Cato Edge SD-WAN

The Cato Socket, Cato’s Edge SD-WAN device, is a zero-touch device ready to work in minutes. Sockets come in two models: X1500 for branch offices and X1700 for datacenters. Both are continuously monitored and updated by Cato’s network operations center (NOC).

SD-WAN Operation

Cato improves capacity and resiliency by balancing traffic across links. Multiple link aggregation scenarios for MPLS and Internet circuits (fiber, DSL, cable, 4G/LTE or 5G) are supported. In active-active mode, Cato balances traffic across last-mile circuits. Using active-passive or active-active-passive, customers can designate one or two active connection(s) and a secondary connection for reliability purposes.

Regardless, should a brownout or blackout occur on a link, Cato instantly switches traffic to the best available link. Customizable management policies guide link failover, prioritizing applications so business-critical applications continue to receive the optimum capacity. Preconfigured timers determine failback, preventing flapping from disrupting network operation.

With link aggregation, Cato combines the capacity of multiple access links in one connection.

Dynamic Path Selection

Applications receive the optimum network experience with Dynamic Path Selection and Policy-based Routing (PbR). Cato Socket monitor link quality metrics (jitter, latency, and packet loss), dynamically selecting the optimum link based on preconfigured network rules. Using Cato’s PbR capabilities, applications can also be pinned to specific transports, such as restricting business critical applications to a high-quality, symmetric fiber links and leisure applications to a lower-quality, asymmetric links.

Network rules describe application routing through traditional application and network information, as well as Cato’s identity awareness capabilities. Identity awareness allows use of familiar constructs, such as team, username or other Microsoft Active Directory (AD) attributes, making policy creation intuitive and providing the highest level of policy abstraction.

Network rules guide SD-WAN operation on how to best manage specific traffic to meet business requirements. Rule configuration is intuitive, using traditional network and application information as well as Cato’s identity awareness capabilities.

Network rules guide SD-WAN operation on how to best manage specific traffic to meet business requirements. Rule configuration is intuitive, using traditional network and application information as well as Cato’s identity awareness capabilities.

Application Identification

Cato’s advanced Deep Packet Inspection (DPI) engine automatically identifies thousands of applications and millions of domains on the first packet. This robust library is continuously enriched by third-party URL categorization engines and machine learning algorithms that mine a massive data warehouse built from the metadata of all traffic flows traversing Cato Cloud. Customers can also configure policies to identify custom applications or have that done for them by Cato engineers.

Cato identifies thousands of applications, providing detailed insight into traffic analytics.

Custom applications can be easily defined by Cato customers or personnel.

Bandwidth Management and QoS

Cato aligns network usage with business intent through Bandwidth Management rules. The rules assure that more critical applications always receive the necessary upstream and downstream capacity, serving other applications on a best-effort basis. Rules contain priority, class of service, and capacity limits, if relevant. Administrators can modify or create rules, network-wide or per site. Detailed analytics for all rules can be easily seen through Cato’s advanced reporting capabilities.

Priority Analyzer provides a top-level view of performance information for each priority level.

Drilling down into a priority level displays throughput by host and application as well as detailed metrics, such as MOS scoring , latency, and packet loss.

Packet Loss Mitigation

To address last mile packet loss, Cato employs numerous mitigation techniques. The effects of packet loss are dramatically reduced by detecting lost packets nearly instantly in the nearby PoP and not the remote destination. When packet loss does jump, Cato Sockets automatically detect the change and switch traffic to alternate link(s) connecting the site. Cato intelligently resumes use of primary links to avoid link flapping.

To address very unstable last-mile links, Cato customers proactively enable packet duplication on a per application basis. When configured, Cato duplicates application packets on both links of an active-active connection. Traditional packet duplication operates for all applications, wasting bandwidth on the redundant packets. Cato’s proactive packet duplication allows customers to only use the technology for applications with low packet loss tolerance, such as Remote Desktop Protocol (RDP) and Voice-over-IP (VoIP), minimizing bandwidth usage.

BGP Integration

When organizations consider WAN transformation, they can face the migration challenge of integrating SD-WAN with their existing routing infrastructure. Without routing protocol integration, companies end up having to manually configure multiple static paths to connect their routed and SD-WAN infrastructure.

Cato’s routing protocol integration renders those actions are unnecessary. Based on a customer’s configurations and by leveraging BGP routing information, Cato Cloud can make informed real-time routing decisions. This enables enhanced support for scenarios such as direct connect and/or active-active configuration in AWS, disaster recovery (DR) with virtual IPs, integration with autonomous systems (AS) within sites, and greater flexibility in gradual deployments.

Configuration and Management

Management Application

Cato provides a single-pane-of-glass for managing networking and security infrastructure. The Cato portal provides more than just visibility into the SD-WAN; customers and their partners can also configure, manage, and troubleshoot their networks. An overall view provides a snapshot of the global network including cloud resources and mobile users. Detailed statistics can be accessed by drilling down into each entity. Security services are available from the same interface.
New Cato Management Application [30 min Walkthrough] | Watch Now

Cato’s management console provides enterprises with a single-pane-of-glass, showing all connected sites, cloud resources, and users. Overall analytics provide a drill-down snapshot of performance. Additional security and networking resources can be accessed on left.

Site metrics provide deep visibility into a site’s overall network performance and the individual links.

Real-time Analytics

To troubleshoot problems, Cato includes real-time network analytics providing metrics on jitter, packet loss, latency, packet discarded, throughput, and dropped packets for both upstream and downstream traffic. Mean opinion score (MOS) ratings provide real-time insight into the quality of experience for across Cato Cloud.

Cato’s real-time network analytics provides detailed metrics for diagnosing application performance. Mean opinion score (MOS) measures quality of experience for every connection.

Event Discovery

Event Discovery (called Instant*Insight) provides any IT team with the advanced hunting and research capabilities of a high-end operations center. Event Discovery organizes more than 100 network and security events into a single, queryable timeline. Complex queries can be easily built by selecting from the types and sub-types of events presented on the screen. The data warehouse is stored and maintained by Cato.

Zero-Touch Deployment

Without local IT personnel, branch deployments have long challenged IT, requiring remote network and security appliance configuration and personnel visits on-site. Cato addresses branch challenges with zero-touch deployment. The Cato Sockets only need power and an IP address — dynamic, or static, it doesn’t matter — to become operational. Once on the Internet, Cato Sockets automatically connect to the nearest Cato Point of Presence (PoP) and configure themselves.

Meshed Topologies and Scaling

Applications have different topology requirements. Some, such as client-server applications, work fine when the network is configured as a hub-and-spoke; others, such a voice, are more effective when the network is configured as a full-mesh. Cato’s unique architecture allows any network configuration, providing customers with fine-grain control over the sites, cloud resources, and users accessible to one another. In addition, Cato imposes no practical scaling limitations on network size or topology. Cato can support fully meshed configurations of hundreds of locations without requiring segmentation or additional SD-WAN equipment.

Through the WAN Firewall, Cato customers have fine-grained control over traffic flows, instantiating any type of network topology.

High Availability (HA)

Cato’s Affordable High Availability (HA) guarantees continuous operation in the event of a Socket failure. Primary and secondary Sockets are connected via VRRP, seamlessly switching over without disrupting application sessions. Should a Socket’s Internet connection degrade or fail, the Socket automatically reconnects to the best available PoP. Affordable HA carries no additional recurring charge; deployment is simple and completed in minutes.

Cato HA configuration is quick and simple, requiring just basic network information.