Many businesses are in a cycle where it’s time to replace the majority of their routers. Typically, these routers are the ISR G2 (2900 and 3900 series). These products have been solid, battle-tested and reliable, but are soon end of life – the absolute last date of support is December 2022. If you haven’t already, it’s time to start thinking about the future of your WAN router lifecycle strategy.
First, consider what services your router is running. It’s likely that since your router was first installed (possibly 10 years ago!), the requirements for that device have changed. Common branch router or aggregation router services are:
- Static Routing
- Dynamic Routing
- Site-to-Site VPN
- Dynamic Multipoint VPN (DMVPN)
- Network Address Translation (NAT)
- Voice/Unified Communications
- Security/Firewall
- SD-WAN
Does your router need to run the same services it did when it was initially deployed? What additional services are needed? Which can be removed? A common theme we’re seeing is the removal of voice services from the branch router. Also, it’s likely you no longer need a T1 card in your branch router, but you may need LTE or 5G.
Changes in WAN Architecture
There have been many changes in WAN options and architectures, particularly in recently years. Here is a brief overview of what we’re seeing.
SD-WAN
SD-WAN is the most obvious one. It’s likely that SD-WAN will a part of your WAN strategy, but what it is and where it fits depends on a number of factors. Understanding the business needs for connectivity and services will help determine which SD-WAN products to look for.
We already covered the basics of building a strategy around SD-WAN in depth in a previous post. Feel free to dig into it here.
The likes of Cisco, Cisco Meraki, Fortinet, HPE Aruba and Palo Alto Networks have platforms designed for this outcome. Their strategies likely vary slightly. We can help identity fit and build a plan to execution if it helps clear up the space for you.
Network Function Virtualization (NFV)
When virtual routers and firewalls first came out, performance was severely lacking. Thanks to technologies like DPDK and SR-IOV, performance for virtualized routers, firewalls, and other network devices has significantly increased. If you have other services running on x86 hardware at all your sites, consider virtualizing your entire stack. This allows you to separate your hardware and software life cycle and gives you lots of flexibility.
Security
Security is top of mind for everyone. The WAN is an important security choke point and a possible entry point for attackers. As business try to move quickly and embrace IoT, automation, smart buildings, digital transformation, and other buzzwords, more and more devices come online. This can place stress on WAN links and internet head-ends. This also creates a challenge of providing secure access to different constituents at the branch. Also, Secure Access Service Edge, or “SASE,” is gaining momentum for branch connectivity. For your branch WAN, this often means placing a cheaper, less-capable device in the branch and tunneling traffic to a regional hub for firewall-as-a-service and other network security services.
Understanding where security fits into your branch WAN is crucial for a successful deployment and a secure enterprise.
Cloud
As more and more services are delivered from the cloud, the demand for bandwidth only increases. This can impact your branch, WAN, and your data center depending on your network topology. Depending on the business’s cloud adoption, it may drastically improve user experience to have local internet breakout.
Selecting a Course of Action
With changes in business requirements, connectivity options, and WAN architecture options, where do you start? Here are four WAN router lifecycle strategies we’ve seen customers adopt. One of these may be a good fit for you, or maybe it’s a hybrid of multiple.
Business as Usual
Stay the course and upgrade hardware, keeping your architecture and connectivity in place. If this is the right option for your business, we recommend you invest in hardware and tooling that enables next-generation features.
For example, build your WAN on hardware that can later be leveraged for SD-WAN. This may make sense if you need to upgrade your hardware due to equipment end-of-life but aren’t ready for an architecture change. This also may make sense if you need legacy connectivity options, such as a serial WAN interface. Purchasing the right upgrade can prepare your network for SD-WAN without having to embrace it right away.
SD-WAN
Embrace SD-WAN. This is a great option if your business heavily invested in cloud or needs the feature set (dynamic traffic steering, active/active links) of SD-WAN products. This technology is mature and ready for production.
Network Function Virtualization
This is not exclusive of the other options, but an interesting one to consider.
Secure Access Service Edge (SASE)
Centralizing your WAN at cloud endpoints or regional hubs to provide security services can be a cost-effective way to provide next-generation security services to the branch without hauling all traffic across the country back to a single (or double) data center. The SASE framework also includes plenty of other technologies and can incorporate all of the above options.
As you navigate all the options for your WAN Router Lifecycle Strategy, it’s often difficult to align the best strategy to your current state. We recognize that people need good help, and we pride ourselves on identifying and aligning these outcomes to your business.
Hit us up in the chat! Give us a call. We are here to help you on your WAN architecture and deployment journey.