Migrating from T1 to fiber WAN

Migrating from multisite MPLS to 100Mbps Ethernet can save you a bundle; here's how

1 2 Page 2
Page 2 of 2

The costs of exploratory digging, permits, and other nonsense that would be required to find the other conduits was far too high, so the plans for adding the small office to the fiber network were scrapped. Instead, a business-class asynchronous cable circuit was ordered, and fingers were crossed. Fiber is a dedicated medium, whereas cable is shared. Fiber is also physically more robust than cable, and it generally elicits faster response times when trouble occurs. But cable would have to do.

Once the 100Mbps fiber circuits were built out at the two larger locations, Cisco ASA5510s were procured, configured, and tested. Each site would have an AES-256 VPN tunnel to the other sites, with VoIP and video traffic prioritized to ensure that phone calls and videoconferences would trump all other traffic. Further QoS was implemented to ensure that internal WAN traffic would supersede Internet traffic.

The new WAN: Upsides, downsides

The initial testing showed the best possible scenario: The latency between the two main sites was right around 10ms, roughly a third of the latency on the dedicated MPLS network -- not bad for a 200-mile round trip. The smaller site had somewhat higher latency due to the fact that it was served via another carrier, but was still around 35ms.

The new network was stress-tested and cut over during a weekend maintenance window. The speed bump from 4.5Mbps to 100Mbps for internal traffic was lost on the users, but immediately noticeable to IT, which quickly put the abundance of bandwidth into use for SAN replication and backup consolidation. The voice and video traffic not only ran smoothly, but in fact the videoconferencing resolution could be upped to 1080p without a hiccup. And the monthly WAN costs dropped by one-third, saving nearly $40,000 per year -- talk about a win for IT.

However, the new network involved trade-offs. For starters, Internet access was no longer centralized, as each site now had full Internet access via the same pipe carrying the WAN VPN traffic. This led to the demise of Websense and other Internet content control measures. With Websense gone, OpenDNS was pulled into action to mitigate nonbusiness Internet usage at each site. Although OpenDNS is not as deeply configurable as Websense, the cost reduction for the functionality offered made it worthwhile.

The other significant loss was redundancy. Whereas the previous MPLS network consisted of multiple bundled T1 circuits with disparate physical egress paths out of each building, the new network was built on a single fiber link. Previously, if one or two T1s in the bundle dropped due to upstream data problems, one or more T1s would likely remain operational, allowing the network to continue functioning, even if significantly degraded.

With only the single fiber connection at each site, upstream problems mean the loss of all data services: Internet, internal phone, and WAN. Apart from a backup circuit that would cost as much as the primary, there's no suitable way around this problem other than to procure some different form of service delivery -- such as cable -- and go through the headaches of configuring backup VPN tunnels through different providers.

Over the many months since the new network was built and implemented, there have been a number of service disruptions caused by upstream provider problems (read: Verizon screwing things up) and more than a few scheduled maintenance windows that drop the circuits for a time, usually late at night. Otherwise, the stability and speed of the network have been exemplary. The business has no concerns over passing internal traffic via Internet circuits, since the traffic is not only encrypted with AES-256 but never leaves the carrier's internal network. Overall, the network may not be as robust as the old T1's, but it's snappier and much faster -- and the money saved is music to everyone's ears.

This story, "Migrating from T1 to fiber WAN," was originally published at InfoWorld.com. Read Paul Venezia's The Deep End blog and follow the latest developments in networking at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.


Copyright © 2011 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2