International branch connection
Connection the branches of a global company
Global companies used to connect their branches by two possible solutions:
1. Over the internet, using communication routers or firewalls, a solution usually referred to as Site-to-Site VPN.
2. Using dedicated infrastructure provided by local service providers and a global MPLS network.
Sometimes, in order to increase the survivability of the second solution, branches were also supplied with an additional internet connection as backup for the MPLS infrastructure in case of a malfunction.
Many companies that start to become global use the first solution (Site-to-Site VPN), as this solution is easy to implement quickly and cheaply compared with the second alternative (MPLS).
The STS VPN solution has several disadvantages, including the instability of internet infrastructures (especially those connecting different countries), the need to continuously manage a large number of settings in the branch and headquarters firewall systems, and the inability to anticipate network behavior (number of errors, latency and jitter). As a result of these disadvantages some applications may not work properly, and the work of some applications may not be prioritized over others.
The MPLS network addresses some of the weaknesses of the first solution (mainly regarding infrastructure stability and the ability to prioritize application according to the needs of the organization), and is used by many global companies.
But is there a better alternative that combines the advantages of both solutions?
In recent years, new services have appeared trying to combine the best of both worlds. Some of the new solutions attempt to combine both infrastructure types (internet and MPLS), in order to provide more economic solutions that will allow the use of the internet’s cheap bandwidth on the one hand, with the stability and application prioritization of MPLS networks on the other. With these solutions two types of networks are used in each branch (each branch is connected to a relatively high bandwidth internet and a low bandwidth MPLS network to reduce infrastructure costs), and the prioritized traffic is routed through the MPLS network, while the rest is routed through the internet network (information is encrypted from end to end using Site-to-Site VPN).
The main goal of these solutions is to reduce the costs of branch networks, but many problems remain unaddressed. The combined communication infrastructure requires internal human resources to administer a naturally more complex network. In addition, any temporary or permanent change in the bandwidth requirements of the MPLS network (for example, when upgrading an application, or following an increase in the number of user in a branch) takes many weeks to implement, as both the international infrastructure and the bandwidth of the local network connecting the branch need to be upgraded.
To find a better alternative, Internet Binat has joined with the American company Aryaka in creating an international network based on dozens of Points of Presence (PoP) around the world, connected by dedicated high bandwidth MPLS networks. End equipment installed at the branch connects the branch’s communication quickly and easily over one or more internet networks (for survivability) to the nearest PoP to the company’s headquarters and from there, encrypted, to the company’s headquarter.
The advantages of this service are in its fast implementation time of a few hours, network stability, automatic end-to-end service survivability, built-in traffic compression to save on bandwidth acquisition, end-to-end network encryption, and a command and control system that provides network administrators with usage reports and allows them to implement dynamic bandwidth prioritization. An additional advantage can be found in the ability to easily increase the required bandwidth within minutes.