We need new solutions for the future

So 18 months ago I returned from a trip abroad and ended up in a situation, along with everyone else, where I was working from home 100% of the time and it's only now we're just taking those steps at to return to the office.??Now this isn't a lockdown retrospective and to me this wasn't a massive shift as I work for an organisation that already has a high degree of flexibility and remote working, and was already home based myself.?However,?to be doing it 5 days a week was new since most of us like to visit the office periodically and to many other people this was a very new state of affairs altogether.?Many companies had to go from zero home workers to thousands in a matter of months which is a big ask.?It's an even bigger ask on supply chains when everyone else is doing it at the same time globally!

But there is another ask, which tends to be a little invisible historically, but became less so as a result.?That is the demand on our home internet connections.?The UK residential broadband networks were originally built on the principle that not everybody would be using it at the same time.?From the days of early dialup services where a hundred or more people might share a 64Kbps line to the initial rollout of ADSL where contention ratios could be 50 to 1 it was heavily oversubscribed mathematically.?However, given all we were doing is web browsing static content, using email, maybe downloading music and streaming some radio it all worked.?We have all experienced the evening go-slow when everybody jumps online but we live with it like we live with mobile phone signal black spots.?Over time our consumption of bandwidth went up, video streaming services came along so bandwidth speeds increased and ISPs got better at traffic management and quality of service to make sure everyone got an adequate experience.?Contention ratios changed but they are still very much there and everything functions - ISPs plan their capacity on the principle that, in general, we'd use our home connections evenings and weekends and businesses would use theirs during office hours in the main.

Then everything changed, suddenly we were all using home connections not just for leisure but for work as well.?These were the connections on the part of the network with less resilience than more expensive business connections and yet they suddenly became business critical,?Videoconferencing exploded causing capacity issues in places they had never been expected, and education was delivered remotely.? Traffic that would have historically stayed inside an organisation suddenly was traversing the internet and in some countries nationwide lockdowns caused internet traffic to double in the space of 1 year.??

So it's probably worth taking a moment to think about those unsung workers who kept all that running.?Given how our online shopping habits grew, how we utterly depended on those internet connections to videoconference, and how platforms like track and trace relied on it a major meltdown in the internet backbone would have turned an already disastrous situation into one I don't really want to imagine.?This growth may slow down a little, giving ISPs time to catch their breath and consolidate, as lockdowns drift (hopefully) into the past, and vaccination programmes allow people to continue to return to offices but hybrid working is now here to say so the dynamic of where bandwidth is concentration and when it is used has forever been changed.

Many solutions were proposed by companies in the wake of this sudden change to allow people to cope with this requirements.?Solutions based on Virtual Desktops, 4G solutions using small routers and or SD-WAN, and of course there was the stock-in-trade of VPN licences with people adding massive amounts of users to the VPN concentrators and/or more concentrators themselves.

These approaches all still have fundamentally the same issue in the long term and that is that they generally direct all traffic to choke points.?This historically wasn't a problem - all the services were the other side of that choke point and for generalised internet traffic we did split tunnelling.?But security threats increased so we had to close down split tunnelling and funnel traffic through that choke point to apply controls to it and scan it for malicious entities.?Over time this became harder because things became more cloud based and IP ranges were less defined.?Vendors responded with products that pushed the scanning out to the local devices, or to the cloud itself, but in the end the traffic patterns have remained stubbornly hub and spoke - it just depends where the hub is.

At the same time applications are returning to the original intent of the internet and becoming far more peer to peer than they have been in order to reduce exactly?this load on the central points that hosted the apps - compute power at the edge has become so great that applications that once required dedicated servers and appliances can now be easily decentralised.?One-to-one voice and video calls are typically peer to peer for example but our typical connectivity model forces them to hairpin the traffic through a choke point which creates unnecessary pressure.?IPv6 was even designed on the principle that every single tiny little thing would have an address, sometimes multiples, to allow peer-to-peer operation without the problems NAT causes.

So at this point, and assuming you are still reading, you are probably thinking "thanks for the history lesson, and for stating the obvious, but get to the point"?so lets consider the future!

We are almost certainly going to see this elevated level of traffic sustained and ISPs will continue to upgrade their backbones, adding 100G and 400G connections to cope.?In the UK BT have announced full steam ahead on the fibre to the premise programme over the next decade.?But this won't catch everyone.?As people decentralise more, and remote working allows people to live further away from population centres whilst continuing to work, it won't be good enough to just enable those populated areas for FttP and declare it done.?But we all know that will be the case and we will continue to see a digital speed divide across the country.?For businesses this becomes a problem - do we specify that employees must live somewhere where their broadband speed is X ??Or do we look to change the dynamic ?

I favour changing the dynamic - this isn't just about zero trust, hybrid working, or SASE to name a few technologies. Those can be applied regardless of how the underlying traffic moves around - this is about changing the whole traffic dynamic to a far more decentralised model. VPN technologies exist, here and now, that provide completely decentralised peer to peer full mesh capabilities in a lightweight client.?We don't need complicated solutions like DMVPN or AutoVPN to build full mesh environments anymore and we have the compute power on the local client to be able to implement security controls and intelligently route traffic.?Using these technologies we can change those traffic dynamics away from hub and spoke towards peer to peer and yet still maintain secure communications and meet our compliance obligations.

It'll be an uphill challenge to win hearts and minds.?Security requirements, for example,?like to specify older, tried and tested, protocols like IPSEC and frown on newer solutions such as Wireguard.?Enterprises like to purchase from bigger name "blue-chip" vendors rather than look at innovative solutions from startup companies citing reasons such as support and longevity but the reality is a big name vendor is just as likely to dump a product, and the small startups eventually get acquired by the big vendors and suddenly become viable products with zero change to the offering.?

The more we cling to the way we've always done it, the less we focus on how we build the future but we all can change this. Demand from your Vendors/integrators/outsourcers/resellers that they talk to you about how to plan for, and overcome the challenges of the future.?Push them to provide innovative solutions and not to fall back on old faithful until it is too late.? Write specifications in RFPs that allow for these solutions and properly evaluate them.?The solutions are out there we all just need to start using them.

I'm ready for the conversation, are you ?