Software-Defined Wide Area Networks (SD-WAN) are enabling service providers (MSPs, Cloud providers, ISPs, etc.) to deliver high-performance cloud services to their clients — even those with distributed organizations and many branch networks across multiple countries. Some features of SD-WAN are particularly useful in giving service providers greater flexibility and control over customer experience, costs, and security of the managed services they deliver. Tunnel Bypass is one such feature.
What Is Tunnel Bypass?
Tunnel Bypass, also known as Split Tunneling or Local Internet Breakout, is a Turnium SD-WAN feature that enables service providers to classify (or identify) specific customer traffic and send or receive it through a specific circuit, bypassing the SD-WAN virtual tunnel to the SD-WAN head-end aggregator in the data center. With Tunnel Bypass, the bypassed data uses the internet gateway provided by the underlying carrier of the defined circuit.
What Can Tunnel Bypass Do?
Tunnel Bypass or Split Tunneling helps MSPs ensure that high priority corporate applications are securely tunneled to the data center while non-critical “fat traffic” exits directly to the internet through local gateways and incurs no ingress/egress costs at the data center. It supports end-user experience by ensuring that traffic from critical applications like voice, video, ERP/CRM, and other corporate applications is prioritized and secured right to the MSP data center. This ensures that corporate security profiles are maintained while providing executives, developers, and others with the security, extra bandwidth, and reliability of SD-WAN at home.
Tunnel Bypass ensures critical traffic goes through the SD-WAN tunnel to the data center and exits all other traffic, keeping unwanted data and traffic out of the service provider’s data center.
Top Use Cases
Tunnel Bypass or Split Tunneling can be used by service providers in a number of different ways to create bandwidth efficiencies and deliver superior services to clients. The most common use cases are:
1. To ensure search results remain local even if the aggregator is in a different location
Tunnel Bypass enables the classification of customer WiFi traffic in a number of ways. As such, it can help with localization issues that can occur in regions like Europe or Latin America. If your client is in France, for example, but your aggregator is in Germany, without Tunnel Bypass, the French client could receive their search results in German. Learn more about this use case.
2. To manage the traffic for a specific application or service based on granular packet filters, including DSCP tags, and filter everything else out, ensuring a high customer experience
Tunnel Bypass gives you the ability to run specific traffic from a site through the tunnel to the data center and use a circuit to exit all other traffic from that site directly to the internet. Bypassed traffic will ingress and egress via the defined carrier internet access and not be a part of the tunnel traffic. With Tunnel Bypass, only the application traffic you want will be tunnelled back to the data center over the SD-WAN.
3. To reduce service provider costs for internet transit by reducing the amount of traffic hitting the data center
Tunnel Bypass enables service providers to classify traffic by a number of criteria (source destination IP address, DSCP tag, port number, and so on). This feature of Tunnel Bypass allows MSPs to identify and bypass the PWAN, sending traffic out to the internet access of a defined carrier circuit directly from each site. This separates general internet traffic (for example) from the corporate data running to the aggregation server in the data center, and reduces internet bandwidth costs at the data center.
4. To manage business-critical traffic from home offices and prevent non-business internet traffic from being filtered by corporate firewalls and causing security policy problems
More and more businesses are offering employees dedicated Edge devices or CPEs to ensure productivity and security while working from home. With Tunnel Bypass, service providers can ensure that these CPEs only send business traffic to the corporate network and firewall. All family or non-corporate data exits to the internet using the internet gateway belonging to one of the underlying carriers used in the SD-WAN tunnel.
For example, if a client has developers that need secure, high-performance access to source code, their developers can use an SD-WAN with Tunnel Bypass to securely connect to the corporate development network and work in a secure cluster with tons of horsepower (extra bandwidth, higher reliability, and failover). This drives higher productivity with no downtime. Meanwhile, it ensures non-corporate internet traffic will be directed to a local internet gateway, avoiding the corporate firewall and maintaining corporate security policies.
Turnium SD-WAN’s Tunnel Bypass enables MSPs to deliver superior end-user experiences and provides greater flexibility for MSPs to manage costs and optimize user experience.