Rethinking the WAN
If the current WAN technology and approach were to be redefined, it would have to include some fundamental changes to how WANs are constructed and managed today. These changes would involve the following key areas:
Secure elastic connectivity
Application quality of experience
From a security perspective, end-to-end segmentation and policy are critical. The control, data, and management planes must be separated across the entire environment. The environment should be able to support native encryption that is robust and scalable, offer lightweight key management, and leverage a zero-trust model, meaning every aspect of the onboarding process must be authenticated and verified.
Rethinking the WAN from a connectivity perspective, these elements would be built on top of security functionality by integrating routing, security, and policy for optimal use of connectivity. The solution must allow for multiple types of transport connectivity options simultaneously and ultimately create a transport-independent operation model. Scale, both horizontally and vertically, is necessary at any layer. Additionally, advanced VPN capabilities and topologies to address any business intent or requirements are critical.
In terms of application support, the solution should support full application awareness across all elements in the system and offer built-in optimization techniques for the networks and applications. The network has evolved to be application aware, and it must be capable of choosing the most optimal path to connect to on-premises or cloud-based applications. The application experience must be optimal in terms of both access and security.
When it comes to the operation of this new application- and services-oriented WAN, network operations staff must be able to define network-wide policies that leverage templates, rather than just a device- or node-level policy. The controller must have the ability to coordinate the paths between the WAN Edge routers, based on centralized policy orchestration. As organizations’ network requirements change and evolve over time, the policy should be able to be changed in one single place. This not only reduces the amount of time spent on configuration, but it also lowers the risk associated with misconfiguration errors as well. Programmable, open application programming interfaces (APIs) should be available to provide northbound access for automation and orchestration capabilities. Support of southbound APIs for integration with other solutions should also be included.