We are in need of an application/appliance based utility which has L7 intelligence and can do domain/application/IP/protocol based routing across WAN links.
Say I have two ISP links and I want URL's like Facebook, Google, Yahoo, YouTube and a few other applications to get routed over ISP1, and the rest of the internet traffic to get routed through ISP2.
It would be good if it has WAAS, traffic shaping and application based prioritization as well.
Please help me with your recommendations based on features, cost, ease of deployment. Thanks!
If it is really only about routing and dynamic WAN selection, I would go for Ipanema (owned by Infovista). By product is that it can do WAN Acceleration as well. Easy to deploy and provides very good Management Information on both Network and Application performance.
You can use the kind of Peplink load balancers (example, Balance-One with 2to5 WAN port, Dual band WiFi, 8to5 LAN port, etc) to care about all these sorts of routing and it's really user-friendly.
Using SD WAN, you can get all the benefits of a Riverbed, Silverpeak etc, without buying hardware. It has built in WAN Op, L7 visibility/ management, QoS and encryption. Hope this helps
Thanks a lot everyone for all your inputs.
I am afraid if we can buy such expensive solutions, any idea of firewall based solution like Palo Alto OR check point if it can do similar things like policy based routing (On the basis of domain name,application,protocol etc)
Removing my dupe entry. Sorry for the trouble.
Riverbed Steelhead CX 70 series family of appliances is what I use for this exact purpose across 33 global remote sites and 2 data centers in the USA and Australia.
Spec Sheet attached.
I have my fleet of Steelheads designed to do everything mentioned below in the question from your colleague and more.
These are very easy to deploy. They are in-path of the data flows and fail to wire. (they will pass traffic unconditionally in the case of a fault or failure.)
Inbound and Outbound QoS bandwidth shaping is a huge advantage on the Steelhead where we can allocate bandwidth percentages per Applications, ports, IP addresses, or a combination of these traffic attributes.
They have very good Application Awareness built in. If your Application or data flow is NOT found in the pre-defined Applications listing that is installed in all Steelheads from the factory, you can create “Custom Applications” for recognition by port, IP address (or IP subnet), host pair, or combination of all 4 traffic criteria if you like.
The Application awareness described above is what you base your WAN routing decisions on with the RiOS feature known as “Path Selection”
This is where you choose your Applications or Groups of Applications, and tell the Steelhead which outbound link (in-path interface) to send this traffic to achieve the desired result.
In an environment where you want to offload internet traffic locally at the remote (branch) sites and keep company Intranet traffic separated, the design would look like the picture below.
The orange appliance is the Steelhead.
Cost is determined by the model chosen and the amount of optimized connections required for the locations where a Steelhead will be installed.
With Licensing and Gold Support, costs are typically around $100k for your Data Center appliance (model 5070) and $12k to $35k for the remote (branch) sites (models 570, 770 & 3070).
Bluecoat proxy solution will be suitable.