Global Private Backbone

Enterprises have long struggled with finding reliable and affordable global connectivity. Global MPLS connections come at a high cost for limited bandwidth, if they’re available at all. The Internet, already unpredictable, is only made worse by the latency of long-distance global connections.

Cato solves the global connectivity problem. The Cato global private backbone is a private network spanning 65+ points of presence (PoPs) worldwide. The backbone is affordable and managed by Cato personnel.

Cato dramatically reduces the cost of enterprise-grade global connectivity by leveraging the massive build out in IP capacity. Cato PoPs interconnect across multiple tier-1 providers, backed by SLAs on availability, latency, packet loss, and jitter. Cato’s software monitors the real-time performance of the provider networks and with our application-aware routing algorithms, selects the optimum path across the Cato backbone — even if that path is indirect, via other PoPs. By controlling the routing and only using SLA-backed network capacity, Cato delivers far better performance than the public Internet and at far lower cost than global MPLS.

Cato improves application throughput not beyond just minimizing global network latency. Built-in WAN optimization dramatically improves TCP efficiency, increasing data throughput for sites and mobile users by as much as 40x. Cato PoPs proxy TCP connections, allowing TCP clients and servers to send far more data, sooner. Advanced TCP congestion control also enable Cato edges to send and receive more data, as well as better utilize the available bandwidth. Both techniques shorten the time needed to remediate errors, reducing the impact of packet loss on data

Cato PoPs run our cloud-native software, a fully multitenant and scalable network stack that performs all core networking and security functions — the route calculation, policy-enforcement, and security inspection. The software platform operates on off-the-shelf servers capable of breakthrough performance previously only possible with custom hardware.
Eliminating proprietary appliances transforms the technical, operational, and cost characteristics of a legacy telco network. Without proprietary hardware to acquire or deploy, Cato has been able to expand its network footprint rapidly. Today, the Cato network covers every major business center and, as PoPs are primarily software and standard servers, opening new PoPs can happen quickly. Owning our own software leads to faster innovation enabling Cato to respond rapidly to a customer’s features requests, quickly resolve service issues, and reduce operational costs and 3rd party license fees.

To ensure maximum availability, the Cato architecture is fully self-healing. All aspects of failure detection, failover, and fail back are automated, requiring no special planning or pre-orchestration. Each PoP contains multiple compute nodes running identical copies of Cato’s software; any compute node can serve any edge tunnel connected to that PoP. Should a compute node fail, the tunnels automatically move to another node. Should a PoP become unreachable, edges connected to that PoP automatically reconnect to the next closest PoP. And should a tier-1 provider connecting Cato PoPs fail or degrade, PoPs automatically switch to one of the alternate tier-1 providers.

Extensive measures are taken to ensure the security of Cato Cloud. All communications — whether between PoPs or with Cato Sockets or Cato Clients — are secured by AES-256 encrypted tunnels. To minimize the attack surface, only authorized sites and mobile users can connect and send traffic to the backbone. The external IP addresses of the PoPs are protected with specific anti-DDoS measures. Cato service is ISO 27001 certified.