Story image

How technology is edging closer to the self-driving WAN

06 Apr 2018

Article written by Silver Peak sales director Graham Schultz

Applying artificial intelligence and machine learning to the WAN might seem futuristic, but it’s already happening with technology in which physical or virtual appliances deliver predictable application performance over any combination of transport services, including low-cost consumer broadband.

Application-driven security policies enable direct internet breakout for trusted SaaS and web applications. Fully compatible with existing WAN infrastructure, the new tech provides a graceful migration to an SD-WAN and ultimately to the thin branch, simplifying the WAN architecture.

Such a high-performance SD-WAN solution can improve business productivity and customer responsiveness while significantly lowering WAN OPEX and CAPEX.

Traditional application classification engines utilise a combination of techniques, ranging from a simple lookup of TCP and/or UDP port numbers, to more sophisticated deep packet inspection (DPI) to glean information about a flow from its packet contents. DPI is useful when applications use ports unpredictably, or when you want to distinguish applications that are on the same port, same HTTP or HTTPS.

For example, DPI might be used to extract the URL from an HTTP get request, or the server domain information from an HTTPS SSL establishment. However, both techniques require several packet exchanges between the client and server before the identifying information is transferred. This is acceptable for flow reporting or for traditional actions like QOS marking or even blocking a connection as the connection can be reset at the point the application is identified. However, SD-WAN brings a new foundational requirement to the table: granular internet breakout.

Driving a change

The rise of cloud applications and ever increasing internet traffic has driven IT to evaluate augmenting or replacing MPLS with internet access. One approach is to break-out all internet destined traffic locally at the branch.

However, in most cases, enterprises require finer grained control, understanding that not all Internet traffic is equal. A typical branch will have flows destined to SaaS applications that the business relies on, flows to popular internet sites (employees doing home-from-work instead of work-from-home), as well as other flows to unknown or potentially nefarious destinations.

Ideally, IT would like the ability to apply unique policies to each class of internet traffic. For SaaS applications, the policy could be to use the highest quality, most consistent path, which could be local breakout, or transport via MPLS and a carrier provisioned direct connection to the SaaS provider. For the home-from-work traffic, the best policy might be to break it out locally but direct it via a cloud-based firewall service like Zscaler. For unknown or potentially suspicious traffic that doesn’t fit in either category above, the policy might be to backhaul it to a full security stack in the data centre.

Granular internet break-out policies sound like a great idea. In fact, we might assume that all SD-WAN vendors already do this. In reality, it’s quite difficult to accomplish and for good reason. First, when IT masks a traffic steering decision, either to break traffic out locally from the branch, or to send it zScaler or the data centre firewall, he/she needs to make the decision on the very first packet of the flow.

Once the first packet is sent along a path,  the user is committed to that path because with NAT each path has a unique apparent source IP address. There can be no change of mind mid-stream. Traditional DPI techniques won’t cut it because the first packet of a typical connection is a TCP SYN that has no payload available for deep inspection.

To address this challenge and enable granular internet break-out, certain vendors have developed a feature that utilises a multi-layered learning architecture.

This architecture encompasses learning locally in the individual edge devices (by snooping on DNS and learning from DPI results), learning at the enterprise level in the orchestrator (redistributing information learned by individual appliances – a bit like fleet learning for self-driving cars), and learning in aggregate with a cloud intelligence service – the best keep track of the first packet signatures of 10,000s of web services.

At each level, the new technology employs sophisticated machine learning techniques.

The Self-Driving WAN

Industry leaders are embarking on the journey to a self-driving WAN, but no-one is going to be complacent. There is a lot more innovation to be delivered in the drive towards an ultimate destination. Stay tuned.

Universal Robots aims for A/NZ growth with new hire
Peter Hern takes on the role of leading customer support, sales and partner development for Universal Robots in Australia and New Zealand.
Microsoft urges organisations to tackle data blindspots
Despite significant focus placed on CX transformation, over a third of Australian organisations claimed that more than one in five of their projects failed.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Renesas develops 28nm MCU with virtualisation-assisted functions
The MCU features four 600 megahertz CPUs with a lock-step mechanism and a large 16 MB flash memory capacity.
DOCOMO ranked world's top mobile operator in 5G SEP applications
NTT DOCOMO has been ranked the world's leading mobile operator in terms of applications for candidate standard-essential patents.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.
Gartner’s top 10 data and analytics trends for 2019
Data is the fuel for the modern world, and analytics the engine. Gartner has compiled the top 10 trends to watch this year.