Cloud Networking and its Impact on Streaming Services
Introduction
DISH Technologies (DISH Tech) is a pioneer in satellite television and broadband services and a wholly-owned subsidiary of EchoStar. Since its establishment in 1980, DISH Tech has continually innovated in digital entertainment and cloud networking solutions. The company provides satellite TV, high-speed internet, and on-demand content to residential and commercial customers.
In 2015, DISH launched SLING TV, the world’s first live TV streaming service. As a leading over-the-top (OTT) platform, SLING TV integrates cloud DVR and extensive content packages. When combined with AirTV, it offers a seamless blend of live, recorded, and local programming
To keep up with increasing demand and scalability challenges, DISH Tech needed to modernize its cloud networking infrastructure. Their previous setup relied on a complex mesh of IPSec tunnels connecting multiple data centers and AWS regions. However, this approach led to inefficiencies, including limited scalability, high management overhead, and frequent connectivity disruptions.
To overcome these challenges, DISH Tech adopted AWS CloudWAN, a fully automated, centrally managed, and highly segmented WAN solution. This blog explores why AWS CloudWAN was selected, provides a technical overview of its deployment, discusses key benefits, and outlines future enhancements.
Why AWS CloudWAN?
DISH Tech sought an advanced cloud networking solution to simplify network management, improve automation, and enhance security. AWS CloudWAN addressed their challenges in the following ways:
1. Transitioning from a Partial Mesh to Hub-and-Spoke Architecture
Previously, DISH Tech used a partial mesh network, which was difficult to manage. The transition to a hub-and-spoke model streamlined connectivity by using AWS CloudWAN as the central hub, allowing seamless communication between data centers and AWS virtual private clouds (VPCs).
2. Automation and Centralized Management
The legacy network lacked automation, requiring manual configuration. AWS CloudWAN’s centralized policy framework enabled full automation via CI/CD pipelines, eliminating human errors and improving efficiency. All network policies are now stored in a machine-readable JSON format, ensuring controlled and automated updates.
3. Scalability and Flexibility
Manually managing network expansions was time-consuming. AWS CloudWAN provided dynamic attachments and segmentation, allowing DISH Tech to scale its infrastructure seamlessly.
4. Improved Routing and Network Segmentation
DISH Tech needed a structured segmentation strategy to isolate traffic between business units and environments. AWS CloudWAN introduced dynamic routing, optimizing traffic flow and improving security.
5. Reliable and Self-Healing IPSec Tunnels
The previous network suffered from frequent tunnel failures and relied on expensive firewall hardware. AWS CloudWAN improved network resilience by offering backup tunnels and automated failover mechanisms, reducing downtime and maintenance costs.
Technical Overview of DISH Tech’s Cloud Networking Setup
DISH Tech’s AWS CloudWAN deployment is structured into two primary connectivity paths:
Connectivity Path 1: Hybrid Connectivity Between DISH Tech On-Premises Physical Data Centers and DISH Tech AWS Cloud Network
As a security requirement, the Sling Legacy environment needed to be kept separate from the new Control Tower environment. To achieve this, DISH Tech defined distinct segments for each environment. A core design principle was to separate production and non-production traffic in both environments, while allowing a shared segment only for applications that required access to common services.
The first connectivity path aimed to link between all of DISH Tech’s on-premises physical data centers and from the on-premises physical data centers to their AWS cloud network. The first part for interconnection of the data centers was achieved by creating a hub and spoke model, with the data centers connecting to each other through the CloudWAN network. The second part, of connecting the on-premises data centers to the AWS cloud network was done by creating a separate on-premises segment for the Sling Legacy environment and another for the Control Tower environment. The on-prem segment provides both functionalities, namely the data center to data center connectivity and the data centers to AWS connectivity. Traffic on these different on-premises segments was isolated from each other by using the Cloud WAN policy configuration.
Connectivity Path 2: AWS CloudWAN for Inter-Connectivity Across AWS Regions
As discussed in the first connectivity path, one of the core designing principles of the network was to have no communication between production and non-production segments. There was also a nuanced difference between the two environments in terms of connectivity to the Cloud WAN network. The Sling legacy environment was making use of AWS Transit Gateways attachments to CloudWAN, while the Control Tower environment would have inter-VPC communication through VPC Attachments to CloudWAN. Having this nuanced difference in terms of connectivity to the AWS CloudWAN network, the Sling legacy business unit was able to make continuous use of its existing AWS Transit Gateways and the VPCs attached to them. Sling achieved this by peering their existing Transit Gateways with Cloud WAN. This provided Sling with the route segmentation across multiple regions that they initially lacked in their previous design.
In the figure, there are four segments of the DISH Tech CloudWAN network shown. The VPCs are attached to the Control Tower segments (Prod and Non-Prod segments, respectively) through the VPC core network attachment types. The VPCs in the Control Tower environment leverage a distributed inspection model, having AWS Gateway Load Balancer endpoints route traffic to distributed third-party firewalls behind Gateway Load Balancers. The Gateway Load Balancers have not been shown in the diagram for simplicity.
The VPCs in the Sling Legacy environment were initially connected to Transit Gateways specific to their environment. By separating the DISH Tech Cloud WAN into distinct segments for Sling Legacy and Control Tower, DISH Tech was able to utilize the existing Transit Gateways. They did this by using Transit Gateway route table attachments for the respective Sling Legacy segments. This approach also allowed the Sling Legacy environment to benefit from a centralized inspection model, with one centralized inspection VPC for each region, tailored to the needs of their business units.
Results and Future Plans
With the first set of the AWS CloudWAN deployment, DISH Tech built a highly segmented, secure, and hub-and-spoke network topology, providing connectivity between their different business units and their physical data centers. With this approach, DISH Tech reduced the complexity of mesh topology and established a transparent, centralized network connectivity model. The management of the various network segments between different business units and deployment environments is now more controlled. Centralized networking via CloudWAN enables DISH Tech’s infrastructure teams to maintain the hybrid connectivity and addition of new network workloads in an automated fashion.
By using the power of tagging and automation through DISH Tech’s CI/CD Pipelines and AWS Cloud WAN’s core network policy, DISH Tech deployed a fully automated infrastructure-as-code network. This expedited DISH Tech’s vision of automation and centralized management of the key constructs of their network. Tagging changes on the Cloud WAN attachment level would trigger the CI/CD Pipelines to automatically add the new attachments to the specific segments. Any new VPC or any new environment now gets attached to the respective Cloud WAN segment through tagging and inherits the correct routing domains through dynamic routing. Given the flexibility of API-driven Cloud WAN functionality, changes are now seamless and managed through Infrastructure-as-Code.
DISH Tech now monitors and manages their network connectivity statuses and health through a centralized Amazon CloudWatch dashboard, which shows them the state of the IPSec tunnels and the amount of traffic in and out of the entire network through Amazon CloudWatch metrics. They have also implemented alert mechanisms to notify them when traffic exceeds certain thresholds or when any tunnels encounter connectivity issues. This has reduced the time spent on operations and has led to faster deployments and quicker development of other business-critical functions.
Next step in the evolution of the DISH Tech network journey, as the traffic bandwidth requirements grow, the IPSec tunnels could be replaced with AWS Direct Connect Connections. AWS Direct Connect links the customer’s on-premises network to an AWS Direct Connect location. With this, DISH Tech will have dedicated physical connectivity from their data centers to their AWS regions by terminating the Direct Connect connections on the transit gateways attached to their CloudWAN network segments. Since Direct Connect provides a direct connection to AWS and does not go over the internet, any latency or jitter issues experienced by IPSec tunnels over the internet can be mitigated, and performance improvements will be observed.
Future Enhancements: AWS Direct Connect Integration
To further improve performance, DISH Tech plans to integrate AWS Direct Connect. This will replace IPSec tunnels with dedicated low-latency private connections between their data centers and AWS. Direct Connect will enhance reliability and reduce network congestion, ensuring a high-performance cloud networking infrastructure.
Conclusion
DISH Tech’s cloud networking transformation with AWS CloudWAN has provided a robust, scalable, and automated network infrastructure. By adopting a hub-and-spoke architecture, leveraging CI/CD automation, and implementing network segmentation, DISH Tech has significantly improved operational efficiency. The centralized management model allows for faster deployments, stronger security, and seamless network expansions.
Looking ahead, integrating AWS Direct Connect will further optimize network performance by reducing latency and enhancing reliability. This strategic evolution underscores the crucial role of solution delivery in the tech industry, ensuring DISH Tech remains at the forefront of cloud networking advancements.
Do you like to read more educational content? Read our blogs at Cloudastra Technologies or contact us for business enquiry at Cloudastra Contact Us.