Distributed Organizations Should Be Cautious When Considering Active-Active Configurations


For large, distributed organizations there are a number of reasons why it would choose to deploy an SD-WAN.  Cost savings is certainly a factor as is greater network agility. However, one of the perceived “key features” of SD-WAN, active-active configurations, may not always be the right thing for companies in this class. 

For years the only way to build a network with multiple paths was to put the two links in an “active-backup” configuration where only one link was active and the backup would only become active when the primary connection failed.  Many SD-WAN solutions leverage an always-on VPN overlay across both circuits simultaneously, and use something called intelligent path control (IPC) to route different types of traffic down the various links.  For example, unified communications traffic, which has become one of the biggest drivers for SD-WAN adoption, could be routed down the more reliable path, like MPLS, while best effort traffic is sent over the backup link.  Because both links are actively sending traffic at the same time, this configuration is referred to as active-active.  This makes sense on paper but there are many scenarios where it is not the best solution.  These scenarios include locations where two wired broadband circuits are not possible, where there is a desire for greater path diversity, and where overall cost and availability are a greater concern than total network performance.

Because IPC technologies allow the routing of particular network traffic to specified links, they also make it much more effective to use metered backup links, such as cellular, to increase uptime by using them only when they’re needed.  By using an always on VPN overlay and enabling applications to maintain state and seamlessly switch paths within a few seconds of a WAN issue being detected, network and application availability is greatly increased, while the impact to the user experience is minimized.  This overcomes one of the significant shortcomings of the legacy “active-backup” approach, which often created a minute or more of downtime during link failovers, causing applications to reset because they couldn’t survive the transition and forcing users to redo tasks.

Whichever configuration of SD-WAN is chosen, it is critical to recognize that the benefits of SD-WAN are optimized when paired with WAN optimization technologies, so I always recommend the two should be considered together.  IPC is commonly used to redirect traffic when the primary link is saturated or performance is degraded, but WAN optimization can often prevent failover by improving the primary link performance even under these increased load conditions.  Also, while bandwidth is plentiful in metro connections, global or even nationwide connections are generally still using T1s or E1s so the bandwidth of the primary connection is likely 1.5 or 2 MB.  It’s certainly rare to find a company paying for trans-oceanic links for more than 6MB.  WAN optimization can help squeeze more traffic over these links and greatly improve overall link performance.  Acceleration and QoS have been around for decades now and I’m continually surprised when I run into companies that aren’t leveraging the benefits of both.

Once the primary connection has been optimized, the company must then determine how it wants to leverage the second connection and that will be based on the type of network service available and the unique business needs of the company and branch. 

If bandwidth is limited, then the best configuration would be to augment the primary circuit with something like cable or DSL and run in active-active mode as the cost of the connection is flat rate regardless of the amount of network traffic.  In fact, an MPLS + broadband hybrid WAN configuration is often the first step in migrating to an all broadband WAN.  The downside of services like DSL and cable is that the throughput and performance can vary greatly depending on location and time of day, because they have shared service elements that are often oversubscribed.  Also, there is no wired broadband provider who can provide nationwide service, so any company of significant size would need to set up contracts with possibly dozens of service providers using a hundred or more service plans. 

If bandwidth isn’t an issue and the company is concerned about network resiliency and cost efficiency, a better option would be something like satellite or cellular (3G/4G) connectivity as it won’t be impacted by a facilities issue.  These services are typically very low cost but the downside is that they are typically metered services so the more bandwidth that is used, the more expensive the service gets.  Putting a metered connection in an active-active configuration could potentially cost an organization thousands per link per month and obviate any other cost savings gained by shifting to an SD-WAN. 

Below is a summary of how highly distributed businesses should approach the use of multiple WAN links:

  • Ensure WAN optimization is integrated into any SD-WAN adoption plan  
  • If more bandwidth is needed in an MPLS network, use an active/active hybrid WAN model by adding broadband with  an eye towards all broadband in the future
  • If resiliency and cost efficiency is more important than bandwidth needs then use active/back up with 3G/4G and/or satellite connectivity
  • If the company wants to achieve both consider MPLS + broadband + cellular / satellite and architect a network that is active-active-backup.

It’s important to note that the last configuration may seem like the best one but it is the most expensive option and configuring that type of network is extremely difficult to do on one’s own.

In summary, all organizations should be looking at leveraging the benefits of an SD-WAN but how the multiple connections are used should depend on the needs of the company now and into the foreseeable future.

About the Author: Zeus Kerravala, Founder and principal analyst with ZK Research.

Kerravala provides a mix of tactical advice to help his clients in the current business climate and long term strategic advice. Kerravala provides research and advice to the following constituents: End user IT and network managers, vendors of IT hardware, software and services and the financial community looking to invest in the companies that he covers.

Prior to ZK Research, Zeus Kerravala spent 10 years as an analyst at Yankee Group. He joined Yankee Group in March of 2001 as a Director and left Yankee Group as a Senior Vice President and Distinguished Research Fellow, the firm's most senior research analyst. Before Yankee Group, Kerravala had a number of technical roles including a senior technical position at Greenwich Technology Partners (GTP). Prior to GTP, Kerravala had numerous internal IT positions including VP of IT and Deputy CIO of Ferris, Baker Watts and Senior Project Manager at Alex. Brown and Sons, Inc.