What is AWS’s new Cloud WAN, and how will it impact Cloud networking?

As companies started to embrace the cloud, network engineers connected the data centers to AWS. The AWS Cloud was a networking spoke off a much larger physical data center infrastructure. I like to call it “cloud on a stick” as an homage to the router-on-a-stick designs of the late ’90s. As companies continued to evolve toward the cloud, this cloud-on-a-stick design was no longer adequate. Companies desired full integration with AWS as an equal or even primary part of their network design.

Over time, the networking capability in AWS evolved. You were given the ability to VPC peer between regions. Direct connect allowed high-speed connectivity from private data centers into AWS. In 2018, AWS released Transit Gateway, allowing a more robust connectivity between VPCs. AWS’s Transit Gateway service was a big step forward allowing the ability to easily connect VPC within a region. Multiple Transit Gateways can be peered between regions building complex interconnected networking topologies. And just like the field of dreams, if you build it, they will come. We embraced Transit Gateways, using them to build ever larger and more complex worldwide environments.

Customer needs are quickly evolving as they look for additional capabilities and expand their AWS networking worldwide. Each Transit Gateway is configured independently. It works well interconnecting a few regions, but as the number of regions expand, Transit Gateway becomes cumbersome to manage, maintain, and troubleshoot. A change to the network may require a dozen configuration changes across the world.

Cloud WAN takes the connectivity capability of Transit Gateway and scales it for worldwide connectivity. It provides this capability through built-in automation, intent-based configuration management, and segmentation. The network-centralized configuration is simplified and expansive, reducing errors and increasing agility. The service offers a health monitoring dashboard that allows engineers to view network traffic and events. And DevOps engineers love the Cloud WAN ability to automate AWS tasks such as VPC attachments.

The configuration of Cloud WAN uses the modern network programming technique of a declarative language (JSON) to express intent of how network traffic should flow throughout your AWS environment. You can segment your network and implement security and routing policies on a per-network segment, which takes effect worldwide. Each segment can be limited to select regions (or open to all regions), automatically assigned to VPCs, and built with internet and security controls.

Along with Cloud WAN, AWS recently announced SiteLink, a service that enhances and integrates perfectly with Cloud WAN. SiteLink allows two customer remote sites to use AWS for network transport. With the combination of the capability of SiteLink and the power of Cloud WAN, the future of corporate wide area networking starts to come into focus. Instead of MPLS or SD-WAN connecting into a private data center, the gravity of the network shifts to links connecting into AWS, with AWS becoming the primary transport. And as always, you only pay for what you consume with availability on-demand.

Within the network community there is a lot of discussion around software defined networking and programmability. Soon “public cloud” may be added to the discussion.

Our Cloud WAN white paper has more details on how to integrate Cloud WAN with a Transit Gateway network.