection is highly dependent upon your ranked business requirements and each vendor’s ability to fulfill the requirements most important to you.

For example, one SASE vendor may excel in user ZTNA, sometimes known as perimeterless security, but fall behind peers with SD-WAN performance, or vice versa. Classic SD-WAN, with its focus on site-based networking and implied trust contradicts the philosophy of ZTNA. Further complicating the issue is the need to integrate site and hub resources with remote worker VPN access. In the SASE selection process, you may discover that one or more of the other SASE functions are now growing in importance relative to SD-WAN. Many customers want the best of both worlds and opt to integrate one vendor’s SD-WAN with another vendor’s complementary security solution set to gain the required end-to-end capabilities. This best-of-breed approach has a lot of value, but one loses the single pane of glass holy grail while significantly increasing recurring licensing costs. While private networking still adds compelling value with best-of-breed architectures, an alternative solution is to leverage SASE for security along with private networking to overcome limited SD-WAN capabilities. Furthermore, Security + SD-WAN + Internet costs may exceed SASE + Private Network + Internet costs, with a collateral negative outcome of suboptimal site-to-site network performance.

3.  High capacity

SD-WAN includes application steering and performance management at the cost of increased inspection and central processing unit (CPU) consumption. To compensate, SD-WAN vendors build large clusters at hubs to accommodate many remote sites or high-capacity remote sites. Mature classical routers coupled with private networking often excel with high-capacity requirements by eliminating this bottleneck altogether. Some examples are school districts, state governments and university research institutions that procure 1Gbps to 100Gbps metro Ethernet services.

Private networks also excel for inter-datacenter, carrier neutral facility (CNF), and internet data center (IDC) connectivity where an extremely high bandwidth WAN fabric not exposed to internet performance or threat vectors is required. 100G MPLS bearer service, ethernet private line service (EPLS), dedicated local ethernet service, and even switched ethernet services can all be excellent choices. In fact, high-capacity private network services can cost much less than internet service in similar capacities. 400G services are also available.

4.  Diversity

Many locations don’t really have diversity; the network planner may purchase multiple internet services or a combination of internet and private networking, but for many locations, the last mile comprises only one conduit where all services reside. In these cases, a common approach is to purchase one private network service with integrated internet access. AT&T Business, for example, offers an internet path that concurrently works with private site-to-site networking over either U.S. ethernet service or global MPLS bearer service.

Many customers have found that integrated internet access over a private network service costs about the same as dedicated internet service. Customers can get the best of both worlds at a compelling price point. Network planners can also opt for cellular long term evolution (LTE) backup for true last mile diversity by leveraging an integrated provider that can cost effectively bundle wireless backup with private networking service. Multiple choices exist for locations without physical wired diversity that included private networking, integrated internet, and LTE backup, either with or without SD-WAN.

5.  Extranets

Many organizations require a very robust ecosystem for partnering with 3rd parties. Private networking offers an inherent level of security by eliminating all internet-based threat vectors. A common architecture is to use internet protocol security (IPsec) between partners, but over a private network rather than the internet for even better security. This completely avoids denial-of-service (DoS) or distributed DoS (DDoS) attacks, and completely avoids exposing possible hardware/software vulnerabilities to the internet. Some countries impose encryption restrictions, such as China, where extranets effectively require private networking to function.

6.  Voice over Internet Protocol, or VoIP

SD-WAN are typically engineered in a hub-and-spoke fashion. When vital contact center VoIP or enterprise voice traffic traverse MPLS service, a superior quality of service is enjoyed. Media bypass can also be leveraged, where the network path is shortened for the originating and called party. This result in higher perceived call quality.

7.  Anycast/multicast applications

Both private layer II and layer III network services provide multicast capability where the network service copies one sent packet to all receiving locations. SD-WAN must emulate this function by sending the same packets to each location separately. Digital signage is an example that really highlights the efficiency of multicast vs. unicast.

8.  Vital legacy applications

Vital legacy applications Legacy applications that are encapsulated into IP packets, such as IBM’s Systems Network Architecture (SNA), often perform much better with private networks. More importantly, however, is a general need to completely isolate many networks from internet attack. Supervisory Control and Data Acquisition (SCADA) networks used to run vital pipeline networks, for example, should never be exposed to the internet for obvious reasons. In addition to SCADA, electric utilities use transfer trip remote circuit breaking to avoid transformer meltdowns that simply cannot tolerate any DDoS attacks due to extremely low latency requirements. Many organizations run parallel air gapped networks distinct from the internet to keep vital infrastructure safe from bad actors.

9. Cloud access

Some private networks, such as AT&T VPN MPLS bearer service, include integrated cloud service provider (CSP) network access. The additional benefit beyond performance and security is the ability to provide a consistent interface with many CSPs simultaneously. AT&T NetBond, for example, provides a uniform way to connect with over twenty of the largest and most desirable CSPs over a single private network.

AT&T Business is  here to help!

Private networking continues to offer long-term advantages of unrivaled performance and isolation, complements SD-WAN/SASE/SSE, integrates internet, provides secure extranet and
cloud connectivity, all while becoming more cost effective than ever.

Read the key dimensions of a Next Generation Network in our infographic.