Downtime is rarely dramatic. More often, it is subtle and frustrating. A firewall reboots. A network cable is unplugged for…

How firewalls, UTM, NGFW, SSE, and SASE evolved to meet modern threats

Network security architectures evolve when reality breaks old assumptions.

For a long time, organizations assumed that users sat inside offices, applications lived in data centers, and the internet was something accessed from a controlled perimeter. Security systems were designed around that world.

Over the last two decades, that world slowly disappeared. Each new architecture emerged not because the previous one was “bad,” but because it could no longer see or control what mattered most.

When network vendors talk about bandwidth aggregation, the term often sounds magical multiple WAN connections pooled together to give you one fat pipe. But in reality, not all aggregation is created equal. Let’s peel back the layers and see what’s really happening.

Most edge routers that advertise bandwidth aggregation are actually using load balancing, typically a Weighted Round Robin (WRR) mechanism. Here’s how it works:

Multiple WAN connections (say two broadband links) are configured on the router.

The router distributes outgoing TCP connections across these links based on assigned weights. For example, if WAN1 is 100 Mbps and WAN2 is 50 Mbps, the router might assign a 2:1 ratio, sending twice as many sessions over WAN1 as WAN2.

During a speedtest or a file download manager with multiple threads, the application creates multiple TCP connections. Each of these connections is spread across the available WANs, making it appear that the total bandwidth is the sum of all links.

Across India, Internet Service Providers (ISPs) are required by the Department of Telecommunications (DoT) and the Telecom Regulatory Authority of India (TRAI) to maintain detailed network usage logs for a defined retention period — commonly two years.

These logs, known as Internet Protocol Detail Records (IPDRs), form the backbone of lawful traceability. They help authorities identify a specific user behind a connection, especially in dynamic IP and NAT environments.

Without a reliable IPDR system, ISPs risk non-compliance, penalties, and operational blind spots. Yet, traditional solutions built on large data collectors, probes, and analytics engines can cost lakhs to crores, making them impractical for regional and mid-sized ISPs.