• United States

Behold the secure directional network connectivity of SuperWAN

Oct 30, 20173 mins

SuperWAN: able to secure directional network connectivity between locations! Able to provide session-by-session mutual authentication at each network element! Able to give you total control over all cryptographic keys used in transport, even in foreign network locations on remote planets! And more!

superhero 154293423
Credit: Thinkstock

Imagine you are Clark Kent, CIO of a large organization in Metropolis, and current trends in network disaggregation continue. As such, you must now provide connectivity to three Azure data centers for Office 365; 20 AWS sites located all over the world for a host of outsourced IT applications; four corporate data centers (older applications); 10 Equinix data centers for outsourced private use; direct access to 25 additional cloud service offerings for security reasons, including UC services, and Concur, to your 500 branch sites; and 30,000 telecommuting employees.

Look up in the sky! It’s a WAN! No, it’s a SD-WAN! No, it’s… SuperWAN!

Assuming no nearby Kryptonite, the SuperWAN could provide secure directional network connectivity between every single one of these locations solely to enable services and applications, with restrictions that limit connectivity to just those that need it. The powers of SuperWAN include:

  • Session-by-session mutual authentication at each network element;
  • For traffic not already encrypted—session-by-session, edge-to-edge stateless encryption. Re-encryption is not performed;
  • Total control over all cryptographic keys used in transport, even in foreign network locations on remote planets;
  • Multi-path routing to each destination;
  • Service specific access controls (ACLs);
  • Elimination of tunnels saving up to 30 percent of bandwidth;
  • Quality of service support for specific services (UC/Skype for Business);
  • Automatic selection of the correct and best data center from each branch office, with resiliency (elimination of dynamic DNS);
  • Telecommuters are all connected to the same managed WAN;
  • NATs and NAT64s become transparent and all networks involved are internetworked end-to-end.

This amazing SuperWAN is not an earthly WAN; it is not an SD-WAN. Rather, it is something new: a large collection of networks (in my example, 537 private business grade networks and 30,000 home networks) that are inter-networked to provide secure connectivity, many of which are owned and controlled by third parties.

SuperWAN network connectivity is focused on services and applications and who can use them rather than earthly concepts of IP address ranges, VLANs, ACLs, MPLS, tunnels, and private addresses. SuperWAN securely and directionally routes sessions to enable a service or application, not stateless packets. The likelihood that Lois Lane’s client and service instance will be on the same physical network is going to be unlikely in the future, therefore SuperWAN will support routing policies that are meaningful across network borders (NATs, NAT64s, IPv4, IPv6, and private networks). As a result, SuperWAN policies do not use IP addresses. SuperWAN policies are instead defined with words. SuperWAN will return Ethernet layer solutions to the domain of the local area where they belong, eliminating ARP proxies, stretched broadcast domains, multi-location VLANs, and Ethernet pseudo wires which are really just Kryptonite in disguise.

So next time you see an old hardware based router, drag it to a nearby phone booth (if you can find one) and transform the old paradigms of networking into intelligent software based routers that understand sessions and services. Yes, the S stands for Software.


Patrick MeLampy is a co-founder and Chief Operating Officer at 128 Technology, a company that is attempting to "Fix the Internet."

Prior to 128 Technology, MeLampy was Vice President of Product Development for Oracle Communications Network Session Delivery products. Prior to Oracle, MeLampy was CTO and founder of Acme Packet, a company acquired by Oracle in February of 2013 for $2.1 billion dollars.

MeLampy has an MBA from Boston University, and an engineering degree from the University of Pittsburgh. He has 28 years of experience and has been awarded 35 patents in the telecommunications field.

The opinions expressed in this blog are those of Patrick MeLampy and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.