Imagine a wide-area network, a branch network with hundreds of locations all equipped identically. It could be your favorite bakery up the street, the filling station on the way to work, or the chain store you visit in the evenings. All of these branches and company locations depend on the smooth flow of data at all of the sites.
With the ongoing transformation to digital business processes, the move to a modern, software-defined wide-area network (SD-WAN) brings enormous efficiency gains. Companies benefit from the easy and dynamic connection of their network to wide-area networks. SD-WAN uses Internet-based wide-area networks to provide digital services and multi-service networks.
But what makes these SD-WAN networks scalable?
The more locations you add, the number of applications increases accordingly. Chain-store operators are benefiting from electronic shelf labeling systems, WLAN hotspots for customers, and software-as-a-service applications. However many digital applications are used in the wide-area network, they all have to be securely and strictly separated from one another. Of course, they also must be available at several company locations or branches. Instead of dedicating a separate infrastructure and different Internet connections to each application, there is a more efficient way: Network virtualization or virtual private network technology. This is where LANCOM goes its own, innovative way, which we will explain in brief.
The heart is a technology known as LANCOM High Scalability VPN (HSVPN). Whereas previously a separate VPN tunnel was required for each application, HSVPN enables the simultaneous transport of any number of virtual networks through a single tunnel. The great advantage of this is that you need significantly fewer VPN tunnels and failover recovery times are greatly reduced.
Network virtualization with LANCOM
But one step at a time: In the interests of the secure exchange of data in a network, the encryption technology IPsec VPN is required for networking corporate offices, branches, home offices and mobile workers. This involves the establishment of an encrypted data tunnel through the public Internet. It creates a secure private network accessible only to authorized users. In most cases, a number of logically separate networks (VLANs) need to be provided for different company applications at the different tunnel endpoints. For large multi-service IP networks this unfortunately leads to structures that are complex and even unmanageable. Known methods of multi-site network virtualization are multi-PPTP-over-IPsec (tunnel-in-tunnel) and IPsec per network (multi-VPN).
Gain more efficiency
However, efficient network virtualization by means of IPsec VPN needs to keep the number of tunnels—IPsec or PPTP—to a minimum and to keep the size of the maximum transmission unit (MTU) as large as possible. The LANCOM High Scalability VPN solution delivers further optimization by reducing the number of IPsec tunnels. The aim is to make the transmission path within the IPsec tunnel and router more efficient than with multi-PPTP-over-IPsec. To do this, a “trailer” is attached to the individual ESP packets, which contains a routing tag in encrypted form. This is very similar to how the VLAN tag (IEEE 802.1Q) acts in the ethernet frame. Marked in this way, logically separated IP data packets can be transmitted in parallel, even without further nested tunnels: The receiving VPN gateway uses the trailer to assign the incoming IP data packet to its ARF context and forwards it to the corresponding destination address. With regard to the encryption, LANCOM HSVPN is a modern IPsec that is based on standards-compliant IKEv2 and thus offers the same security.
Furthermore, it does not depend on central management instances and works as an independent, decentralized system. A further benefit: As with the previous methods, there is no loss in encryption performance.
A modern IPsec
The advantages are particularly clear with large networks: load is reduced as only one tunnel is required per branch or location. Far fewer tunnels need to be established and managed overall (rekeying). At the same time, less load is required for packet transport as the packets do not have to negotiate several tunnels and do not have to be packed and unpacked multiple times. The LANCOM method and the technology are based on the proven IPsec standard and thus matches the security of that protocol. Furthermore, network separation by means of trailers is just as efficient and secure as separation through an inner tunnel, and yet it incurs significantly less overhead.
For an enterprise looking to expand its WAN, the recommended approach is to use the smallest possible number of data tunnels. Without sacrificing the strict separation of the routing contexts and the security of modern IPsec. LANCOM High Scalability VPN is the ideal solution for the demands of efficient networks. Learn more about the widest range of products and solutions on the market for an SD-WAN on our website. Including connections such as fiber-optic, xDSL, gigabit ethernet, Super Vectoring, 4G, LTE-Advanced, and 5G.