In my previous posting I described the problem that often confronts large global companies who have deployed regional WAN service providers when they start to carry enterprise-wide real-time traffic (voice or video conferencing). Figure 1 below is a typical example of the architecture used in these situations. The long chain of different administrative domains makes it very difficult to get this right and keep it working.
In my previous post I talked about using a different set of network monitoring tools to watch the behavior of an extended network like that shown above. But today I want to talk about solving this at a design level. If you have the opportunity to restructure the network you can prevent many of these problems from occurring in the first place.
The simplest structure is to have a single service provider connecting all international sites as shown in Figure 2 below.
If the enterprise has offices in major international cities this solution may be quite possible. Having a single service provider means that there is only one QoS standard, and there are far fewer administrative domains to manage. Traffic can be marked to the single standard and monitored at the edges of the carrier. Tools will quickly determine if the carrier is meeting their SLA or not.
But some enterprises, by the nature of their businesses cannot use a single service provider. Companies that have grown by acquisition have to manage with the facilities and locations that come with the acquisition. Companies that do certain types of business need to be near the populations they serve, near the minerals they are mining or near the resources they need for their manufacturing processes (materials, energy, water, etc.)
For these companies I have been encouraging them to consider the architecture shown in Figure 3 below. Here we see the same architecture as shown in Figure 1, but with the addition of a direct path between the regional carrier and the international carrier.
The Session Border Controller (SBC) shown in Figure 3 terminates the VPN within a regional carrier and passes only the voice or video traffic through to the VPN within the International carrier. There is no routing across this path. The SBC can manage address translation if required, and can also re-mark the DSCP markings of packets as they pass through. Thus if there is a different QoS standard being deployed in the region and in the international carrier, the SBC can handle the translation.
If you now deploy voice or video infrastructure components, especially bridges, in a collocation facility connected to the International carrier,you get what I call a "Communications Center." This communications center is different than a data center because it sits in the WAN cloud and aggregates traffic at the right location. The communications center has a very different security model than the data center, based on SBCs instead of based on firewalls.
I think we will see global companies evolving towards this type of architecture as they realize the benefits for their global communications.
Let me know what you think!
