October 28, 2020 4m read

WAN Overlay and Underlay Projects: Better Together?

Yishay Yovel
Yishay Yovel
WAN Overlay and Underlay Projects

Table of Contents

Wondering where to begin your SASE journey?

We've got you covered!
Listen to post:
Getting your Trinity Audio player ready...

Anyone who is considering SD-WAN for their WAN transformation project must be a bit anxious about the transition of last mile access to the Internet. Instead of MPLS from a single telco, a whole slew of ISPs provide the Internet underlay in various geographies (Cato created specific content and best practices to help guide customers on this topic).

Customers are motivated to migrate away from MPLS due to high cost per bit, long deployment of last mile connectivity to new sites, slow response to network changes, and lack of innovation in a network and security stack built on third-party products. SD-WAN projects introduce a mix of Internet underlays to augment or replace MPLS. Local ISPs provide the Internet-based underlays, and customers work with them directly to optimize service, quality, and costs especially for international locations. At the same time, working with multiple underlay providers is more operationally complex vs. working with a single telco.

We have seen customers respond to this challenge in two ways when launching their SD-WAN project RFPs: combine the underlay and overlay parts of the project into a single RFP or separate the underlay and overlay into two RFPs.

Combining the Overlay (SD-WAN) and Underlay (Internet Transport) into a Single RFP

In this model, the customer wants the “a telco experience” from the new SD-WAN deployment by getting the underlay and the overlay from a single provider. This approach makes sense at first glance: keep one service provider responsible for the procurement, deployment, and management of the network. But keeping things “similar” to the old operating model, persists the service quality and operational challenges of the previous network. Since the only providers capable of providing both the underlay and the overlay from one source are telcos, bolting on a shiny new technology into the telco service will result in the same sub-par service speed, quality, costs, and innovation. There is a nuance to this story: in some cases, the customer is willing to let the service provider introduce a last mile broker that will procure and deploy the last mile. I would consider that similar to the approach discussed in the next paragraph.

Separate the Overlay (SD-WAN) and Underlay (Internet Transport) RFPs

In this model, the customer separates the underlay project (last-mile access) from the overlay project (SD-WAN or SASE). The underlay RFP may not be needed if IT already has contractual relationship with global ISPs acting as a backup to the MPLS network. If last-mile provisioning is needed, a bid between brokers, agents, telcos, and other access providers will reduce the cost of last mile while working with specialists. Last-mile deployment isn’t trivial, especially at scale, so working with domain experts makes a lot of sense. The customers can launch the overlay RFP separately (under the assumption that the right mix of underlays is made available) and look into the full range of vendors, technology, and services that can address SD-WAN, security, remote access, and global cloud connectivity. The expertise and capabilities needed to optimize the overlay is vastly different than that of the underlay.

One of our global manufacturing customers did just that. They leveraged the buying power of a group of “sister” companies to create a big underlay project, sent the RFP to last-mile specialists, and got the best price. Then, they turned to choose the best overlay solution independent of the last mile. As the leading network architect told me: “If we issued a single RFP for the project, we would only get responses from legacy telcos. The last mile would determine the winner before we even started. By separating these RFPs, we could get the most advanced and innovative vendors bid for the strategic part of our WAN transformation”.

The Cato Take

Cato SASE creates a global network overlay that is agnostic to the underlay. As a cloud-based software platform Cato does not directly procure and deploy last mile services. Cato partners with MSPs and last-mile aggregators to help our customers with the procurement of last-mile services.

If you want to maximize the impact of your WAN transformation project, put yourself in a position to consider the full range of options. Don’t let old WAN designs and business models hold you back.

Wondering where to begin your SASE journey?

We've got you covered!
Yishay Yovel

Yishay Yovel

Yishay drives Cato’s strategic communication to investors, partners, and customers. A Cato veteran, Yishay was the former CMO of Cato. Before Cato, Yishay held executive marketing positions at Trusteer, a financial fraud and advanced malware protection company, and at Imperva. Yishay has over 25 years of experience in marketing and product management in enterprise software companies in the areas of security, networking, IT infrastructure, and mobile computing. Yishay holds a bachelor degree in Law from Tel Aviv University.

Read More