VPN Split Tunneling and 8x8 Voice Applications

Updated: 08/15/2024

Overview

VPN Split Tunneling is deployed to help with various VoIP symptoms experienced by remote workers. Most, listed below, being evident primarily during high call traffic times
  • Dropped calls
  • Calls placed on hold cannot be retrieved again
  • Outgoing call goes silent or does not seem to dial
  • Delay with actions taken or received by contact center agents
  • Choppy voice or static noise

Applies To

  • Users on company mandated VPN services

Resolves

A large number of organizations utilize VPN connections to enforce security on sensitive data that must be transmitted and received, to and from, remote locations
With the increase of remote workers more and more companies are seeing their VPN infrastructure pushed to its limits resulting in poor performance with real time applications such as VoIP and its related applications (Contact Center)
The default setting for a VPN application is to encrypt, and then route, all of the users internet traffic back to the central location where it is decrypted and routed to the appropriate destination. This in many cases (such as 8x8 traffic) is routing out over the main locations Internet connection
While it is necessary to encrypt sensitive business information and applications, 8x8 services are already encrypted so routing them over the company VPN only results in double encryption. This adds additional unnecessary delay and leads to possible congestion on either the VPN services, the main location internet connection, or both
Split tunneling allows the use of the VPN services for necessary sensitive data while routing non-sensitive (or already encrypted) data out the remote users internet connection. Most home high speed internet connections can easily support 2 to 3 VoIP calls at a time along with their associated call control applications. Utilizing this remote internet connection reduces the load on both the VPN services as well as the main site internet connection

Advantages of Split Tunneling the 8x8 Voice Applications 

  • Less overhead required on VPN and Internet ISP connections at the main hub site resulting in reduced costs
  • Greatly reduced latency for the 8x8 application when it does not have to transverse 
    • double encryption (8x8 application default encryption + VPN encryption)
    • Corporate Firewall policies
    • Intrusion Detection devices
    • Corporate URL filtering 
  • Users/Agents are connected to the 8x8 Data Center closest to their actual physical location via 8x8 Geo Routing (With VPN services a user may be connected to an 8x8 Data Center on the opposite side of the country rather than one just a few miles away from their actual location)
  • Better Employee experience with
    • VPN bandwidth being limited to only necessary data resulting in faster business application response
    • 8x8 Voice Services routing directly to 8x8 resulting in faster application response times and reduced call control issues
  • Access to the Local Area Network which contains local resources like printers/scanners and other home applications

Cause

The primary cause of the symptoms listed above is congestion on either the VPN network or the Internet WAN connection that the VPN hands the traffic off to at the main location. The congestion results in increased latency leading to severly delayed and lost voice packets
See the diagrams below showing a network configured without, and then with, Split Tunneling

Without Spilt Tunneling

Displayed below are the possible congestion areas along with unnecessary additional encryption (and routing) to get to, and from, the 8x8 Data Center. This latency caused by congestion results in the high failure rate of calls, most noticeable, during high traffic times. This not only creates issues for remote workers, but as shown in the diagram, can lead to problems with users at the Headquarters location who are also utilizing the ISP internet connection for their 8x8 voice application
No_Split_Tunnel.jpg

With Split Tunneling 

The reduction in complexity and overhead at the main headquarters site is shown below with the VPN now only being concerned with the sensitive business applications. Meanwhile, the 8x8 Voice applications are routing directly over the internet to their closest 8x8 data center via Geo Routing. The Headquarters ISP internet connection now requires less capacity resulting in cost savings via reduced bandwidth or allowing necessary expansion without the need to order additional services
Yes_Split_Tunnel.jpg

Additional Information

8x8 does not recommend nor endorse the use of any one VPN provider. Please consult with your Data networking team or Data networking vendor on the advantages a Split Tunneling solution can provide for your 8x8 Voice application services. Note that not all VPN vendors provide a Spilt Tunneling option or may offer similar functionality under a different feature name.