Answering the Top Questions About SASE Asked by IT Professionals
Achilles had his heel and Superman has his kryptonite. For SD-WANs, the Internet has been their weakness. The lack of a global, SLA-backed backbone leaves SD-WANs unable to provide the consistent, predictable transport needed by real-time service and business-critical applications. As a result, SD-WAN adopters have remained chained to their MPLS services, paying exorbitant bandwidth fees just to deliver these core applications.
But that doesn’t have to be the case.
Now a new kind of inexpensive, high-quality, SLA-backed backbone is emerging, one that allows companies to finally overcome their MPLS dependency. These backbones use cloud intelligence and Internet economics to seamlessly combine networking with advanced security at a fraction of the cost of MPLS. We call these secured backbones the “UberNet.”
The MPLS Problem
To understand the value of UberNet, we need to understand why MPLS service pricing is so expensive. Part of that has to do with delivering a managed services, which requires more engineering and operations than unmanaged Internet service, but that’s not the full story.
Market forces have been a big factor in impacting MPLS pricing. MPLS operators often had exclusive or near exclusive control over given regions. With limited competition, providers had little incentive to reduce their fees.
What’s more building out an MPLS service required significant costs, costs that had to be passed on to customers. Redundant Provider Edge (PE) MPLS-enabled routers, switches, and other appliances were needed in each point-of-presence (PoP). Cables, fibers, or wavelengths on fibers were leased or purchased by carriers.
Running that network meant suffering all of the rigidity enterprise IT managers have come to hate. Bandwidth was still provisioned in the old T1/T3/OC-3 increments. Careful traffic engineering was necessary due to limited available bandwidth. Maintaining that kind of complex infrastructure, particularly to meet uptime and delivery guarantees, makes for an expensive operation.
The UberNet uses a very different model. It’s built on the layered approach so effectively employed in IP networking. Rather than their own global infrastructure, service providers purchase or lease bandwidth, what are called “IP transit” services, across existing Tier-1 IP backbones.
With IP transit, providers avoid the sudden spikes in loss and latency found when providers exchange traffic for free (what’s commonly called “Internet peering”). IP transit services come with the same “5 9’s” availability and .1% maximum packet loss guarantees typical of MPLS services. The competition among backbone suppliers and the nature of IP minimizes costs.
But no network is ever perfect so to maximize performance and extend their reach, UberNet PoPs connect to multiple tier-1 backbones. A combination of an encrypted software-defined overlay across all backbones, application-aware routing, and the gathering of latency and loss statistics from each backbone allows the UberNet to select the optimum route network any application at anytime. As such, the UberNet can deliver better performance, uptime, and geographic reach than any one Tier-1 backbone.
Redundancy is provided in two ways with the UberNet. Like any Internet service, the UberNet inherits redundancy from the existing Internet infrastructure. Locations connecting to the UberNet, for example, are directed to the closest available PoP by DNS. This is an inherent feature of the Internet that we take for granted, but providing that kind of resiliency would require significant design work by the MPLS provider.
In addition, UberNet code is fully distributed across commercial off-the-shelf (COTS) hardware. As distributed software, PoP components can take over for another in the event of a component failure. The same is true with the PoPs themselves. Should one PoP become unreachable for any reason, traffic is routed over to the other PoPs. And by avoiding proprietary appliances, part sparing becomes a non issue.
The use of COTS also helps with geographic coverage. Without having to ship proprietary hardware, providers can roll out PoPs far faster than with MPLS networks. COTS hardware (or the virtual equivalent) are the only requirement. No direct dependency exists between a customer’s location or users, and a particular provider resource. Moving PoPs closer to customer locations, shortens the “last mile,” allowing the UberNet’s traffic steering and application-centric routing to optimize traffic.
By connecting locations with diversely routed, fiber connections running business-grade Internet service, availability and performance is further improved. In fact, uptime can far exceed typical Internet connectivity and even MPLS local loop resiliency. (Read SD-WAN Experts blog for more information.)
With more enterprise traffic going to the Internet, security needs to be an essential part of any service. Encrypting traffic in-flight is a small part of what’s necessary to protect the enterprise. Advanced threat protection services, such as next generation firewall (NGFW), intrusion prevention systems (IPS), and a secure web gateway (SWG) are needed to secure the enterprise perimeter and mobile users.
The UberNet integrates advanced security services into its PoPs. And since UberNet is built on the Internet, any cloud resource, SaaS application, mobile user, and, of course, location that can connect to the Internet can connect and be secured by the UberNet.
Unlike Any SD-WAN
While CDN providers and others have built specialized services on the UberNet, general network and enterprise-grade security services are just starting to emerge. The first such service is the Cato Cloud. It fully converges security and networking services. By connecting to the Cato Cloud, customers no longer need firewalls, SWG, or any other security infrastructure to protect their locations, mobile users, or cloud resources. The Cato Cloud – it makes networking and security simple again.
To read more about the UberNet, and how it is replacing MPLS, get our free white paper here.