advanced network

Configuration of Office 365 with SD-WAN Policy versus Traditional Router

One of the best aspects of working with application-intelligent SDWAN solutions is the ease of configuration for common SaaS solutions such as Office 365. When I compare SDWAN with the traditional router or firewall approach, I begin to see how antiquated products in the WAN space has been, particularly around today’s diverse application deployment models.

The fastest way to configure Office 365 on a traditional router involves the following:

  • Procure the current list of IPs from Microsoft’s website
  • Create an access list containing the IP addresses
  • Apply the access-list to the interface

First off, let’s look at the IP addresses for the list:

 

host 65.52.98.231
host 157.55.44.71
host 65.52.148.27
host 65.52.184.75
host 65.52.196.64
host 65.52.208.73
host 65.52.240.233
host 65.54.55.201
host 70.37.97.234
host 94.245.117.53
host 94.245.108.85
host 65.55.239.168
host 111.221.111.196
host 157.55.185.100
host 157.55.194.46
host 207.46.216.54
host 207.46.73.250
65.54.54.32 255.255.255.224
65.54.74.0 255.255.254.0
65.54.80.0 255.255.240.0
65.54.82.0 255.255.255.0
65.54.165.0 255.255.255.128
65.55.86.0 255.255.254.0
65.55.233.0 255.255.255.224
70.37.128.0 255.255.254.0
70.37.142.0 255.255.254.0
70.37.159.0 255.255.255.0
94.245.68.0 255.255.252.0
94.245.82.0 255.255.254.0
94.245.84.0 255.255.255.0
94.245.86.0 255.255.255.0
95.100.97.0 255.255.255.0
111.221.16.0 255.255.248.0
111.221.24.0 255.255.248.0
111.221.70.0 255.255.255.128
111.221.71.0 255.255.255.128
111.221.127.112 255.255.255.240
132.245.0.0 255.255.0.0
157.56.23.32 255.255.255.224
157.56.53.128 255.255.255.128
157.56.55.0 255.255.255.128
157.56.58.0 255.255.255.128
157.55.59.128 255.255.255.128
157.55.130.0 255.255.255.128
157.55.145.0 255.255.255.128
157.55.155.0 255.255.255.128
157.55.227.192 255.255.255.192
157.56.151.0 255.255.255.128
157.56.200.0 255.255.254.0
157.56.236.0 255.255.252.0
207.46.57.128 255.255.255.128
207.46.70.0 255.255.255.0
207.46.150.128 255.255.255.128
207.46.198.0 255.255.255.128
207.46.206.0 255.255.254.0
213.199.132.0 255.255.255.0
213.199.148.0 255.255.254.0
213.199.182.128 255.255.255.128

As you can see, this list is quite extensive and difficult to manage – and most importantly, it’s only for one application!

Now, if the provider happens to change a host address or an IP range, you have to research the changes and apply the new access list. Not to mention that usually the only way you know that your list is wrong is by a user’s complaint.

Defining the access-list is just the first step.  Employing policy routing for the application or chaining a series of services together is a completely different animal.  Imagine if you had to do the above for an environment that was stuck in the mud with legacy routing technologies and consumed applications from multiple clouds, multiple SaaS providers, and apps in the data center?  And needed VPNs between sites.  And needed firewall rules.  Needless to say, managing this in a multi-site environment with diverse application sources is an absolute nightmare for network engineers.

SDWAN products such as CloudGenix create application aware fabrics that allow for top-down policy-based assignment using the application as its handle – not a series of IP addresses, hostnames, or access lists.  They constantly monitor the application transaction response times, link characteristics, and configured policy to provide reliable and performance optimized service.

Creating the policy is as simple as selecting Microsoft Office 365 and specifying direct internet access over the highest quality link.  Two simple steps to configure versus a behemoth of a configuration on a Cisco router.

The application fabric’s ability to define policy by business intent – applications, sites, WAN links, and relative priority – are one of the strongest reasons to migrate from legacy routing to SDWAN.

Leave a Reply