Client Results — Technology

Platform Assessment Eliminates Complex BGP Traffic Engineering Dependencies

A comprehensive multi-cloud platform assessment revealed critical design gaps in traffic engineering and application architecture, delivering a roadmap for simplified operations and faster application onboarding.

Multi-cloud architecture · BGP optimization · Application modernization

Zero

Asymmetric traffic issues

Replaced BGP manipulation with app-layer solutions

4–6 weeks

Assessment timeline

Documentation review through recommendations

100%

Platform dependencies mapped

Multi-cloud architecture documented

Tech domains assessed

Cloud, SD-WAN, firewall, BGP, hosting

Technology

The Organization

A technology organization operating the ACE multi-cloud platform with complex hybrid connectivity requirements, supporting both legacy mainframe systems and modern cloud-native applications across primary and secondary data centers with Equinix hosting.

Multi-cloud infrastructure with Equinix hosting, Silver Peak SD-WAN, Palo Alto firewalls, and Aviatrix networking spanning multiple carrier connections.

The Challenge

The organization's multi-cloud platform had evolved into a complex architecture with significant technical debt. Application onboarding was slow and error-prone, requiring extensive BGP manipulation and custom routing policies for each new workload.

The platform suffered from asymmetric traffic flows, complex firewall maintenance procedures, and inappropriate use of SD-WAN technology for data center connectivity. Infrastructure teams bore sole responsibility for application availability, creating bottlenecks and extended outage resolution times.

Complex BGP AS-Path prepending creating non-deterministic routing

Slow application onboarding due to infrastructure dependencies

Asymmetric traffic flows causing extended outages

SD-WAN misapplied for data center connectivity

Legacy application patterns limiting cloud platform adoption

IVI's Approach

IVI conducted a comprehensive platform assessment, reviewing existing Confluence documentation, design artifacts, and operational procedures to identify optimization opportunities and provide actionable recommendations for the ACE platform.

Phase 1: Documentation & Design Review

Analyzed existing design artifacts spanning July 2021 through February 2022, identifying gaps between technical specifications and business requirements alignment.

Phase 2: Traffic Engineering Assessment

Evaluated BGP AS-Path prepending strategies, route summarization policies, and SD-WAN implementation to identify sources of complexity and operational risk.

Phase 3: Application Architecture Analysis

Reviewed application onboarding patterns and user access models to identify opportunities for decoupling infrastructure dependencies from application availability.

Phase 4: Recommendations & Roadmap

Delivered comprehensive recommendations for DNS-based traffic steering, source NAT implementation, and simplified firewall architectures with phased implementation priorities.

Technology Stack Assessed

Aviatrix Multi-Cloud

Cloud networking platform with FireNet

Silver Peak SD-WAN

Branch connectivity with BGP AS-path issues

Palo Alto Firewalls

Security enforcement with Panorama management

BGP Routing

Inter-site connectivity and traffic engineering

Equinix Hosting

Colocation and carrier connectivity

Assessment Findings & Recommendations

The assessment identified specific architectural improvements that would significantly reduce operational complexity while improving application availability and onboarding velocity.

Simplified traffic engineering

Recommended replacing complex BGP AS-Path prepending with DNS-based Global Server Load Balancing (GSLB) and source NAT for deterministic traffic flows and symmetric routing.

Application-centric design

Provided roadmap for decoupling user access from direct application connectivity through DNS resolution and load balancing layers, reducing infrastructure team dependencies.

SD-WAN optimization

Identified misuse of SD-WAN for data center connectivity and recommended restricting to branch-to-datacenter use cases for improved reliability and simplified operations.

Operational efficiency

Outlined firewall architecture improvements using active/active clustering and automation opportunities to reduce maintenance overhead and improve scalability.

Explore Related Solutions

Architecture & Advisory Services → Assessment, Migration & Modernization → Cloud Solutions → Advanced Network Services → SASE | SD-WAN | ZTNA →

FAQs

How long does a comprehensive platform assessment take?

A thorough multi-cloud platform assessment typically takes 4-6 weeks, including documentation review, architecture analysis, traffic engineering evaluation, and detailed recommendations development.

Can these recommendations be implemented without disrupting operations?

Yes. The assessment provides a phased implementation roadmap that allows for gradual migration from BGP-based traffic engineering to DNS and application-layer solutions without impacting existing application availability.

What are the main benefits of moving from BGP traffic engineering to DNS-based solutions?

DNS-based Global Server Load Balancing provides deterministic traffic flows, eliminates asymmetric routing issues, reduces infrastructure team dependencies, and enables faster application onboarding with simplified operational procedures.

How does source NAT implementation improve traffic symmetry?

Source NAT translates client IPs to data-center-specific ranges, ensuring return traffic follows the same path through firewalls. This eliminates complex routing decisions and provides the simplest method for maintaining symmetric traffic flows.

See What IVI Can Do for Your Organization

Every engagement starts with understanding your environment, your goals, and your constraints.

Start a Conversation