Not All Backbones are Created Equal
Listen to post:
Getting your Trinity Audio player ready...
|
It’s no secret that many enterprises are reevaluating their WAN. In some cases, it might be an MPLS network, which is no longer suitable (or affordable) for the modern digital business. In other cases, it might be a global SD-WAN deployment, which relied too much on the unpredictable Internet.
Regardless of why the company needs to transform its enterprise network, the challenge remains the same: How do you get secure connections with the same service level of predictability and consistency as MPLS at an Internet-like price point? This calls for a SASE service built on a global private backbone.
Why a Global SASE Service?
Even enterprises who previously thought of themselves as regional operations find they need global reach today. Why? Because users and data are everywhere. They can (and probably do) sit in homes (or cafés) far from any place an office might be situated, accessing cloud apps across the globe. Pulling traffic back to some site for security inspection and enforcement adds latency, killing the application experience. Far better is to put security inspection wherever users and data sit. This way they receive the best possible experience no matter where that executive might be sitting in the world.
Why Private?
Once inspected, moving traffic to a private datacenter or other sites across the global Internet is asking for trouble. The Internet might be fine as an access layer, but it’s just too unpredictable as a backbone. One moment a path might be direct and simple; the next your traffic could be sent for a 40-stop visit the wrong way around the globe. With a private backbone, optimized routing and engineering for zero packet loss makes latency far lower and more predictable than across the global Internet.
Why Not Private Networks from Hyperscalers?
All major public cloud providers – AWS, Azure, and GCP — realize the benefits of global private networks and offer backbone services today. So why not rely on them? Because while a hyperscaler backbone might be able to connect SD-WAN devices, it lacks the coverage to bring security inspection close to the users across the globe. Only a fraction of the many hyperscaler PoPs can run the necessary security inspections and only a smaller fraction can act as SD-WAN on-ramps. At last check, for example, only 39 of Azure’s 65 PoPs supported Azure Virtual WAN. And then there’s the question of availability. The uptime SLAs offered by cloud providers are too limited, only running 99.95% uptime, while traditional telco service availability typically runs at four nines, 99.99% uptime.
Global Backbone | Watch Cato DemoWhy Cato’s Global Private Backbone?
For those reasons and more, enterprises are replacing their legacy network with Cato’s global private backbone. Today, it’s the largest private SASE network spanning 70+ PoPs worldwide.
Built as a cloud-native network with a global private backbone, Cato SASE Cloud has revolutionized global connectivity. Using software, commodity hardware, and excess capacity within global carrier backbones, we provide affordable SLA-backed connectivity at global scale.
And every one of our PoPs runs the Cato Single Pass Cloud Engine (SPACE), the converged software stack that optimizes and secures all traffic according to customer policy.
Our simple edge devices combine last mile transports, such as fiber, cable, xDSL, and 4G/5G/LTE. Encrypted tunnels across these last-mile transport carry traffic to nearest PoP. The same goes for our mobile clients (and clientless access). From the PoP, traffic is routed globally to the PoP closest to the destination using tier-1 and SLA-backed global carriers.
This model extends to cloud services as well. Traffic to cloud applications or cloud data centers exit at the PoP closest to these services, and in many cases within the same data center hosting both PoP and cloud service instance.
Key Benefit #1 – Optimized Performance
With built-in WAN optimization, Cato increases data throughput by as much as 40x. Advanced TCP congestion control enables Cato edges to send and receive more data, as well as better utilize available bandwidth. Other specific optimization improvements include:
- Real-time network condition tracking to optimize packet routing between PoPs. We don’t rely on inaccurate metrics like BGP hops, but rather on network latency, packet loss, and jitter in the specific route.
- Controlling the routing and achieving MPLS-like consistency and predictability anywhere in the world. For example, the path from Singapore to New York may work better through Frankfurt than going direct, and Cato SASE Cloud adapts to the best route in real time.
- Applying dynamic path selection both at the edge and at the core – creating end-to-end optimization.
- Accelerating bandwidth intensive operations like file upload and download through TCP window manipulation.
Key Benefit #2 – Self-Healing and Resiliency
To ensure maximum availability, Cato SASE Cloud delivers a fully self-healing architecture. Each PoP has multiple compute nodes each with multiple processing cores. Each core runs a copy of Cato SPACE, which manages all aspects of failure detection. Failover and fail back are automated, eliminating the need for dedicated planning or pre-orchestration. More specifically, resiliency capabilities include:
- Automatically working around backbone providers in case of outage or degradation to ensure service availability.
- Ensuring that if a compute node fails, tunnels seamlessly move to another compute node in the same PoP or to another nearby PoP. And in the unlikely event that a tier-1 provider fails or degrades, PoPs automatically switch to one of the alternate tier-1 providers.
- Specialized support for challenging locations like China. Cato PoPs are connected by private and encrypted links through a government-approved provider to Cato’s Hong Kong PoP.
A great example of Cato resiliency at work was the recent Interxion datacenter outage in London housing Cato’s London PoP. The outage disrupted trading on the London Metal Exchange for nearly five hours. And for Cato? A few seconds. Read this first-hand account from Cato’s vice president of operations, Aviram Katzenstein.
Key Benefit #3 – Secure and Protected
Cato’s global private backbone has all security services deployed in each of the Cato PoPs. This means that wherever you connect from, your traffic is protected by a full security stack at the PoP nearest to you. From there, Cato’s backbone carries your traffic directly to its destination, wherever it may be. This enables full security for all endpoints without any backhauling or additional stops along the way.
Extensive measures are taken to ensure the security of Cato SASE Cloud. All communications – between PoPs, with Cato Sockets, or Cato Clients – are secured by AES-256 encrypted tunnels. To minimize the attack surface, only authorized sites and remote users can connect and send traffic to the backbone. The external IP addresses of the PoPs are protected with specific anti-DDoS measures. Our service is ISO 27001 certified.
Key Benefit #4 – Internet-like Costs
We reduce the cost of enterprise-grade global connectivity by leveraging the massive build-out in IP capacity. All Cato PoPs are connected by SLA-backed transit capacity across multiple tier-1 networks. The Cato software monitors the underlying, capacity selecting the optimum path for every packet. The result: a network with far better performance than the public Internet at a far lower cost than global MPLS.
A Proven Solution for Global Connectivity
Cato’s backbone delivers better performance, availability, and coverage than any single carrier. A single tier-1 carrier can’t reach all parts of the globe, and a single tier-1 carrier can’t provide the predictability of MPLS. Just as enterprises use SD-WAN to aggregate Internet services and overcome the limitations of any one service, SASE leverages SD-WAN to aggregate tier-1 carriers to overcome the limitations of any one network.
“Opening new stores now goes smoothly, pricing is affordable, the cloud firewall and private backbone provide a great experience, and services are easy to set up.”
Steve Waibel, Director of IT, Brake Masters
“We no longer had to have a separate IDS/IPS, on-premises firewalls, or five different tools to report on each of those services. We could bring our cloud-based services directly into Cato’s backbone with our existing sites and treat them all the same.”
Joel Jacobson, Global WAN Manager, Vitesco Technologies
“The fast backbone connection most of the way to its ACD cloud service was a big plus. QOS was always a struggle before Cato. It’s pretty awesome to hit that Cato network and see that traffic prioritized all the way through to the cloud, rather than just close to our site.”
Bill Wiser, Vice President of IT, Focus Services
Thanks to the low cost of the Cato solution, Boyd CAT more than doubled branch bandwidth, by moving from 10 to 25 Mbits/s – to dramatically improve application performance together with Cato’s optimization and global private backbone.
“The branches were just loving it. They started fighting over who would transition to Cato next. We were able to discontinue all our MPLS connections.”
Matt Bays, Communications Analyst, Boyd CAT
With Cato SASE, office and remote and home workers connect to the same high-speed backbone. Mobile and home users benefit from the same network optimizations and security inspections as office workers.
“This year, the entire WAN and Internet connectivity will be running on Cato.”
Eiichi Kobasako, Chief of Integrated Systems, Lion Corporation