Nov 27 2007

Dual-WAN Routers

The secret to e-mail that never gets dropped and Web sites that don't grind to a halt.

Photo: Rocky Kneten
Jason Folkman of Crady, Jewett & McCulley counts on a dual-WAN router for failover.

Pablo Brontvain has a secret: Every so often a wide area network link that connects the systems administrator’s employer, HR Real Estate Management, to a bevy of blue-chip clients fails. No one except Brontvain ever notices because of dual-WAN routers.

These devices — as well as Brontvain’s impressive technological ken — keep the San Juan, Puerto Rico-based building management company well connected via e-mail and the Web to Fortune 100 companies that lease space managed by HR Real Estate.

Dual-WAN routers do that and more. They can boost data speed by aggregating two or more broadband lines, such as two cable connections or a T1, a cable and a DSL line. They also balance incoming requests among servers — for example, when hordes of consumers try to access the same online catalog — so that no single connection gets clogged. Additionally, they can manage bandwidth, providing a wider path to digital traffic such as Voice over Internet Protocol or video.

Dual-WAN routers aren’t entirely new, however. Large commercial enterprises, including Internet service providers, have relied on dual-WAN routers for more than five years. What’s changed? More functions and more small-business users.

That explains why market researcher Dell’Oro Group of Redwood City, Calif., predicts that 2007 global sales of such routers, sometimes called access routers, will grow almost 10 percent to $2.1 billion. “That’s because there’s more functionality in each device. VPNs, firewalls and Ethernet switching are being integrated,” says Shin Umeda, vice president of router market research for Dell’Oro. Some, such as those sold by Cisco, also include IP telephony. “That means you get more functionality out of a branch office PBX.”

Most small and medium-size businesses simply want to stay connected to their customers. “Losing e-mail connectivity is not acceptable any more,” says Jason Folkman, IT manager at Houston-based Crady, Jewett & McCulley. “A partner told me back in 1999 that e-mail is no longer a toy. It’s the primary means of communication between us and our clients, so it is very important to keep it running.”

Crady, Jewett & McCulley uses its dual-WAN router to alternate between its DSL backup connection and its T1 line. “We use it for failover,” says Folkman. “We’ve only experienced a failover situation once, but it was worth it. In terms of importance, e-mail uptime is our number one priority, and the second is Internet access for using applications like LexisNexis.”

In addition to the bandwidth management noted above, features and functions that small and medium-size businesses need to consider include:

• Failover and Failback: The dual-WAN router needs to provide redundant connectivity to the Internet, using two separate ISPs. So, if one ISP goes down, the router automatically reroutes, or “fails over,” data traffic to the other ISP service. Some devices also “fail back” the traffic to the first ISP when the connection is restored. Sometimes that failover is to an analog, dial-up line.

• Virtual Private Network Support: Just a few years ago, many WAN routers could accommodate only one VPN at a time. That’s not much use if you have more than one remote worker. Now, even the lowest end WAN routers offer at least two VPN tunnels, while higher end units offer scores or even hundreds of VPN tunnels.

• Load Balancing: Although there are different ways to direct Internet traffic, operators of heavily trafficked Web sites often use devices that “load balance” inbound traffic among multiple servers.

For example, Portland, Ore.-based Global’s XiNcom Twin WAN VPN Gateway offers both inbound and outbound load balancing, while XiNcom’s X-16 focuses its load-balancing efforts on outbound traffic as a way of making a corporate user’s local area network more efficient. The X-16 does this by using five different protocols for deciding what traffic goes in which direction. The WAN router lets users connect as many as eight different broadband lines.

• Layered Security: Increasingly, different data security techniques are being stuffed into a single device. New York-based ZyXel Communications’ ZyWall 70, for example, offers content filtering, antivirus, antispam and intrusion detection services. Importantly, most — but not all — WAN routers support IPsec (Internet Protocol security) protocols. IPsec support is generally considered important for deploying a VPN with more than a few nodes because security can be handled without requiring changes to individual computers, a time-consuming endeavor. Moreover, some secure Web sites fail to work if a user’s IP address switches in the middle of a session, as can happen with older WAN routers. Newer WAN routers automatically lock a VPN to a specific WAN during a VPN session.

• Dynamic Host Configuration Protocol Support: DHCP is a communication protocol that lets network administrators centrally manage and automate the assignment of Internet Protocol addresses in an organization’s network. Without DHCP, the IP address must be entered manually at each computer in an organization, and a new IP address must be entered each time a computer moves to a new location on the network. Not all WAN routers support DHCP.

• Bandwidth Aggregation: In addition to boosting data throughput, bandwidth aggregation has another benefit for some users: revenue generation. “We are starting to offer WAN connectivity to tenants who need bandwidth aggregation and inbound/outbound failover but can’t afford all the infrastructure, expertise or fees,” says HR Real Estate Management’s Brontvain. “We have large companies as tenants, and they usually have their own infrastructure and huge budgets. But we have found the smaller tenants, such as SMBs with no more than 50 employees, really like the idea of having such service available to them, especially when they host their own e-mail and have suffered e-mail blackouts when their ISP failed.” HR Real Estate Management is now considering offering the bandwidth aggregation service to its tenants in New Jersey and New York.

However they are used — for speed, reliability or security — dual-WAN routers are quickly becoming indispensable.

IT Takeaway

What type of dual-WAN router is right for your network? “There are all different types,” says Shin Umeda, vice president of router market research for Dell’Oro Group. “Some routers are great at security, some do WAN optimization well. They can be very modular and scalable or very simple.”

• Speed Limits: Dual-WAN routers can help boost data communication speeds by aggregating bandwidth of two or more broadband lines. However, the greatest efficiencies will be realized when two similar technologies are used — for example, two DSL lines or two cable lines.
• What Your Money Buys: Even though a router might have two or more WAN ports, users are often required to pay a premium for the failover feature. While it might seem counterintuitive, this is particularly true for higher priced units. They require users to purchase “extended” or “enhanced” options.
• Tunnel of Options: Many businesses buy dual-WANs to create virtual private networks. VPNs use encryption software to tunnel a private line on public pathways, such as the Internet. Dual-WANs that support VPNs can handle that function. However, many dual-WAN routers handle outbound VPN traffic well but are not fault-tolerant on inbound traffic. In other words, if someone is sending an e-mail to you in your headquarters and the connection is disrupted, the e-mail might not find its way to your second WAN. In that case, your IT manager might suggest also purchasing a load- balancing Internet appliance.

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT