3 providers fixing the middle mile problems of internet-based SD-WANs

A new global backbone provider emerged from stealth last week, giving organizations even more choice in how they build their Internet-based SD-WANs.  Mode introduced what it calls a “software-defined core” (SD-CORE) network that offers IT “affordable private-network reliability and quality of service” across the globe.

The company joins Aryaka and Cato Networks as one of the few independent backbone providers helping enterprises solve the variability problems of the Internet core. Middle-mile performance forms the biggest challenge for delivering stable, global, low-latency connections.

Although last miles were more erratic than the middle mile, any impact was marginalized by their relatively short length. The middle mile on a global connection would naturally account for most of the path’s latency, a fact that’s only exacerbated by the public peering and crazy routing practices of the Internet.

Replacing the public Internet with a private backbone (the AWS network in our case) stabilizes latency significantly.  We found that by sending traffic across the AWS backbone, communications between our AWS workloads deviated nearly 90 percent less from the median than when they operated across the public Internet.

Middle-mile choices

Aryaka, Cato and now Mode offer enterprises the opportunity to enjoy the performance benefits of a global backbone. Enterprises access these backbones by establishing encrypted tunnels across third-party Internet access services. This is in many cases, less than 20ms or so from the customer premise. The tunnels terminate at the the provider’s closest point of presence (PoP). Traffic then rides across the provider’s private backbone to the destination PoP where traffic exits traverses a tunnel across another last mile access service to the destination.

In theory, enterprises gain the best of both worlds. They get the network performance of a reliable private middle mile, avoiding congestion and routing of the public Internet’s core. At the same time, they gain the freedom to select any last-mile service while avoiding the local-loop costs that inflate MPLS prices.

And it’s this last mile freedom that separates the independent global backbones from traditional carrier offerings. Carriers such as AT&T and Masergy have long provided VPN access to their global services. But accessing their backbones required subscribing to the carrier’s last-mile services, locking enterprise into the carrier much as is done with MPLS services.

And while the three providers offer global backbones, they each have their own niche. Aryaka is the most established and the first of the lot. It’s SmartCONNECT services provide SD-WAN and network connectivity for locations, replacing existing legacy MPLS services. Mobile users can be connected using a remote access service, Smart Access. Today, Aryaka’s network spans 26 PoPs across the Americas, EMEA, and the Asia Pacific. The company’s network provides full cloud-based WAN optimization including data deduplication. Customers are given a monitoring console providing network and application visibility. Some network changes can be made by the customer; others require opening a trouble ticket with Aryaka.

Cato Networks was founded three years ago. The company’s Cato Cloud is a cloud-based SD-WAN that connects and secures all company resources —  fixed locations, cloud resources and mobile users. All send their Internet and WAN traffic across encrypted tunnels to the nearest Cato PoP where Cato software secures and optimizes the traffic. Cato Security Services are a fully managed security stack that includes NGFW, SGW, IPS and, most recently, threat hunting.

The Cato Cloud Network underlying Cato Cloud is a global, geographically distributed, SLA-backed network of currently 40 PoPs across the Americas, EMEA and the Asia Pacific. The PoPs form an intelligent overlay built across transit services purchased on multiple tier-1, IP backbones. The PoPs monitor the underlying networks, selecting the optimum path across the Cato Cloud network to the destination PoP for each packet. Cato uses what it calls “multi-segment optimization” to improve performance. Cato offers a self-service management model with customers managing their own SD-WAN instances while Cato maintains the underlying network; managed services are optional.

Mode is the newest of the three companies. Fresh off a funding round led by Google, last year, Mode focuses on providing high-speed cloud access using a cloud-based, software-defined private network. Unlike Aryaka and Cato, Mode does not provide SD-WAN CPE. Instead, the Mode network works any SD-WAN solution. This company’s network spans 21 POPs across the Americas, EMEA and the Asia Pacific built on leased connectivity across a private underlay provided by Ericsson and its global telco partners.

Acceleration comes in the form of the Mode HALO Core routing algorithm, which its founders developed while at Cornell University.  This algorithm was the winner of the AT&T SDN Network Design Challenge  The company founders’ original IEEE paper shows that the mathematically optimal HALO approach is the first fully distributed and autonomous optimal control system for packet-switched networks. “Mode Core intelligently shifts traffic in milliseconds, dynamically adjusting to network changes and traffic flows,” says Mode co-founder Dr. Nithin Michael and co-author on the HALO research. “Our breakthrough in routing efficiency allows Mode Core to deliver reliability, QoS, and cloud elasticity in a single network. We support user provisioning from any SD-WAN or VPN tunnel to allow enterprises to dynamically modify their desired bandwidth at any time.

The shift away from MPLS to SD-WAN is more than just a move to a less expensive networking service. It’s a change in how enterprises think about their networks. No longer do organizations need to be tied to a single provider for the full network. They can buy local access from different network providers and in so doing, companies gain agility and reduce their costs, something that global backbone providers are all too willing to help out with.