In a previous article, we discussed how Sockeye Networks’ GlobalRoute can improve network performance and cut bandwidth costs. Another route optimization option is RouteScience’s PathControl series appliances, which use various performance measurements to determine the best path to use for routing Internet traffic. Although PathControl achieves its route optimization in a somewhat different manner than GlobalRoute, the end results are essentially the same.

In addition to saving money by keeping enterprises under bandwidth commitments, RouteScience says that PathControl enables companies to use less costly methods of linking main offices to remote users and branch offices, such as VPN. By making VPN performance more predictable, RouteScience claims that PathControl allows companies to rely more on VPN as a primary means of connecting to remote users and sites. VPN thus becomes a more reliable and less expensive internetworking solution.

PathControl products
RouteScience offers two series of PathControl products: The 5000 series is designed for organizations and service providers with high traffic volumes, while the 3000 series is aimed at regional office and corporate headquarters locations with average traffic volumes.

The 5000 series optimizes connections to both public Web and VPN destinations, whereas the 3000 series is designed more for VPN optimization alone. Both appliances work with all IP-based applications, including HTTP, e-mail, VoIP, and FTP.

RouteScience stresses that the devices are not routers themselves, so they don’t make forwarding decisions; instead, they communicate route information to an organization’s edge routers.

“What we’re doing is we’re measuring path performance, combining that with cost metrics, and making a routing decision that is then communicated to the edge routers using Border Gateway Protocol,” said RouteScience Director of Product Marketing Rob Pursell.

In typical site-to-site VPN configurations, RouteScience installs a PathControl 5008 or 5014 at the corporate headquarters and a 3000 model at branch offices to migrate organizations from costly private WAN solutions to a greater reliance on VPN.

“The different models,” Pursell said, “are basically different sizes of the same box.”

Pursell explained that if you look at a corporate headquarters or data center as the hub of a wheel and the branch offices as the spokes, the smaller boxes would be placed at the spokes to optimize VPN traffic from the remote locations to the hub, while the larger box would reside at the headquarters location.

“One data center would require one box, unless you require a very high level [of] availability, in which case you might need two boxes.”

Running on the appliances is RouteScience’s RSOS software, which performs a variety of tasks from taking real-time performance measurements to communicating route data to edge routers. Companies can configure RSOS to perform route optimization based on their own priorities. For example, an organization might specify which users have the highest priority so that their traffic takes precedence over general traffic. RSOS includes cost and performance controls, as well as a reporting feature organizations can use to view performance trends and compare route decisions based on PathControl vs. BGP alone.

Pursell said the reporting feature is really for customers who are testing the product to determine whether it will actually benefit them. They use the reports to compare what kind of performance and cost they would get with standard BGP routing decisions vs. what PathControl is able to achieve.

“Once organizations are comfortable with the technology, generally speaking, they turn on what we call automatic route assertion and then they never go back.”

GlobalRoute relies on data from the Akamai network to determine where possible trouble spots in Internet traffic occur, but PathControl takes real-time point-to-point measurements to determine the best path. PathControl employs a variety of measurement options, including user traffic tests, TCP probes, NetFlow, SNMP monitoring, and log files, and it tests both active and inactive ISP connections to determine which path offers the best performance at cost.

User traffic tests are conducted by placing a one-pixel GIF on frequently accessed pages and analyzing content delivery on those pages. TCP probes are conducted by measuring point-to-point Internet performance, such as performance between VPN connections. PathControl automatically updates edge routers with new data as changes in Internet traffic occur.

“PathControl is a closed feedback loop system, in that we’re constantly measuring performance, comparing that performance against cost metrics, and constantly optimizing,” Pursell said.

VPN advantages
PathControl can greatly benefit companies with large public Web sites that see heavy traffic, but just as important is its ability to improve site-to-site VPN performance and reliability.

A key part of RouteScience’s VPN strategy is its partnership agreements with VPN vendors NetScreen and Check Point, which ensures that PathControl is compatible with and integrates with the VPN devices of the company. Pursell said that part of the agreement simply establishes that PathControl won’t do anything to interfere with the VPN functionality.

“In the case of Check Point, there’s a subtle integration of technology that allows us to grab IP addresses from a VPN device and automatically probe that as part of what we do.”

In addition to its compatibility with VPN devices, PathControl makes VPN a more predictable and reliable connectivity tool and can reduce reliance on more expensive leased-line connections, such as frame relay.

Pursell said that organizations typically rely on frame relay for mission-critical connectivity because they tend to distrust VPN over the Internet and use it only for less critical connectivity—primarily for remote users.

“By measuring and optimizing performance in real time, PathControl gives enterprises the same level of predictability and reliability of performance with the Internet that they receive with their frame relay networks.”

Pursell also pointed out that with PathControl, enterprises can choose from any combination of ISPs and get cost-effective and predictable connectivity. With frame relay, they must essentially rely on a single provider. In the current market, overreliance on a single provider can be costly.

Certain situations may still call for companies to use frame relay as a more practical option than replacing WANs with Internet links, Pursell said. But he’s noticed an overall trend toward more companies using VPNs.

“Wherever you need to have, and are willing to pay for, high availability, we see companies moving away from frame relay and toward a multihomed—typically two ISP links—configuration using route control to manage the performance of those links.”

The RouteScience solution
RouteScience’s model involves gradually moving enterprises away from expensive links to more cost-effective VPN connections. Organizations were once reluctant to make such a move, but PathControl can make those links more reliable and more predictable by performing real-time analysis to determine the best available path at any given time. Companies can turn to more than one ISP to improve availability and reliability while reducing bandwidth costs.

By improving the performance and reliability of Internet connections, PathControl offers enterprises an incentive to look more toward VPN to provide viable internetworking links for mission-critical communications. The end result is solid connectivity at a much lower cost.