Starting 2018: no more VPN in China

The Chinese government has issued a statement announcing that, as part of tightening censorship policy in the country, the access to most of the global internet will be blocked very soon. The government has ordered local, state-owned, telecommunications companies – China Mobile, China Unicom and China Telecom – to block the VPN access to the net, effective from February, 2018.

The censorship in China

Although Chinese government officials often strongly deny this, China is infamously known as a country that censors the internet and blocks access to thousands of popular international websites, including Google and social networks, like Facebook, Instagram and Twitter. This censorship policy has received the name “The Great Firewall of China”.

In this way, the government manages to control the news’ content and public opinion, while preventing criticism of the Communist regime in the country. For example, while student protests against the communist regime in Tiananmen Square in 1989 and protestors demand for democratic reforms in the country, are commonly known all over the world, in China itself, it is almost impossible to find any references to these events on the internet.

However, millions of people in China have so far managed to circumvent censorship restrictions by using VPNs, thus gaining access to all the forbidden websites in China, without this being brought to the attention of the authorities. Although the Chinese government is aware of this matter, it is impossible to know the identity of VPN users and what information they send or receive.

Recently, opponents of the government who are not able to publish information inside China, have started to release it on websites outside of the country, thanks to VPNs that allow them to bring information back to the Chinese citizens. By doing this, they have succeeded in causing harm to the public opinion about the existing regime in China. In light of this situation comes the recent announcement regarding the total ban of the VPNs all over China.

What is a VPN?

Virtual Private Network (VPN)  allows anyone to access the internet securely without their ISP being exposed to the information they send and receive.

VPN browsing has several advantages, among them, the ability to browse privately without revealing details about the nature of the activity on the various websites, concealment of the exact geographic location (for example, browsing from one country with another country’s address), protection against bugs or hacking of information systems, and downloading files without anyone knowing the identity of the person who is downloading them.

VPN browsing has a number of disadvantages as well, such as some decrease in browsing speed (due to the fact that the VPN functions as an additional server through which the data must pass); certain risks to the privacy of user’s personal information when browsing the web via a free VPN service provider.

That is why one should choose a trustworthy and reliable service provider.

VPNs are typically used by companies and individuals who are interested in keeping their information private from external parties (such as internet providers or hackers), and in particular in China, internet is actually the only way Chinese people can obtain objective information of what is happening in the world.

And now, apparently, this freedom of information in China is about to end.

Who will be affected by this move?

First and foremost, Chinese residents and opponents of the government will be the ones to be harmed, as they no longer will be able to use VPNs to connect to the world’s leading websites, to release information or to access it. Meaning, the only information that Chinese people can be exposed to will be that which is approved by Chinese censors.

In addition, the move will harm Chinese academics as they will not be able to access foreign journals or contact their colleagues around the world. Furthermore, foreign businesses based in China will not be able to use VPNs to communicate with their branches or headquarters in other countries, and their ability to secure their information will also be impaired.

Is there a solution?

The answer is yes.

Internet Binat offers a number of advanced solutions designed for international companies in different fields of business activity and provides solutions to a variety of challenges, including the one currently forming in China.

For additional information:


What if your MPLS could:

  • Be deployed in hours or days through one single provider?
  • Provide seamless access to cloud and SaaS applications, along with private connectivity to the branch office or data center?
  • Include WAN Optimization within the network, so that applications run faster and save on bandwidth over the network?

You would be able then to:

Unfortunately, your MPLS can’t.

MPLS is difficult to deploy and has no flexibility. Trying to establish an MPLS link at a branch office can take months. And if you already have an established connection at your current location, but intend to move offices, you’re talking about long project times to receive the same level of connectivity. This problem gets compounded as your business expands globally, as there is no single global MPLS vendor.

MPLS cannot access cloud-based and SaaS applications. As global enterprises move their data and applications to cloud and SaaS environments, MPLS becomes obsolete. MPLS links are designed to connect into direct locations, not the cloud. Therefore, businesses are forced to work around these issues by backhauling cloud and SaaS applications through the data center. Unfortunately, this does not provide the reliability and performance end-users require to be productive.

MPLS does not include WAN Optimization. In order to achieve some consistent application performance through MPLS, WAN Optimization appliances are necessary at the edge of each network. This, in turn, adds additional investments in the form of hardware purchases and the IT resources needed to maintain them.


If you could software define MPLS, here is what it would look like:

  • You could deploy a private and secure network in a matter of days, and it could be scaled in minutes, with no capital expenditure.
  • You could enable users to access cloud-based and SaaS applications with the same consistency as the data in their branch offices.
  • You could layer additional networking technology within the network to simplify the infrastructure, provide faster performance, and offer complete network and application visibility.

And if MPLS were being designed today. Here are the components it would have:

  • A Global Private Network: This would bypass the public Internet to provide MPLS-grade connectivity to deliver a consistent and reliable user experience. One single private network would also relieve an enterprise from having to manage MPLS contracts from tens of providers to create their network.
  • WAN Optimization: This would speed up application performance for end users around the world and reduce the bandwidth used throughout the network.
  • SD-WAN functionality: This provides more efficient path selection through the network along with reducing complexity and cost of the WAN as a whole.
  • Cloud/SaaS Connectivity: The network would be able to integrate these applications into the network, providing faster and more efficient access compared to legacy networks.
  • Speed of Deployment: Businesses could setup their enterprise WAN as fast as they could log onto the Internet.

And that’s what Aryaka has done. We’ve done the equivalent of software-defining MPLS and have been providing it as a service for nearly a decade. As a result, Aryaka’s global SD-WAN provides flexibility, reliability, application performance, and SaaS connectivity with the click of a button.


Aryaka’s global SD-WAN was designed from the beginning to provide globally distributed enterprises fast, reliable, secure, and scalable connectivity, while also enabling users to achieve cloud-based and SaaS application acceleration from remote geographies around the world. Our focus has always been to deliver MPLS-grade connectivity in a software-defined infrastructure, that can deploy new sites and bandwidth in hours. Because we care about our customers’ performance, we provide best-in-class support to ensure they’re up and running no matter where they are in the world.


What do the numbers 4000 and 1100 have to do with your enterprise WAN?

Those are the number of layoffs taking place at British Telecom and Cisco. Along with a big layoff at Riverbed (a WAN Optimization company) just a few years ago, these layoffs are a sign of the turning tide against MPLS, which may still be the foundation of your enterprise connectivity.


MPLS is dying a slow death. It’s a slow death because cloud adoption is speeding up. While MPLS remains the most widely-used secure connectivity solution at the enterprise level, it offers little to no connectivity solutions to applications hosted in the cloud.

Last year, traffic over the enterprise WAN grew by 200% – and 50% of that traffic was generated by cloud platforms and SaaS applications. This was especially pronounced in the Asia-Pacific region, which grew by 250%, where US- and EMEA-based businesses are now expanding globally, and more APAC-based businesses are cropping up as well.

According to the 2017 State of the WAN Report, enterprise WAN traffic grew by an average 200% worldwide.

In addition, bandwidth consumption is at an all-time high, and shows no sign of stopping. In order to compensate for the growth in traffic, as well as solve for issues like packet loss, which can occur when there is congestion across a link, enterprises are investing in larger and larger links.

Legacy solutions like MPLS, however, can’t keep up. It is slow to deploy and scale, meaning that larger links take weeks or months to spin up. MPLS also can’t provide cloud/SaaS connectivity without workarounds, like backhauling (which, incidentally, degrades the quality of the connection and requires more workarounds, like WAN Optimization).

Solutions like Aryaka, which deliver SD-WAN and WAN Optimization built into a purpose-built global private network, have provided the first steps toward an end to the dependency on MPLS by creating a true full replacement to the outdated legacy model.

These layoffs signal the beginning of the end – if the solution no longer serves the needs of the enterprise, why keep investing your IT budget and resources in it?


As MPLS becomes less and less viable as an option for global connectivity, business leaders will turn to network admins for their expertise and guidance on what next to implement. Admins with the training and support in implementing and maintaining next-generation networking have the opportunity to leverage this expertise to grow in their roles and with the company.

Those who continue to push for and lean on legacy technologies because they’re simply “the way things have always been done,” will find that they must play catch-up in terms of industry knowledge and applicable skills once MPLS fully sunsets.

Industry knowledge is leaning toward applications over networks. Cloud computing has become an industry standard. With MPLS out of the picture, networks delivered as a service will become more ubiquitous, meaning that admins will have to spend less time with support tickets relating to speed and performance on the network itself. Instead, as enterprises shift their business- and mission-critical applications into virtual deployments, admins will spend more time optimizing the deployment and delivery of these as-a-service platforms and programs.

All of this supposes, of course, that a next generation solution can take over where MPLS left off – which is exactly what Aryaka’s global SD-WAN does.


Aryaka Global SD-WAN

Aryaka provides everything both IT leaders and their enterprises need to succeed in the fast-approaching future of networking. Although, from the way in which the SD-WAN market is taking off, the future of networking appears to already be here.)

With a purpose-built WAN delivered as a service, Aryaka provides global enterprises with a software-defined MPLS replacement built on 28 points of presence located within 30 ms of 95% of the world’s business users.

Built into that WAN are SD-WAN and WAN Optimization, so there is no CapEx and no additional management required. Aryaka also provides 24/7 support for the network, freeing up network admins to focus on the skills and tasks that matter to their careers: application management. Aryaka makes that even easier by providing up to 40x improvement of application performance.


How big is the SD-WAN market, really? It depends on whom you ask:

  • IDC also speculates that, based on U.S. survey data, nearly half of all enterprises will be considering a migration to SD-WAN next year, while Gartner sees only 25% of enterprises adopting it in the next two years.

Why such vastly different valuations of the same market? Perhaps because no one really agrees on how to define SD-WAN or who needs to use it.


In theory, SD-WAN is what its name suggests: a way of software-defining the enterprise WAN, as opposed to the traditional hardware-centric model.

SD-WAN is a response to the shift in business application architecture from the data center to the cloud, allowing enterprises to connect their end-users in a safe and reliable way to their third-party cloud platforms and SaaS applications.

However, SD-WAN isn’t, in most cases, as simple as just a software-defined on-ramp to a private network – it comprises both hardware and software, and the methods in which it is delivered and by which it performs differ from company to company.

The large number estimated by Research and Markets included:

“SD-WAN hardware that includes appliances and routers, SD-WAN software that includes orchestrators, gateways, cloud routers and firewalls, dashboards, management systems among others, and SD-WAN services that includes Service Provider Managed SD-WAN services and Cloud Managed SD-WAN services.”

The Gartner report details sixteen different vendors, and no two are exactly alike. Some offer overlay and others in-net, there are both regional and global SD-WAN, and you can pay for a managed service or provision the extra resources to do it yourself. So how are you to make heads or tails of which solution is right for you?


One of the reasons why P&S Market Research, Research and Markets, and IDC may see such a high market valuation for SD-WAN is the amount of hardware you might need to purchase to manage your service. Most SD-WAN sit at the edge and require some hardware for deployment.

As Gartner writes:

“Many SD-WAN deployments today haven’t actually replaced traditional routers; they’ve supplemented them for a variety of reasons, including risk aversion and lack of support for legacy T1/E1 interfaces.”

These edge-based SD-WAN are considered “overlay” SD-WAN, where they function as a routing devices between your MPLS and the public Internet. Overlay SD-WAN is location-independent and makes connectivity more interchangeable, while optimizing the last mile.

However, because some SD-WAN following this model do not replace the router but add a box, your budget may need to expand to accommodate the hardware and its maintenance and monitoring. The same applies if Ethernet is not available.

An OpEx model may not be an option, and the system must be managed by the IT team.

In-net SD-WAN, on the other hand, while less common, can offer more flexibility. In-net SD-WAN covers the middle mile, and it can be delivered through what Gartner calls a “cloud-based OTT” model or provide appliances for additional functionality at the edge.

The in-net model, because it provides its own WAN and allows organizations to subscribe to use the WAN as-a-service, can optimize the middle mile for Internet connected sites globally, and new functionalities can be delivered via cloud, without asking users to upgrade hardware.

The only drawbacks for this model appear if the IT team prefers a DIY “construct” model for their WAN, as opposed to a “consume” model, where the network is delivered as-a-service.



Most SD-WAN can still only support regional deployments because they rely only on the Internet and don’t include custom-built private networks for fast cloud and SaaS connectivity. Although it can reduce network complexity and lower network costs at a branch office by replacing regional MPLS through aggregate Internet links, SD-WAN at the edge does not optimize traffic over the middle mile.

And when offices are collaborating and communicating in real-time, or attempting to connect to applications housed in other geographies, regional SD-WAN presents a real latency challenge.

For an SD-WAN to fully tackle those challenges on a global scale, it must leverage a private network that is layered over the Internet to accelerate data and application performance. In that way, the SD-WAN can replace MPLS by combining a private network in the middle mile and Internet at the edge, while still providing MPLS-grade connectivity in all geographies where business is conducted, delivered via privately owned and maintained points of presence (POPs).

Regional SD-WAN can serve the needs of businesses with branch offices that don’t cross oceans or users that work from remote geographies; however, global enterprises or enterprises that have the potential to scale should consider a global SD-WAN solution to maximize application performance and data transfer anywhere in the world.


As I mentioned earlier, some IT departments prefer to construct their own network, as opposed to consume a ready-made model.

Even in a DIY situation, WAN management software from DIY SD-WAN vendors can make the orchestration of network services easier at the branch; however, the IT department then must deal with multiple vendors and contracts. In this case, the management of these networks becomes resource-intensive, and integration of new branch offices or links can become a hassle, especially when dealing with large global network scenarios.

In the as-a-service or cloud-based OTT model, the solution is fully integrated. WAN management is taken care of by the as-a-Service SD-WAN provider, freeing up IT resources and budget for other projects.

While the consume model is not for every enterprise, some SD-WAN providers make it possible to customize the services delivered to meet the needs of the purchasing organization in order to best meet their needs with a complete solution.


In the end, it doesn’t matter if the solutions available don’t fit your needs.

As a global enterprise looking to maximize your investment, free up IT resources, and improve application performance throughout the whole network and not just at the edge, the best bet is to work with a global SD-WAN provider with a private WAN.


Aryaka’s global SD-WAN delivers the application performance requirements for today’s cloud and SaaS environments to enterprises with a worldwide presence. Our MPLS-grade global private network was built with full-mesh connectivity on 28 points of presence (PoPs) on all six habitable continents and layered with WAN Optimization, creating an MPLS-grade global private network that accelerates application performance and practically eliminates congestion and packet loss.

Aryaka’s global SD-WAN is also delivered as a service, so you don’t have to buy, configure, deploy, or maintain expensive WAN Optimization boxes in every single location. This approach delivers cloud and SaaS applications to global end-users as if those applications were living in the local corporate data center and can be deployed in a matter of hours, instead of months or years.