Secure Branch Routing: Business Not As Usual

Enterprises differ in the business role of remote sites. Some are customer-centric, while others are employee-centric; some are highly dependent on the head office; while others are more autonomous. In either case, your branch/remote office networking solution may have been established in preparation for Y2K and it may be time for a refresh. At the same time, new levels of security are required, traffic has increased and VoIP has become a reality. What should you do?

The Implications of IP Telephony on the WAN
IP telephony is not just another application on IP. IP telephony cannot tolerate packet loss, since there is no time to retransmit. End-to-end Quality of Service is required to ensure delays are kept below 150msec delay so that the interactive nature of human communications is not impacted. WAN bandwidth needs to be engineered appropriately with as much as 80Kbps required per voice call and typically 100200Kbps for desktop video. Service management capabilities are needed to provide proactive voice quality management solving quality problems before the user reports them. Security mechanisms need to be made aware of multimedia protocols and not introduce performance impairments that will affect the user quality of experience.

Unfortunately, branch routers that have evolved from a multi-protocol best effort data networking world may not be able to deliver the functionality, security, and performance required, or may significantly degrade in capacity when faced with voice traffic. But we are getting ahead of ourselves.

Branch and Remote Office Converged Branch Options
In looking to renew your branch and remote office environment, you need to consider whether your operation is more aligned with loosely versus tightly coupled operation with respect to the head office and the corporate data center. Tightly coupled branches rely on most intelligence being in the data center, including Internet firewalls and VPN (define - news -alerts) gateways for remote employee access, contact center servers, and even centralized IP Telephony servers. Because of increased centralization, WAN reliability is particularly critical, driving the need for multi-link technologies over the last mile and route diversity.

Loosely coupled remote offices interoperate with the head office but are generally more independent, including on-site provisioning of contact centers, unified messaging, and Internet firewalls.

Technology Considerations
General purpose Swiss army knife branch routers may not be well suited to meet reliability and performance needs of voice and multimedia. The fact that the packetization processes for voice, aimed at minimizing latency, create very short IP packets is a significant challenge for these routers, particularly when various security mechanisms, such as firewalls, VPNs, and Access Control Lists are activated. In fact, in most router architectures, turning on security functions and handling short voice packets results in a drop of up to 80 percent in packet handling capacity. Independent Tolly Group testing has demonstrated that secure router products, which incorporate routing, VPN and firewall functionality, can excel at the low-latency, small packet throughput demanded by real-time voice and multimedia applications. In fact, they showed these as capable of delivering two to seven times the throughput of equivalent routers from the leading router vendor, even when running integrated VPN acceleration, secure dynamic routing and stateful packet inspection.

If you are interested in purchasing reprints of this article (in either print or PDF format), please visit Reprint Management Services online at www.reprintbuyer.com or contact a representative via e-mail at [email protected] or by phone at 800-290-5460.