MPLS Problems Complicate Networking
For years, MPLS services were the defacto standard for connecting company locations. And so, like many enterprises, Humphreys duly built its U.S. network on MPLS. The MPLS service gave Humphreys the predictable transport necessary for running business-class voice service, but it also brought plenty headaches.
“The problem with MPLS is that it’s expensive, slow, and takes forever to get anything done,” says Paul Burns, IT Director at Humphreys.
Connecting new locations took far too long, with circuit delivery requiring several months. “Ninety days doesn’t fly anymore when a site is just two or three people in a garage and DSL can be delivered in a day or two,” Burns points out.
What’s more, MPLS wasn’t agile enough to accommodate Humphreys’ growth. “Many of our offices start with a few people, but then they outgrow the space. Every time we moved, our carrier wanted a three-year contract and 90 days to get the circuit up and running.”
Even simple network changes, like adding static routes to a router, necessitated submitting change tickets to the MPLS provider. To make matters worse, the carrier team responsible for those changes was based in Europe. “Not only did the carrier require 24 hours, but often the process involved waking me in the middle of the night,” Burns says.
MPLS inflexibility hurt more than the business; it hurt Burns’ reputation. “I once sat in an executive meeting and learned that we were moving an office,” he recalls. “I explained to the other executives (again) that the move would take at least 90 days. They just looked at me like I was crazy.”
When Humphreys opened an office in Uruguay, Burns wanted to connect it to his MPLS service. His provider offered only a 1.5 Mbits/s MPLS connection for $1,500 a month, about the same price as his 50 Mbits/s MPLS connection in Dallas. “It was a take-it-or-leave-it kind of deal — so we left it.”
SD-WAN Edge Appliances Not Much Better
Burns began investigating SD-WAN with Internet connectivity as a way of connecting his Uruguay office, maintaining MPLS for his voice service. He gradually deployed SD-WAN appliances in Uruguay and four other locations, swapping MPLS inflexibility for SD-WAN complexity.
“The configuration pages of the SD-WAN appliance were insane. I’ve never seen anything so complicated. There were pages upon pages of settings with so many options,” says Burns. “Even the sales engineer got confused and accidentally enabled traffic shaping, limiting our 200 Mbits/s Internet line to 20 Mbits/s.”
The appliance-based architecture also proved difficult to get fully working. The SD-WAN appliances had to establish tunnels with one another, but that didn’t always happen. “Sometimes Dallas could connect to two sites, but they couldn’t connect to each other. The vendor’s answer: update our firmware and reboot. But that didn’t work.”
Ultimately, Burns abandoned the SD-WAN appliance architecture. “It was just the maintenance of it. We would get an e-mail every time there was some SD-WAN-related error. You expect e-mails at 4 am with a telco when it’s doing network maintenance and things go down. I don’t expect thousands of early morning e-mails from an SD-WAN appliance.”
Cato: Converging SD-WAN, Security, and Mobility Simplify Networking
Burns decided to try Cato Cloud, Cato’s SD-WAN as a service. “We drop-shipped devices out to New Orleans, and I flew out to install the stuff. Took less than a day, and performance was great.”
Eventually he deployed Cato in every location but Garland and Orlando, which were still under MPLS contract. Cato was particularly helpful in connecting locations outside the U.S. “Cato gave us freedom,” says Burns. “Now we can use a socket, a VPN tunnel, or the mobile client, depending on location and user requirements.”
“My biggest concern with connecting Vietnam to our previous SD-WAN was shipping the appliance. There was the matter of clearing customs and installation. We’d be dealing with a communist country, and I wasn’t familiar with its culture. Instead, users can now just download and run Cato’s mobile client.”
As for the Uruguay office, Burns could use a firewall-initiated IPsec tunnel. “We set up Uruguay in 10 minutes, because we just built a VPN tunnel through the existing firewall,” he says.
Burns expects to migrate all local firewalls to Cato. “Our public-facing ‘stuff’ has been relocated to the datacenter. The only inbound traffic comes from people ‘RDPing’ into their computers through Dallas. Now, when we see that, we just fix them up with the Cato VPN.”
Convergence Brings Business Value
Cato’s converging of networking, security, and mobility onto a managed backbone simplified Humphreys’ network and helped the business.
Bandwidth costs will reduce as Burns phases out MPLS at the remaining locations. He can eliminate MPLS because of Cato Cloud quality and predictability. Cato Cloud’s latency and loss levels were more than sufficient for business-grade voice, he reports.
Humphreys was also free to tap the best talent without connectivity concerns. “Our Newport Beach branch wanted to hire a guy in Scottsdale, but we had no office there,” says Burns. “With Cato, we just connected him with Cato’s mobile client. Without Cato, the guy basically wouldn’t work for us, or his functionality would be 25 percent of what it is now.”
Burns loved Cato’s security features as well. “We hadn’t even subscribed to Cato’s security services, but we were alerted to potential malware on our users’ machines,” he notes. “That’s something that none of our other network providers can offer.”
Burns’ bottom line on Cato? “We set out to address our MPLS problem, and along the way we got an affordable MPLS alternative, security solution and mobile VPN solution.”