šŸšØThe Hidden Risk of Local Breakout | What Happens When It Fails?šŸ’„

Ronald BartelsRonald Bartels
3 min read

Local internet breakout is a key feature of modern SD-WAN solutions, allowing direct access to cloud applications without hairpinning through a data centre. It improves performance, reduces latency, and keeps traffic off expensive MPLS links. But what happens when that breakout fails? If your network relies purely on a local internet path, you might be in for a nasty surprise.

The Reality of Local Breakout Failures šŸ’„šŸšØ

Imagine this: Youā€™ve got a VMware SD-WAN Edge (VeloCloud) deployed at a branch, happily sending cloud-bound traffic via a local internet breakout. No tunnels, no detoursā€”just clean, direct internet access. Then, without warning, the internet path dies. Maybe itā€™s an ISP outage, maybe itā€™s an upstream routing failure, or maybe itā€™s just gremlins in the network. The result? Your cloud applications are dead in the water.

What Happens Next?

If youā€™re lucky enough to have a secondary internet link, the SD-WAN Edge should fail over automatically. VMware SD-WAN continuously monitors link health, and if one path degrades or drops, traffic is steered to the next best path. This failover happens within 700ms to 1 second, keeping disruptions minimal.

However, not all applications handle failover gracefully. Some cloud services, like Microsoft 365 or Zoom, might drop sessions when the source IP changes, leading to a temporary service disruption.

2. If Local Breakout Fails Completely šŸš«šŸ’Ø

Now, hereā€™s where things get messy. If thereā€™s no backup ISP and local breakout fails, all direct-to-internet traffic is dead. What happens next depends on how your SD-WAN is configured:

  • Using Cloud Gateways? Youā€™re Safe. šŸ›”ļø If the SD-WAN Edge has an active tunnel to a VMware SD-WAN Gateway, the network can dynamically reroute traffic via the cloud backbone. Instead of using local breakout, traffic will now hairpin through the SD-WAN fabric before exiting to the internet. This keeps services alive but adds latency.

  • No Backup Path? Game Over. šŸ˜µ If thereā€™s no backup ISP and no active SD-WAN tunnels, youā€™re toast. Traffic will simply fail, users will complain, and IT will be scrambling for a fix.

Why Fusionā€™s SD-WAN Solves This Problem šŸš€šŸ”

Fusion SD-WAN eliminates these pain points with a smarter, more resilient approach:

  • Multi-Path Load Balancing & Failover ā€“ Fusion dynamically bonds multiple WAN links, so failover is seamless and instant, without session drops.

  • ISP-Agnostic Performance Monitoring ā€“ Unlike traditional setups, Fusion actively probes upstream paths and detects failures before they cause disruptions.

  • Automatic Policy-Based Routing ā€“ Instead of relying solely on local breakout, Fusion can dynamically shift traffic between direct breakout, cloud VPN, or backbone paths based on real-time conditions.

The Bottom Line: Donā€™t Rely on a Single Breakout āš ļøšŸŒ

Local breakout is greatā€”until it isnā€™t. Without redundancy, a single failure can bring your cloud access to a grinding halt. SD-WAN solutions like Fusion provide intelligent failover, ensuring that your network remains resilient even when the unexpected happens. If youā€™re running business-critical applications, having a backup plan isnā€™t optionalā€”itā€™s essential.

So, next time someone suggests relying purely on local breakout, ask them: What happens when it fails?

4
Subscribe to my newsletter

Read articles from Ronald Bartels directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Ronald Bartels
Ronald Bartels

Driving SD-WAN Adoption in South Africa