Software-Defined Wide Area Network (SD-WAN) is delivering significant improvements for managed service providers (MSPs) providing distributed large business or enterprise customers with wide area networks and services, including unified communications (UC) and hosted and managed security.
Tunnel Bypass, sometimes referred to as Local Internet Breakout or Split Tunneling, is a Turnium SD-WAN feature that enables the Turnium SD-WAN provider to “classify/identify” specific customer traffic at a site and direct it over a specific circuit to the MSP data center using packet filters.
The remaining traffic bypasses the SD-WAN tunnel to the SD-WAN head-end aggregator in the service provider data center and exits to the internet using one of the underlying carrier’s internet gateways. Traffic to be bypassed with Split Tunneling can be identified based on a highly granular and customizable set of packet filters, such as DSCP tags, subnet, or ports.
How MSPs Benefit from Tunnel Bypass or Split Tunneling
The Tunnel Bypass or Split Tunneling feature can be used by MSPs in a number of different ways to deliver superior service to clients:
- To ensure search results remain local even if the aggregator is in a different location.
- To manage the traffic for a specific application or service using packet filters and reduce the amount of traffic hitting the data center, ensuring excellent customer experience and decreasing service provider costs for internet transit.
- To manage business-critical traffic from home offices and prevent non-business internet traffic from being filtered by corporate firewalls and causing security policy problems.
This blog post describes the first and second of these main Tunnel Bypass or Split Tunneling use cases: to ensure search results remain local even if the aggregator is in a different location, and to manage the traffic for a specific application or service and filter everything else.
Use Case 1: Serving Clients in Different Countries or Regions
Tunnel Bypass or Split Tunneling enables MSPs to classify user site traffic such as visitor WiFi, corporate CRM, ERP, or Unified Communications by a source destination IP address, DSCP tag, port number, and more. These filters ensure business-critical traffic is prioritized and sent to the data center, while non-critical internet traffic exits through a local gateway to deliver localized search results.
For example, without Tunnel Bypass or Split Tunneling, if a branch office is in France but the data center, centralized firewall, and SD-WAN head-end aggregator are in Germany, a French client would receive internet search results in German. And all that traffic would go through the central firewall needlessly.
Tunnel Bypass or Split Tunneling leads to a better end-user experience for the client while also reducing costs at the data center and helping with localization issues that can occur when all traffic is backhauled to a centralized firewall in another region or country.
Use Case 2: Manage Priority Corporate Traffic Only
Tunnel Bypass or Split Tunneling alleviates traffic that is irrelevant to the services the MSP is providing. For example, if an MSP is delivering Voice over Internet Protocol (VoIP) services, they can avoid placing a load on their infrastructure by filtering out traffic that’s not pertinent to the VOIP application.
The ability to classify user site traffic by a range of specific criteria allows MSPs to identify and bypass the PWAN, sending non-critical traffic out to the internet access of a defined carrier circuit. In the case of VOIP, MSPs can ensure secure, high-quality lines for the end users, without taking on traffic that’s irrelevant to the application.
Tunnel Bypass or Split Tunneling Delivers Greater Flexibility to MSPs
Turnium SD-WAN’s Tunnel Bypass enables MSPs to deliver superior end-user experiences, especially in regional offices. The feature also provides greater flexibility for MSPs to decide what traffic they want to manage and pay for. Learn how Tunnel Bypass or Split Tunneling can empower MSPs to deliver high-quality local services, manage business-critical traffic from home offices, and improve the performance of corporate applications.