As any IT person will tell you, business networks are complicated beasts with needs that sometimes conflict in ways that are challenging to manage.
For example, the very things that enable a business to provide connectivity to large numbers of corporate users, or that protect a company’s online activities from cyberthreats, can increase configuration complexity and undermine performance.
Hairpinning and traffic backhauling are two workarounds that address the limitations of corporate networks. But they too have their own drawbacks.
Keep reading to learn everything you need to know about hairpinning and backhauling, including how you can reduce the challenges of these often-used techniques and improve network reliability and performance at the same time.
What is Hairpinning?
Hairpinning goes by several names, including U-Turn NAT and NAT loopback. But none of these illustrate the concept (and its shortcomings, which we’ll discuss shortly) as effectively as the term hairpinning.
Hairpinning is a network process that occurs when two devices live on the same internal IP network, such as behind an office firewall or VPN, but communicate with each other using their external IP addresses.
In such instances, data would travel from the user’s device to the network’s NAT (natural address translator) or firewall. These data packets are then redirected back to the second device, instead of proceeding out to the public internet.
It’s a journey that looks a lot like a hairpin, as you can see from the image below.
When is Hairpinning Useful?
Hairpinning comes into play when an application or device requires a peer-to-peer connection via an external address, even though both machines live on the same network.
In this era of increasing cyberthreats and remote work, network security is a priority for many businesses. NATs are often used as a tactic for reducing cyberthreats because they conceal the individual IP addresses of devices on a network, sharing only the same public IP address for all computers. .
This prevents outsiders from gaining access to individual machines. But when NATs are in use, applications need to be instructed to work around these limitations and connect using hairpinning by adding a destination NAT rule in the network router or firewall.
Hairpinning can also occur when a user streams video over a VPN, which may require the request to be sent through the VPN, across the private corporate network to the public internet, and then return the data back via the same path.
Another scenario that requires this type of routing is when using applications that use Voice over IP. With VoIP, two phones must connect through a private branch exchange (PBX), which may result in a much farther path than if they were able to connect directly. Fortunately, after a call is initiated, those two endpoints can then communicate directly via a process called shuffling.
What are the Downsides of Hairpinning?
Think back to the image of what hairpinning looks like. While the two devices involved may be fairly close together on a private network, the data still has to travel twice as far, a journey that takes longer and uses more bandwidth. In other words, the biggest drawback of hairpinning is that it can add to your overall round trip time.
But there are other downsides too.
For starters, some DSL modems and routers prevent hairpinning altogether. Such restrictions are for security purposes and block a machine on a private network from connecting to another machine on that network using the same public IP address. If a modem doesn’t allow hairpinning, the only way for those devices to connect would be to use their private IPs. If one were to try to get around this by reconfiguring the ExternalHostName parameter to the machines’ internal addresses, the reverse problem would exist and external connections would then be blocked.
Hairpinning also requires some configuration changes as the default for NATs is to return an external IP address. For hairpinning to work, port forwarding needs to be set up so the router is able to direct requests onwards to the other peer device. If this configuration is not implemented correctly, the application will not work.
When it comes to business productivity over VPNs, hairpinning can create additional performance issues that might be familiar to anyone who’s tried to join a meeting remotely over the company network while working from home. This painfully slow experience is due to the redundancies of sending data from VPN to the corporate network to the internet and back again. That journey doubles traffic—and can consume huge amounts of bandwidth if many users are also trying to stream.
There’s no great solution to the slowdowns hairpinning might create for remote workers over a VPN. Buying more bandwidth helps, but that’s a costly endeavor and it can be difficult to predict just how much you’ll need. Meanwhile, split tunneling, a technique which routes some traffic through the VPN and other traffic—i.e. video streams—through a separate tunnel on the public internet, leaves some data exposed. In scenarios where multiple viewers are consuming the same videos, caching can also help to both speed performance and reduce bandwidth consumption.
What is Traffic Backhauling?
Businesses are less centralized than they used to be—and so are their networks. Many organizations with distributed offices provision internet to their branches via an approach called traffic backhauling.
Backhauling requires branches to route their internet traffic back to a central datacenter in order to implement some security processes there, rather than interacting directly with the public internet. Backhauling can be implemented wired or wirelessly. And similar to hairpinning, this means data has further to travel.
You may also hear the terms midhaul and fronthaul in relation to branch networking. These refer to various distribution points on a network; backhaul is the intermediate connector to the core network.
When is Traffic Backhauling Useful
Traffic backhauling is useful for provisioning secure connectivity to branches of an organization. With backhauling, there’s no need to deploy network security to each location because inspection is centralized—and historically, that’s an approach that made a lot of sense. Just a few years ago, a majority of businesses backhauled at least some of their internet traffic, with some organizations backhauling up to 80%.
But how we use the internet is changing, and cloud and real-time applications have become prolific. The resulting increase in traffic from these apps can make backhauling a less-than-optimal approach.
What are the Downsides of Backhauling?
As you might imagine, the extra routing distance back to the central network and potential for bottlenecks can have an impact on how your apps perform. While backhauling can streamline security, it also increases latency and slows performance.
This may not be noticeable for all online activities. But businesses are relying more and more on real-time apps such as Zoom and cloud-based call centers—and these are precisely the types of apps that are affected.
As if slow performance wasn’t enough of an issue, building and maintaining a backhaul network can be costly too—particularly if it’s wired. And while wireless may be cheaper, it’s more vulnerable to interference from other devices, inclement weather conditions, and so on.
Mission-Critical Apps and Services—Minus the Slowdowns
Balancing connectivity needs with network security is indeed an IT conundrum for the ages—and approaches such as hairpinning and backhauling often require tradeoffs where performance is concerned.
But that’s where Subspace comes in.
Subspace is a dedicated and secured network designed to facilitate networking needs for organizations with mission-critical apps and services. Subspace helps companies manage the challenge of deploying real-time apps, meeting both performance and security imperatives—because cutting-edge organizations can’t afford to trade one for the other.
This includes helping organizations optimize their capabilities around hairpinning and backhauling. In instances where hairpinning is required, Subspace can provide the additional network resources to increase bandwidth, split tunnels, or facilitate caching in order to provide better network performance and reliability.
Subspace can also help provide the bandwidth needed to keep core infrastructures running optimally, resulting in reliably stable backhaul networking.
By providing the hardware and services needed, Subspace enables companies to simplify their network management, while also streamlining their budgets and networking landscapes. Try it for free now.
