Cato Edge SD-WAN

The Cato Socket, Cato’s Edge SD-WAN device, is a zero-touch device ready to work in minutes. Sockets come in two models: X1500 for branch offices and X1700 for datacenters. Both are continuously monitored and updated by Cato’s network operations center (NOC).

SD-WAN Operation

Link Aggregation

Cato improves capacity and resiliency by balancing traffic across links. Multiple link aggregation scenarios for MPLS and Internet circuits (fiber, DSL, cable, 4G/LTE or 5G) are supported. In active-active mode, Cato balances traffic across last-mile circuits. Using active-passive or active-active-passive, customers can designate one or two active connection(s) and a secondary connection for reliability purposes.

Regardless, should a brownout or blackout occur on a link, Cato instantly switches traffic to the best available link. Customizable management policies guide link failover, prioritizing applications so business-critical applications continue to receive the optimum capacity. Preconfigured timers determine failback, preventing flapping from disrupting network operation.

Dynamic Path Selection

Applications receive the optimum network experience with Dynamic Path Selection and Policy-based Routing (PbR). Cato Socket monitor link quality metrics (jitter, latency, and packet loss), dynamically selecting the optimum link based on preconfigured network rules. Using Cato’s PbR capabilities, applications can also be pinned to specific transports, such as restricting business critical applications to a high-quality, symmetric fiber links and leisure applications to a lower-quality, asymmetric links.

Network rules describe application routing through traditional application and network information, as well as Cato’s identity awareness capabilities. Identity awareness allows use of familiar constructs, such as team, username or other Microsoft Active Directory (AD) attributes, making policy creation intuitive and providing the highest level of policy abstraction.

Application Identification

Cato’s advanced Deep Packet Inspection (DPI) engine automatically identifies thousands of applications and millions of domains on the first packet. This robust library is continuously enriched by third-party URL categorization engines and machine learning algorithms that mine a massive data warehouse built from the metadata of all traffic flows traversing Cato Cloud. Customers can also configure policies to identify custom applications or have that done for them by Cato engineers.

Bandwidth Management and QoS

Cato aligns network usage with business intent through Bandwidth Management rules. The rules assure that more critical applications always receive the necessary upstream and downstream capacity, serving other applications on a best-effort basis. Rules contain priority, class of service, and capacity limits, if relevant. Administrators can modify or create rules, network-wide or per site. Detailed analytics for all rules can be easily seen through Cato’s advanced reporting capabilities.

Packet Loss Mitigation

To address last mile packet loss, Cato employs numerous mitigation techniques. The effects of packet loss are dramatically reduced by detecting lost packets nearly instantly in the nearby PoP and not the remote destination. When packet loss does jump, Cato Sockets automatically detect the change and switch traffic to alternate link(s) connecting the site. Cato intelligently resumes use of primary links to avoid link flapping.

To address very unstable last-mile links, Cato customers proactively enable packet duplication on a per application basis. When configured, Cato duplicates application packets on both links of an active-active connection. Traditional packet duplication operates for all applications, wasting bandwidth on the redundant packets. Cato’s proactive packet duplication allows customers to only use the technology for applications with low packet loss tolerance, such as Remote Desktop Protocol (RDP) and Voice-over-IP (VoIP), minimizing bandwidth usage.

BGP Integration

When organizations consider WAN transformation, they can face the migration challenge of integrating SD-WAN with their existing routing infrastructure. Without routing protocol integration, companies end up having to manually configure multiple static paths to connect their routed and SD-WAN infrastructure.

Cato’s routing protocol integration renders those actions are unnecessary. Based on a customer’s configurations and by leveraging BGP routing information, Cato Cloud can make informed real-time routing decisions. This enables enhanced support for scenarios such as direct connect and/or active-active configuration in AWS, disaster recovery (DR) with virtual IPs, integration with autonomous systems (AS) within sites, and greater flexibility in gradual deployments.

Configuration and Management

Network Management

Cato provides a single-pane-of-glass for managing networking and security infrastructure. The Cato portal provides more than just visibility into the SD-WAN; customers and their partners can also configure, manage, and troubleshoot their networks. An overall view provides a snapshot of the global network including cloud resource and mobile users. Detailed statistics can be accessed by drilling down into each entity. Security services are available from the same interface.

Real-time Analytics

To troubleshoot problems, Cato includes real-time network analytics providing metrics on jitter, packet loss, latency, packet discarded, throughput, and dropped packets for both upstream and downstream traffic. Mean opinion score (MOS) ratings provide real-time insight into the quality of experience for across Cato Cloud.

Zero-Touch Deployment

Without local IT personnel, branch deployments have long challenged IT, requiring remote network and security appliance configuration and personnel visits on-site. Cato addresses branch challenges with zero-touch deployment. The Cato Sockets only need power and an IP address — dynamic, or static, it doesn’t matter — to become operational. Once on the Internet, Cato Sockets automatically connect to the nearest Cato Point of Presence (PoP) and configure themselves.

Meshed Topologies and Scaling

Applications have different topology requirements. Some, such as client-server applications, work fine when the network is configured as a hub-and-spoke; others, such a voice, are more effective when the network is configured as a full-mesh. Cato’s unique architecture allows any network configuration, providing customers with fine-grain control over the sites, cloud resources, and users accessible to one another. In addition, Cato imposes no practical scaling limitations on network size or topology. Cato can support fully meshed configurations of hundreds of locations without requiring segmentation or additional SD-WAN equipment.

High Availability (HA)

Cato’s Affordable High Availability (HA) guarantees continuous operation in the event of a Socket failure. Primary and secondary Sockets are connected via VRRP, seamlessly switching over without disrupting application sessions. Should a Socket’s Internet connection degrade or fail, the Socket automatically reconnects to the best available PoP. Affordable HA carries no additional recurring charge; deployment is simple and completed in minutes.