Mode should be in your SD-WAN's future
Dear readers: I'm taking a break this week. You've heard my perspective across 20 blog entries. It's time for someone else. And that someone else is a very special guest blogger. Searl Tate.
Searl is the recent CIO and Managing Director of Paul Hastings, an Am Law 100 law firm, one of the largest in the world, and focused on servicing Fortune 100 companies. Searl is a veteran when it comes to maintaining the highest standards in an Enterprise Network, from high performance and availability to strict security, and Enterprise and client compliance.
At Mode, our goal is to work with the on-premises SD-WANs to deliver a No-Worry Network that helps folks like Searl sleep better at night.
We hope you enjoy his blog.
Let's start by covering the current state of networking. Particularly in light of our highly regulated conditions that all but mandate some form of special compliance above and beyond what many of us are already doing today.
If you have achieved your network compliance goals, congratulations. I suspect there are at least a few of us left wondering what cost-effective solutions are available as an option to upgrading our legacy network circuits. Yes, I regard MPLS as a legacy technology.
This blog is entitled Building Enterprise Compliance & High-Performance Networks since that's the path I see most technology managers debating when faced with their own network upgrade decisions.
I believe this is especially true in our current climate of extreme governance. While my experiences are colored by my time in professional services in Big Law, I think any enterprise manager will appreciate this discussion.
My aim is to cue a few provocative points that may stimulate your own questions, concerns, and challenges.
Our Carrier Journey
What is "Enterprise-Grade Security" and how do you achieve and maintain it?
In its most nascent form, enterprise security was simply a private circuit. We couldn't even count on physical separation, necessarily.
This is a case of picking from the options available — often borne of cost consciousness, performance characteristics, or some other non-security facet. It was only after our basic performance and functional needs were met that we were able to turn our attention to matters of security and compliance.
The long swing of the pendulum has landed us squarely in the middle of a security concern reawakening. There is no doubt that some of the fervor is amplified by government regulations, but the industry needs the wakeup call.
I think we can agree that however we arrived here, there is no question that we are expected to provide a stable, reliable, high-performance network at the lowest cost basis possible.
As a car guy, this reminds of me the old mechanics saw of "fast, good, or cheap — pick any two."
Back to security today, we know this means strong encryption and central key management. It's more, too — consider the attack surface your network faces. This is even before we get into application layer concerns. Keep in mind that a secure network can mitigate plain-text client-server communications. It is one of the easiest ways to shore up this basic compliance requirement.
Beyond this, there are issues of non-availability like you might see with Distributed Denial of Service attacks. This highlights the need for path diversity. Ideally, this failover and reconvergence is handled automatically...and without anyone noticing the hiccup. That always happens, right?
A Little History
You could read this as a lightly coded message to mean "only enterprise customers care about security" — and given the marketplace options until recently, you'd be right. We tend to vote with our wallets, and external pressures are making it clear that we must pony up and establish a better and more secure network platform.
Back to history, that has meant private or logically separated circuits was considered good enough.
Frame-relay networks gave way to MPLS, but the fundamental concerns were still there. Yes, there's some separation, but the real driver here was the value proposition compared to the very expensive and truly private network circuit options. Even if you went that uber expensive route, you only bought basic separation and did not necessarily gain strong security.
An examination of the ubiquity of MPLS networks will quickly reveal this was almost entirely fueled as a cost effective alternative to dedicated private links. With the proliferation of Ethernet backhauls, dynamic bandwidth increases were a reality. That may have been the final nail in the coffin. Only the most critical workloads stayed with expensive dedicated and private networks. There are plenty of examples of where even that gave way to cost consciousness in forums you would never think possible.
So, think about our homegrown IP VPN solutions as a parallel to the newer SD-WAN offerings.
We gained security at the cost of administrative overhead. I guess you could say this delivered cheap and fast. Good was conveniently left behind with the huge win we saw with the apparent cost savings.
Now, we are finally able to instrument and control Quality of Service and deal with our real-time protocol applications like voice and video. SD-WAN appears to be the answer.
The Need for Edge-to-Edge Security and Performance
One lingering area of concern remains with POP-to-POP optimization. Even CDN options do not do enough to run a typical hub-and-spoke partially meshed 30 office network with mixed workloads. Enterprise America has solved the streaming problem, but it did nothing for real-time protocol needs. You really need edge-to-edge and end-to-end performance and security (WAN optimization, network control, end-to-end encryption, etc.). Like the saying goes, you can buy bandwidth but not better latency.
We've Come to Accept Difficult as Normal
Other concerns come up around third-party reliance.
There are too many moving parts and that may equal poor stability and reliability.
Support headaches from the carrier and even your internal staff are to be expected. If you manage this space, you know exactly what I'm talking about here. For too long, we have just accepted this as ordinary housekeeping overhead.
Then why are performance and availability concerns considered vital components of compliance and security?
Consider whether your shop is pursuing an ISO certification based on client mandates, or you’re simply looking to avoid embarrassing/costly public disclosures, strong and reliable security matters.
Additionally, Distributed Denial of Service attacks are now commonplace. This ephemeral attack vector must be dealt with differently.
Even if you are not the intended target, downstream customers are affected. This is probably the most common way you’ll experience a DDoS attack with your provider. There are many under-documented victims with this type of attack.
Now, the following might sound provocative, but it is more intended as a statement of fact — there are NO cost effective single circuit Distributed Denial of Service attack mitigation solutions. Think about that.
When was the last time you saw an advertisement that promised to keep you safe from such a denial of service attack, only to fail in your time of need? What recourse did you have? Were you satisfied by the meter turning in reverse and issuing you a tiny credit? No, of course not.
Relying on a single high-end provider with a scrubbing center is setting yourself up for inevitable failure. IoT based attacks have proven that an army of nodes can be amassed to overwhelm nearly any size circuit! Even if you are not taken down entirely, you are likely left in a degraded state...for hours, or longer.
Beyond that, think about anything that threatens basic network availability to include path diversity. This is especially true for your last mile. How sure are you that you have true path diversity to your office building?
Many low-cost carriers do not know or cannot achieve actual physical path diversity with the other available network options in your building. The problem is complicated when it turns out your carrier is merely carrying the paper for the actual on-network provider. This could mean you are saddled with multiple down circuits in your time of need. This bit of housekeeping is crucial to your long-term success.
With Mode, you will hear more about the middle mile. This is my favorite space since it is what distinguishes Mode Core + any SD-WAN from ordinary IP VPN and related solutions. Yes, you can have security and performance with high availability at reasonable cost.
Invest in a Sustainable Solution
...yes, read that as NOT MPLS. I'm okay with that. Competition is good for the consumer, and this is no different. Disruptive forces find their way into our portfolio, and even they must pivot or perish. The world won't need MPLS much longer, and you will soon be telling war stories that were once relegated to the days of frame-relay circuits.
Get Off the Carrier Train
If you have been in this business as long as I have, you know the dance. Every few years you swap your currently failing or under-performing network operator out for one of the handful of other typical choices...Only to do it again in a few years. Was there ever a real technical advantage one carrier had over another? Were you ever happy? It really was our only choice. We had dubious improvements that quickly decayed only to leave us staring down the prospect of yet another contract negotiation. This is probably why we cannot get comfortable with long-term telecom contracts of any kind. They want long-term commitments to assure recurring revenue generation, but what do you get!?
In my experience, it rarely made sense to engage any carrier contract longer than a couple years. At renewal time you could count on getting more bandwidth for the same money — and we were supposed come away feeling like we won. It is not sustainable. What about the real security issue here?
Turns out, MPLS providers know this too. Have you seen how many MPLS providers that are turning to third-party solutions to bolt on a VPN or yet another in-line appliance to boost security features. How do you think support will work when things go wrong?
How Mode Gives you a No-Worry Network
I am not saying you should fire your MPLS provider now, but instead start your SD-WAN journey NOW and you may find that you don't need your backup MPLS provider. You have one of those, right?
So, build your confidence with some demonstrated progress. You will save a lot of money along the way too. In time, you will see you do not need your legacy MPLS circuits at all.
The Secret Sauce is explained by Mode Core. If you have not had a chance to read the excellent set of white papers, you really need to check it out. If math is your thing, read their CTO's PhD thesis where this whole thing was invented. Dr. Michael and his colleagues are onto something very special here.
To be clear, underlying networks still matter. Elsewhere in our infrastructure, it is the same way server choices still matter. Maybe you're an HP Enterprise shop, or a Cisco shop — lured by promises of Optane, but you are probably not a Dell shop any longer. How you spend here says a lot about how you actually value risk mitigation.
Virtualization was supposed to make brand-name servers a thing of the past, but it did not play out that way for the risk-averse enterprise! We spend the money freely as insurance against the risk poorly managed servers present us. We just do not have the time to deal with that. No, insurance still does not have a Return on Investment!
Still, this SD-WAN advent goes a long way to democratizing secure and high performance networks.
This time around, evolution leads to revolution. Just as we gained confidence with our IP VPN solutions as a backup to MPLS, you can make the jump to SD-WAN to create a truly tier-one primary network — at a cost basis that is nearly the same as your backup network. Depending on your workloads, you just may be able to achieve this overnight. Literally. What does it take to carve out two or three nodes and find out for yourself?
Unlike your IP VPN, you can have QoS with Mode Core — just like you do with MPLS.
So, what does it take?
What are your biggest security needs?
If client compliance drives the concern, you can follow some pretty well-defined recipes for success. That is, you do everything your client tells you to do, or negotiate terms and apply compensating controls. Sound familiar?
Until now, you could not do it at a price point that is about what you would pay for ordinary IP VPN. Turns out even your VPN solution won't satisfy them completely.
Further, given the risks of the unknown, we can't know actual details of new risks waiting to ambush us — but we know the risk areas, and that is why we absolutely need path diversity. No effective SD-WAN solution can do this with a single path.
Mode Lacks a Pioneer Tax
I like "pioneer tax" as an expression. If you're like me, you have paid your dues!
Anyone else here on their fourth or fifth AppleWatch? Sure, it took a bit, but they really nailed it with the Series 4. It just works...finally. No kidding, it's a thing of beauty.
Sometimes iteration is necessary, but there isn't any pioneer tax with Mode because all of the underlying platforms are mature. It is why you can put nearly any network under the power of Mode Core and see huge performance benefits while achieving your security goals. It is not advertised here, but I happen to know they have a number of premium networks to power Mode Core. Ericsson's impressive global network is one such example. Many more are lined up.
One day, the underlying network won't matter nearly as much. As the baseline improves, and even the cheapest providers prove they can deliver, the cost will drop considerably.
I would like to point out the fact that you can implement Mode today. If you spin this up to service utility traffic or a controlled workload, you can see the benefits and begin moving specific network workloads in short order.
What is not covered here are the many ways you can integrate into your existing ecosystem. This means some of your favorite WAN optimization devices will soon offer a drop-down selection to use Mode for your SD-WAN. Drop the folks at Mode a line to hear more about that.
Different Core Categories for SD-WANs
Let's take a look at the following Infographic:
Basic Internet Core is just garden variety Internet access with all the quirks and foibles you've come to love. If you are going this route, you are probably doing it as cheaply as possible. It has its place for basic use cases.
Optimized Internet Core can describe any offering beyond basic Internet service to include CDN, compression, and optimization.
Finally, Private Core is where things get very interesting. It is where you want to be if achieving MPLS performance at much lower costs is your goal.
To further delve into Private Core, I would like to direct your attention to the far right Mode column. You'll see all of the expected performance attributes fully bubbled in end-to-end encryption, high availability and performance, granular SLA, any SD-WAN support, etc. — with the exception of price. It's depicted as 75% of Basic Internet pricing, and that is fair. There's a nominal cost on top of your basic network service.
And now, a few questions and answers:
We worry so you don't have to.
Welcome to the No-Worry Network.
We know what keeps CIOs up at night. Compliance worries. Security worries. Network downtime worries. Performance worries. Even cost worries.
SD-WAN brought control to the edge of the Enterprise network, and it helped, but sleepless nights persisted. Why?
Before I answer that, let me remind you about two things that have been keeping me up at night...
First, don't miss our upcoming webinar, featuring Searl Tate, Recent CIO, and Managing Director Paul Hastings, an AMLAW 100 Law Firm with strict SD-WAN performance, security, and compliance requirements. The topic: Securing The Enterprise with your SD-WAN + Mode Core.
Featuring: Searl Tate, Recent CIO and Managing Director, Paul Hastings LLC;
When: Thursday, January 31st, 10:00 a.m. (PDT)
As I was saying... SD-WAN brought control to the edge of the Enterprise network, and it helped, but sleepless nights persisted. Why?
The core. I could say something about "rotten" but that's so predictable. But what isn't predictable is that ever-present Internet Core wedged between your SD-WANs. It's unreliable. Uncontrollable. Insecure. It's a big ball of worry.
We've talked about bringing the kind of control SD-WAN gives you at the network edge, and extending it to the long-haul core. We've reviewed the various core control approaches — Optimized Internet Core and Private Core. For high-security WANs relied upon by compliance-oriented organizations in need of high performance and high availability, a Private Core is the best practice.
But here’s the secret: if you do it right, your SD-WAN and the right core control will give you a No-Worry Network. OK, maybe a Worry-Less Network, but let's be honest — that just doesn't sound as good.
Our friends at Talari Networks, now part of Oracle, call it Failsafe SD-WAN. That's pretty cool. We can't call it the same thing, but we're talking about the same thing, and working together to make it so. Your CIO: less worry, more sleep.
That's exactly why we built Mode — to make your task of delivering an affordable, high-performance, secure, reliable WAN — that simplifies achieving compliance — much less stressful.
End-to-End vs. POP-to-POP
No-Worry Networks require high performance and high security to live up to their name.
It's Mode's position that you can't achieve either if your performance gains happen at the POP. Today's Cloud MPLS providers, for example, rely on POP-to-POP, and that's simply not worry-free. Here's why:
First of all, if your performance techniques — let's say WAN Optimization — happen at the POP, data decryption outside the Enterprise is implied. That requires the Enterprise to share their keys. And that's a no-no for ultimate security and facilitated compliance. Zero trust, remember?
Secondly, if the magic happens at the POP, your performance gains are going to be limited to POP-to-POP, instead of end-to-end. That can make a huge difference with large file transfers, and frankly any high-performance applications like video and voice. You want to worry less? You need end-to-end performance.
At Mode, we believe all optimizations, encryptions, and security policies should take place on the Enterprise premises. We work with our SD-WAN CPE partners to do just that. None of our amazing performance gains require decryption, and all of those gains are realized end-to-end across the Mode Core Private Global Network as a Service. And not just WAN optimization, but Perfect Network ControlTM, with global control changes at every node on the network, every 150 milliseconds — for untouchable, guaranteed WAN performance and availability.
End-to-end vs POP-to-POP preserves the highest standards of security, AND delivers the ultimate levels of performance. And that makes Mode and Your SD-WAN a true No-Worry Network, by design.
Now, you'll have forgive me, but I've got to go worry about our upcoming CIO dinner, two shows, this and next-month's webinars, and a Basecamp task list that is growing scarily large. If anyone happens to know of a No-Worry Marketing solution, please let me know so I can sleep as well as our CIO customers ;)
No, seriously. Please?
Want to talk? MODE will listen. Contact us today to get started.
I have pretty eclectic music taste. These days, I'm into Buddy Guy. I can swing from Duke to Zeppelin to Shostakovich in a single sitting. But you won't catch me listening to the top 40. No how, no way.
Except at the gym.
There you'd find me working out to Ariana Grande or something equally shameful (she and I went to the same high school), so if you're reading this Ariana, I'm sorry).
Point is, different music works for different moods or settings. Embarrassingly true.
Turns out, it's the same for SD-WAN. Sometimes, the internet fits the bill. Sometimes you need something completely different. But there's no need to be embarrassed unless you make the wrong choice.
2019 is an inflection year for SD-WAN. The market is beginning to fill with different SD-WAN connectivity options. The good news is, there is now something for everyone.
Before we launch into this blog, I wanted to announce a fantastic upcoming webinar, featuring Searl Tate, Recent CIO, and Managing Director Paul Hastings, an AMLAW 100 Law Firm with strict SD-WAN performance, security, and compliance requirements. The topic: Securing The Enterprise with your SD-WAN + Mode Core. If you're responsible for delivering always-on connectivity with high performance, security, and compliance requirements, you don't want to miss this event.
Featuring: Searl Tate, Recent CIO and Managing Director, Paul Hastings LLC;
When: Thursday, January 31st, 10:00 a.m. (PDT)
First things first: Mode is NOT for everyone. Yes, they pay me (at least until they read this blog). But the point of these blogs isn't propaganda or marketing schlock. It's about delivering real information and a unique perspective, so you can make informed decisions. And that starts with a trustworthy source. And that source is telling you that Mode is not for every use case or every business. And that's ok because there are a ton of use cases where Mode is the best connectivity solution for your SD-WAN.
We've told you before that SD-WAN gets its benefits by bringing control to the network edge. Typically, it's connected to the basic Internet. Today, a new category of connectivity for SD-WAN has emerged. It gets its benefits by bringing software-based control to the network core. We call this category SD-CORE. And there are two variants of SD-CORE: Optimized Internet Cores and Private Cores.
Nearly all of these options use the last-mile Internet for initial connectivity to an SD-WAN. That's OK because extensive studies have shown that last-mile connectivity is capable of supporting the performance and security requirements of the most stringent business use cases, especially when coupled with the last-mile redundancy features of SD-WAN. What happens once data leaves the local last mile and travels over distances is a completely different story.
So when is the Internet best for your SD-WAN? Who needs Optimized Internet? And when is a Private Core the best SD-WAN solution? Read on, my friend.
Basic Internet Core
Basic Internet is the ideal solution when low cost is the primary goal. Period.
It's not acceptable for applications and data that require high levels of guaranteed performance. Experience, and lots of studies have shown the Internet Core to have high levels of latency variation and jitter, dropped packets, and daily localized outages all severely impacting predictable performance particularly for long routes.
If your business deals with sensitive information and compliance burdens, using a public IP backbone for associated applications even with data encryption is not best practice. A high attack surface and rampant BGP hijacks and misdirects (see China's Maxim Leave No Access Point Unexploited: The Hidden Story of China Telecom's BGP Hijacking and Google goes down after major BGP mishap routes traffic through China) will eventually put your company, and your job, at risk. Just a matter of time.
Beyond price, another advantage of the basic Internet is that is works with any SD-WAN, and doesn't lock you into any single provider, so it's very flexible.
Optimized Internet Core
An Optimized Internet Core is ideal for your SD-WAN when better-than-internet performance (but not SLA-backed MPLS-level performance) is required.
Optimized Internet is as it sounds. At its core, it uses the same public IP backbone as the basic Internet. Similar to CDNs, various WAN optimization techniques are used to improve performance. Because the underlying network is not visible or controllable at the node and link level, the performance of these solutions cannot approach true MPLS performance, despite claims to the contrary. Ever.
For the very same reasons, MPLS SLAs are not possible (SLAs covering not only uptime but also packet loss, latency, and jitter, etc.). Public IP simply cannot be guaranteed, or certainly shouldn't be.
Optimized Internet Core solutions use a public Internet core for transport, so they share similar security and compliance profiles meaning they aren't best practice for companies seeking ultimate enterprise-class end-to-end security or tasked with satisfying compliance hurdles.
In addition, many Optimized Internet Core providers require decryption of corporate data to achieve their performance gains, necessitating a level of vendor trust that is incompatible with a Zero Trust security goal, and further complicating compliance.
In general, Optimized Internet Core solutions are slightly more expensive than basic Internet, but not nearly as costly as traditional private networks like MPLS.
Finally, some Optimized Internet Cores are designed to work with any SD-WAN, while others require you to use the provider's SD-WAN. Read the fine print.
When MPLS-level, ultimate performance guaranteed by a true MPLS SLA is necessary, you need a Private Core for your SD-WAN. Applications requiring high-performance over long distances, like voice and video, typically fall squarely into this category.
All Private Core vendors see and control every node and link in their network, enabling a predictable level of performance not possible from basic Internet or any CDN-like optimization of the Internet.
What differentiates Private Core vendors are their approach to performance, and the downstream impact to cost, security/compliance, and network flexibility.
MPLS is the granddaddy of Private Cores. It's expensive. It's not an "as a service" offering, so it takes a while to set up and its pricing and usage are fairly rigid. Historically, most enterprises assumed a private network with a low attack surface was enough for security, so data was sent unencrypted. Meaning you have to trust the operator and their virtualization, which most CIOs know to be far from perfect. MPLS does not have a built-in encryption capability, so work must be done to use it in a compliance-sensitive environment with Zero Trust security aspirations. MPLS can be used with any SD-WAN, which is a good thing if you can afford it.
Another Private Core variant can be labeled "cloud MPLS." It takes a carrier MPLS core and makes it POP-accessible, dramatically increasing the flexibility of this solution vs. traditional MPLS. But this approach makes the cost of these solutions essentially the same as MPLS. Furthermore, the only vendor offering this type of Private Core requires data decryption and key sharing with the enterprise big no-no's in a Zero Trust environment with rigorous compliance requirements. This same vendor requires you to use their SD-WAN with their Private Core, so flexibility is limited.
Mode Core is a Private Core based on a high-performance private underlay from Ericsson and nearly 100 major operators with superglobal POP coverage. Mode has complete visibility into, and control over, this underlay. Mode exclusively uses our version of software-based core control Perfect Network ControlTM to drive the global network to perfection every 150ms.
Perfect Network ControlTM is based on the Mode HALO algorithm developed at Cornell and has been proven in tests by the NSF and AT&T to dramatically outperform other core control methods. In the AT&T test, Mode optimized a massive network in 30 seconds, while the second-place core control algorithm took nearly 24 hours. I'm not allowed to tell you who that was, because that would be embarrassing. Perfect Network ControlTM makes for a vastly more efficient Private Core and allows Mode Core to deliver real-world MPLS performance at a price point competitive with business Internet or Optimized Internet Cores.
Mode Core is a Zero Trust Network. It features full end-to-end encryption. Security keys and policies are under the exclusive domain of the enterprise and never shared with Mode. We achieve our SLA-backed MPLS-level performance (MPLS-level uptime, dropped packets, latency, and jitter, worldwide) without compromising security. This makes it easier to satisfy strict compliance requirements.
Finally, Mode Core works with ANY SD-WAN. Your SD-WAN now with an affordable, high-performance private global network in under 60 seconds.
Mode Core is the ideal SD-WAN connectivity option when flexible, SLA-backed MPLS performance and ultimate enterprise security and compliance matter the most all while keeping costs far lower than other Private Core options.
Mode Core is the No-Worry Network for Any SD-WAN.
Which begs the question: what is Perfect Network ControlTM and how does it achieve this amazing mix of affordable performance and security?
That, my friends, is for another blog, and another day. See you soon!
Another holiday, another cultural controversy. Are we having fun yet?
Still, as tempting as it might be to wade into these particularly murky musical waters, we should probably focus on something we can ALL agree on...
... the euphonious hum of an always-on business, powered by a hybrid cloud-enhancing network that energizes your SD-WAN and never lets you down.
But now, our first great news of (almost) 2019: Business Insider has named Mode as one of 44 enterprise startups to bet your career on in 2019! That's a pretty strong endorsement. Question: will this be enough to stop my dad from asking me to stop playing in technology and return to medicine? Answer: probably not. That said, we are really thankful for the recognition. Without a doubt it's going to help keep our business always-on. We will gladly pay this benefit forward to our SMB and enterprise customers who have been living on borrowed time by trusting the Internet Core for mission-critical connectivity. And if you're super-talented and in the SF Bay Area, check out our careers page.
Now, back to (always-on) business:
Are All Internet Core Alternatives Pretty Much the Same?
How does Optimized Internet compare with a Software-Defined Private Core (SD-CORE)?
In our last installment, network control was front and center in our discussion of how to enhance SD-WAN. It was our intention to segue into the vital topic of security, and we will. But we'll do it next time.
Our last blog generated a ton of requests to enumerate the differences between two common approaches to Internet Core alternatives for SD-WAN: Optimized Internet vs. Software-defined Private Networks.
To recap: if you're using the best-efforts Internet to connect your SD-WAN CPE, you're leaving your network open to the outages, performance irregularities, and security risks of public IP. If it hasn't caught up with you yet, it will. Instead of popping Maalox waiting for the other shoe to drop, we humbly suggest getting instant peace of mind by pairing your SD-WAN with a more reliable backbone. But how do you choose?
"An Optimized Internet core and a Software-defined Private Network core (like Mode Core) are not the same thing, and the differences can have a significant impact on your ability to run an always-on business with your SD-WAN."
First, a point of clarification. Many Optimized Internet providers position their network as "their" network, and imply it's "software-controlled." Not trying to be mean but this is highly misleading. Their POPs are, indeed, theirs, but everything in between them the vast majority of infrastructure and distance across which your critical business data will travel is nothing more than best-practices internet, decidedly not "theirs." As for software control: yes, they control their POPs, but they have no direct visibility or discrete control of the massive, global internet hairball stuffed between those POPs.
With that out of the way, let's consider the four meaningful differentiators of Optimized Internet vs. a true SD-CORE for SD-WAN: measurement, control, security, and service-level guarantees.
Knowledge Is Power
Perfect control comes from realtime, global knowledge of granular network performance. Every node. Every segment. Every 150ms.
Optimized internet approaches use a series of POPs distributed around the world to probe the behavior of the Internet. In between these POPs is a massive collection of various providers' nodes and segments, all of which are completely invisible to this class of provider. To the Optimized Internet provider, the core network is a black box. They can measure the performance among their POPs, a time-consuming attempt to guess what's going on inside. It's less granular knowing and more ballpark guessing. And their rate of observation is often far lower than the actual rate of global network change, so you're left chasing your own tail.
An ideal software-defined private network like Mode Core sees each node and every segment of the underlying global network in real time, every 150 ms. That's because the underlay network is made available to us, and guaranteed by partners like Ericsson and nearly 100 service providers around the globe. In fact, Mode Core grows more capable and comprehensive with each new operator underlay added to its pure, software-control fabric. The ability to continuously know real-time network performance at a granular level, globally enables Mode Core to react instantly to rapid network changes. Perfect Network ControlTM begins with perfect knowledge of the network.
You Can't Beat Perfect
Once Optimized Internet providers identify an "optimal path" from their POP approximation of "black box" Internet performance, they move traffic onto that path. After some time, when a new "optimal path" is identified, traffic is switched from the old path to the new. Typically, this "path switching" is far slower than actual dynamic network changes, often with significant time (hours) between switches.
In the language of control systems, this is known as "bang-bang" control, and in the world of packet networks, it is chock full of performance problems. If one were to examine bang-bang control between two possible paths, you'd see a saw-tooth pattern of segment throughput for each path, with 180 degrees of shift. The end result is a severe underutilization of the underlying capacity of both paths over time. The story with latency is just as bad. Bang-bang control systems experience wild latency swings (and jitter), and an average latency that's far from the ideal physical limit. Combine this with the inherent (and uncontrollable) latency and performance variation of the Internet Core, and you have real problems.
A few years ago, a group of researchers at Cornell did something previously considered impossible by computer scientists: define packet networks as control systems. Their math-based control solution, Mode HALO, went on to wow the academic world and dominate NSF and AT&T software-defined networking competitive evaluations. It also served as the foundation for Mode, and Perfect Network ControlTM.
We know what you're thinking. Perfect is pretty cocky. But in this case, it's not marketing exaggeration, it's truth. As we monitor real-time changes for every nook and cranny on our global private network as a service, every node in our network computes the perfect control solution for every packet, based on math instantly, and in parallel. This allows Mode Core to drive the network towards utilization, throughout, and latency perfection in the face of dynamic changes that would crush any other network. And it allows Mode, and Mode alone, to offer a unique mix of carrier-grade performance and affordability.
So while Optimized Internet providers may have fancy names for their magical measurement and control techniques (some of them use Artificial Intelligence!) nothing beats perfect, math-based autonomy for keeping your network always-on.
There is a best-practices approach to business security called Zero Trust Architecture. You can read more about it here. The basic premise is an IT design where your business security is not predicated trusting ANY third-party vendor used in the design. That's revolutionary.
So why would you spend the time to create a Zero Trust business architecture, and then connect those business branches and multi-clouds with a network that REQUIRES you to trust the network provider, or worse, the Internet?
Many Optimized Internet providers require you to decrypt your network traffic in order to achieve their performance or functional benefits. You have to trust them with your security keys and security policy. Not good.
In addition, since the majority of their transport infrastructure is Internet (e.g. not under their supervision, control, or liability), it is subject to redirection errors or flat-out BGP hijacking both of which are happening ALL the time. (See China's Maxim Leave No Access Point Unexploited: The Hidden Story of China Telecom's BGP Hijacking and Google goes down after major BGP mishap routes traffic through China). All of this impacts performance, but are also major security vulnerabilities. Sure, your data is encrypted. But when this same, sensitive data is hijacked to a malevolent state entity with virtually unlimited resources, are you willing to bet your business on it?
That's the idea with a Zero Trust NetworkTM your data is safe precisely because you don't have to trust the provider, or anyone else. Mode Core is a Zero Trust NetworkTM. We achieve our tremendous performance levels without decrypting your data. All security keys and security policies remain under the exclusive control of your business. And we are a private network, with the lowest of attack surfaces (especially vs. Public IP) meaning we are hijack-immune. If you've implemented or are considering a Zero Trust architecture for your business, it only makes sense to pair it with a network that preserves your security investments.
Rubber, Meet the Road
All of these factors contribute to the most-important of bottoms lines the kind of guarantees your network provider offers.
The gold-standard from traditional enterprise networks like MPLS is a carrier-grade SLA. It covers uptime, and discrete performance metrics like packet loss, jitter, and latency variation. They can offer these guarantees because the network is theirs, and under their control.
Not so with Optimized Internet providers. They can offer "uptime guarantees" that cover the uptime of their POPs. They can't guarantee the uptime of the Internet, after all. Nor can they control (or guarantee) its performance.
Mode Core, like MPLS, offers a carrier-grade SLA. Uptime, jitter, latency variation, and packet loss, worldwide. The essential elements of giving you an always-on business that hums. But unlike MPLS, with Mode Core you can spin up a global network that supports hybrid and multi-cloud businesses with remote workforces in under 60 seconds. Really.
It's a New Year. 2019. And in this year of explosive SD-WAN growth, there is nothing better you can do for your business network than to pair your SD-WAN with the right SD-CORE, Mode Core. Getting and maintaining a reliable WAN was never this easy or affordable.
This month we are very pleased to host a webinar featuring the Managing Director, IT of one of the world's largest law firms. He worries about keeping his business secure and always-on, all the time. If that sounds like you, you owe it to yourself to listen in. Dates and info coming in our next blog.
...but the right SD-CORE will make you believe it could be.
It's that time of year. 2018 is on its way out the door. We're winding things down, and we're making plans. And in 2019, the single most important thing you can do to enhance your SD-WAN is to connect it to an SD-CORE.
That's the way you keep your business always-on. In fact, it's the best present you can give to your CIO or VP Net Ops this holiday season: peace of mind. Nothing beats a reliable WAN that is easy to start and maintain, and that won't drive you to insolvency.
But which SD-CORE do you choose? Rather than give you a huge list of 10 or more categories, I thought we'd stay true to our roots, and simplify. When it's all said and done, every meaningful distinction among SD-COREs comes down to differences in control and security.
There are a million different companies with an equal number of claims of magical routing or WAN optimization techniques. The names and claims are really impressive, but give you no real information. And that's a shame, because HOW the SD-CORE is controlled matters a LOT.
Here's the reason the better the control, the more efficient the SD-CORE. And the more efficient the SD-CORE, the lower the cost for a given level of performance.
That's a pretty convenient litmus test. Forget the fancy names. Look at the SLA. If there isn't an SLA, move on. And if there is one, look at the numbers. They're usually pretty similar among vendors. And then look at the price. Higher pricing means less capable control.
There are a few other signs if you're looking closely. By far, the best level of control is at the individual packet level. If a vendor doesn't own the backbone network or have a direct relationship with the backbone provider, they can't control each and every packet. So you can toss out SD-COREs that rely on public IP backbones because they can't see packets end-to-end, never mind control them every step of the way.
But let's say the SD-CORE provider offers packet-level control of their own backbone. Let's say you're Google or something like that. You're using advanced AI techniques to analyze the network, then compute a centralized solution, and then push that solution across your network. That's pretty good, except for the fact that it takes time to do this analysis and push it out, and in that time everything has probably changed. After all, AI is figuring out the best solution in the face of insufficient information. Turns out, when it comes to packet-switched networks, you have all the information you need for an autonomous solution. And autonomy is not only better, it's best.
Autonomy trumps AI because, ironically, it doesn't require any intelligence. Every node on the network can independently calculate its own perfect control solution, in parallel. Whether the network has 10, 10 thousand, or 10 million nodes the speed of the control is only limited by the time it takes to measure the network. And that, for a ball the size of the earth, is only 150 milliseconds. Tops.
That's Perfect Network ControlTM, and only Mode has it. We start with world-class private underlays from providers like Ericsson and other major service providers. They've kindly allowed us total control of every packet on the network, end-to-end. We seamlessly stitch them together for superglobal coverage, and the result is an SD-CORE unlike any other: Mode Core. And while we can never claim Mode Core is perfect, the solution that every node on our network uses is nothing less. Perfect Network ControlTM continuously drives Mode Core towards a perfect network in the face of ANY external changes every 150ms.
The result is unmatched efficiency, typically 300% better the state-of-the-art. It's that efficiency that lets Mode Core deliver worldwide high-availability SD-CORE performance for a price no one else can touch.
And come back to this blog next week when we'll tell you about the second most-important consideration in choosing the right SD-CORE to enhance your SD-WAN: security.
You've got to hand it to Amazon. They have their fingers in a LOT of pies. Makes you think if they had known they'd get this pervasive at the beginning, maybe they'd have chosen a different name. I mean, the jungle is pretty big, but it's not a global phenomenon.
Global Accelerator from Amazon is, as its name implies, truly global. No, it's not a startup incubator (sure sounds like one, ahem). It's Amazon's SD-CORE for AWS. It's hot off the presses for those of you attending AWS re:Invent in Las Vegas. It takes its place side-by-side with Azure Virtual WAN and Edge Gravity by Ericsson as the latest SD-CORE from a major cloud provider. And, if you think about it, it validates four major realities facing cloud-era businesses, many of whom have adopted SD-WAN.
1. Internet Core just doesn't cut it.
OK, Amazon does the same thing we do when we talk about the Internet treat it with care. Because, really, we love the public Internet. It does amazingly well as a best-efforts system. But here's the rub: Amazon would not have built Global Accelerator if AWS customers weren't having performance and availability issues using the Internet Core. According to Peter DeSantis, AWS VP Global Infrastructure, Amazon wants to improve the performance and availability of applications running across AWS regions by bypassing the public Internet and transporting data on the AWS Global Network. In particular, he calls out applications like voice, video, interactive experiences, and those requiring long-haul traffic. Sounds pretty ubiquitous.
2. Internet Access is part of the solution.
Like any SD-CORE, AWS Global Accelerator relies on last-mile Internet Access. We've cited many studies that have shown that Internet Access is very capable of being a part of a reliable software-defined WAN solution (SD-CORE QoS Without MPLS from SD-WAN Experts, and Addressing SD-Core: Boosting SD-WAN performance without MPLS from Cisco), and Amazon clearly agrees with this assessment.
3. The world needs a Multi-Cloud and Hybrid-Cloud SD-CORE.
As cool as this is for AWS customers, there is a lot more to keeping a business always-on than just AWS. Businesses need an affordable, reliable, SD-WAN compatible solution that covers the broadest set of enterprise use cases: branch and data center connectivity, all IaaS and PaaS clouds, and the gamut of SaaS applications. An unreliable, unpredictable, and often unsecure Internet Core (see Google goes down after major BGP mishap routes traffic through China, Suspicious event hijacks Amazon traffic for 2 hours, steals cryptocurrency, and Strange snafu misroutes domestic US Internet traffic through China Telecom from ArsTechnica) makes always-on unobtainable at worst, or difficult at best for IT and NetOps. Given that Global Accelerator may very well diminish traffic on Service Provider backbones, this is a major opportunity for SPs to step up and offer an SD-CORE that doesn't just serve Amazon's needs. Hint.
4. Affordability: the big omission
Truth is, there is an Internet Core alternative out there already MPLS. It's the traditional approach, but it's got two major knocks against it: it's expensive, and it's decidedly inflexible, in a few significant ways. These downsides have been the major impetus for SD-CORE alternatives, so it would be ironic if these same alternatives priced themselves out of widespread adoption. Here's the rub: it costs a lot to run a highly available private IP backbone using today's industry standards. Even if you're Amazon, unless you change the fundamentals of network control, a private HA solution is going to cost. The CSP model is also a problem for always-on businesses. It's predicated on making it very inexpensive to get data in, but very expensive to get that same data out. That makes sense when your strategy is to keep customers on your cloud, but it's antithetical to the needs of cloud-era businesses who really need multi-cloud, affordable, HA, secure bi-directional data transport in ever-increasing amounts. That's why we are so excited about Perfect Network ControlTM. When you re:Invent network control, and you triple effective network utilization, you deliver an otherwise unobtainable mix of flexibility, reliability, AND affordability.
An SD-CORE that costs the same as business Internet, but with QoS and SLA guarantees, that supports multi-cloud, hybrid-cloud, every SD-WAN, and pretty much every other enterprise WAN use case? Now THAT'S re:Invention. And that, my friends, is Mode Core: table stakes for keeping your business always-on.
We're not the only ones who think so. Searl Tate, Managing Director, Information Technology of Paul Hastings LLP, has this to say about keeping his global law firm always-on: "Mode stands out as a unique option that offers all facets of reliability, security, flexibility, and value in a software-defined private enterprise WAN today. Mode understands the importance of an affordable high-availability 'middle mile' and Mode Core delivers."
Speaking of always-on: enterprise security plays a big role in giving IT and NetOps peace of mind. It's a hot topic, as is Zero Trust architecture. So what's the role of SD-CORE in all this? re:Inventing end-to-end security in the cloud era, of course. Come back next time to find out how.
Read more about AWS Global Accelerator SD-CORE here.
One of the benefits of being in a startup is that you have a lot more freedom to completely go off the reservation, on occasion. Once you get to a certain size, everyone gets a lot more serious. And then this kind of editorialized fun comes to a dead stop. You know what I mean. So let's enjoy it while we can, shall we?
Welcome to the millennial edition of the Mode blog, and the third part in our analysis of Steve Garson's (CEO and Founder, SD-WAN Experts) ONUG presentation "Measuring Internet Core Variability" aka "Is the Internet Core a Safe Space for Packets" aka "Is Your SD-WAN Relying on a Turkey of a WAN."
But first... Let's talk about perfect. At Mode, we are lucky to have something at our disposal called Perfect Network ControlTM. What is it, you ask? Well, it's pretty rare in technology to have something that's truly perfect. And that's why this is so very cool. We will cover this more in a future blog, but Perfect Network ControlTM isn't an exaggeration at all. It's how Mode controls networks and continuously drives them to perfect efficiency, every 150ms. And we all know, nothing beats perfect.
The point is, most things aren't perfect. For example, the platform we use to host our webinars (it's ok, we know perfect is hard). Turns out, it wasn't cooperating at the scheduled 10 AM November 14 time and date. So for those of you who couldn't make Steve Garson's presentation on "Three Must-Do's to Get Peak SD-WAN Performance" this is your chance to not get left behind, and learn about three common-sense steps to get more from your SD-WAN. Even better, you get to eat turkey first.
Featuring: Nithin Michael, Founder & CTO, Mode;
and Steve Garson, Founder, SD-WAN Experts
When: Wednesday, November 28th, 10:00 a.m. (PDT)
OK. Back to A Safe Space for Packets. I hate to break it to you, but it's time to hand out the blankets, coloring pads, and crayons, because we've already learned that the Internet Core isn't safe at all. Scary.
In fact, its unpredictability is orthogonal to keeping businesses always-on. We'll get into the concept of "always-on" in a future blog, but for now, think technology always doing what you need it to do, when you need it done, to get work accomplished. The network, the technology, just recedes into the background and you totally take it for granted. That's the dream. And all too often, the Internet Core turns it into a support nightmare.
In the third part of Steve's ONUG presentation, he considered a very interesting question can optimized paths or backbones make a difference vs. Internet Core for long-haul traffic. For example, AWS to AWS optimized paths.
He turned to our friends at Catchpoint to measure AWS-to-AWS performance among the same origins and endpoints of his previous two tests. And the results were quite illuminating.
As you can see, in most cases, having an optimized path between points not only reduced point-to-point latency, but also latency variance and jitter. The takeaway point if your business a) needs to be always-on, and b) relies on long-haul data transport, you can benefit dramatically from an "optimized path."
Steve's conclusions are similar:
So, you want to be always-on. You need to be always-on. And all you want for Christmas this year is flexible, reliable, affordable WAN. Do you pick MPLS? Do you choose SD-CORE with SD-WAN? And are all SD-CORE's the same? Is all network control with all those fancy names for different kinds of routing or optimization really the same?
No doubt, these are all great questions. And we look forward to discussing them more in the future.
In the meantime, our friends at Cisco had a LOT of news this week. And mixed in among that news were some very interesting comments on SD-CORE and SD-WAN. Want to know more? Come back next week and find out!
As I sit here sipping my fourth Coke Zero of the day (true), next to a former starting outside linebacker for the 49ers (also true, and a much longer story), I am reflecting on how to break some very exciting news to you.
That's it! I've settled on the direct approach:
And the topic ... it's Gold, Jerry! P-u-r-e Gold!
Could it have to do with your SD-WAN? Well, yeah. Does it talk about MPLS costs and inflexibility? Maybe. End-to-end encryption, and enterprise control of security policy? Very possibly. Extending edge control to the network core? Definitely.
Featuring: Nithin Michael, Founder & CTO, Mode;
and Steve Garson, Founder, SD-WAN Experts
When: Wednesday, November 28th, 10:00 a.m. (PDT)
Now that that's out of the way, we can resume our walkthrough of Mr. Garson's excellent keynote presentation at the ONUG Fall event in NYC. If you recall, his talk offered three experiments relating to Internet Core performance. Last week we covered the first, in which Internet Core response time was extrapolated from measurements of long-haul response vs. last-mile response.
In the second stage of the presentation, he used Catchpoint to directly measure Internet Core response time among the same collection of endpoints, comparing them to the first data set.
The goal was to validate the original data by using two distinct measurement methodologies, and hopefully get similar results.
And it worked! Let's look at the following raw data table:
It's pretty clear that the measurements from Part I (last week) and Part II (this week, direct Internet Core measurement) are practically identical (within the margin of error). Both the median and the standard deviation.
With one exception the route between Melbourne and San Jose AWS. It's likely that Telstra (the backbone provider) is doing something special in moving data back and forth with San Jose AWS. This would account for this path's resistance to latency variance (when compared to generic Cedexis data obtained across a collection of providers, as used in Part I tests).
This leaves us with two takeaways:
Next week, come back to Mode.net for analysis of Part III of Steve Garson's research project and presentation. But for now Save the Date, November 14, 2018, as we host Mr. Garson for a not-to-be-missed Webinar, live from Silicon Valley and the Mile High City. So exert some control over your schedule and pencil us in. Your SD-WAN can't afford to miss it.
The cloud era has been anything but simple for businesses. In fact, a lot of the challenges they face may be attributed to how hard it is for network operations teams to consistently provide reliable connectivity among their employees, assets, applications, and services.
So the opportunity is to simplify end-to-end reliable WAN for businesses, large and small. That's why we were at ONUG in NYC (ok, were there for the bagels also). We saw an amazing presentation by Steve Garson of SD-WAN Experts, titled "Measuring Internet Core Variability."
We've been blogging about the Internet, how it's generally great, but perhaps problematic when it's used as part of an SD-WAN solution for mission-critical business applications.
We've told you about the "good parts" version of the Internet separating Access from Core. And we've implicated the Core as the primary cause of unpredictability.
We are always amazed when others produce corroborative evidence. At ONUG, others = Steve Garson of SD-WAN Experts.
Let's take a look at the first part of Steve's presentation.
Steve chose response time (i.e. send + wait) as the ideal methodology, because it excludes one-time events like DNS and connect, and it's a better measure of real Internet response than ping.
In his first series of tests, Steve calculated Core performance by subtracting access performance from a long-haul performance. Of course, performance varies over time. I'm no mathematician, but I seem to remember that in cases of two parts of a series with variability, the variance of the whole (variance = standard deviation, squared) is equal to the sum of the variance of each part, plus two times the covariance (the correlation of variance in part one with part two).
I think it's a safe assumption that, in general, performance variance of the last-mile is wholly independent of core variance, meaning covariance = 0. Steve makes this assumption, which means the long-haul variance = core variance + access variance. Whew. We are done with the math.
Steve collected data from servers originating in San Jose, London, Tokyo, Sydney, and Virginia. He looked at the performance to end users in Bangalore, Washington D.C., Tokyo, London, Melbourne, and San Francisco. Here is a table of the raw data:
The results are pretty clear. For long hauls, the vast majority of response variance occurred in the Internet Core, not the last-mile. In fact, 99.5% of response variance happened in the Internet Core. That means that your business traffic, over long hauls, is experiencing the vast majority of dropped packets, jitter, etc., as a result of the Internet Core. Even with the lovely software-defined benefits of SD-WAN at your corporate edge.
99.5% of long haul Variance happens in the Internet Core. Why?
It's largely an issue of economics. Internet Access networks receive 300% to 1000% the investment of the Internet Core, most of it coming from customers. The Core is based on least-cost peering and routing.
Steve went on to provide additional tests of Internet Core performance, and we will cover them in upcoming blogs.
But for now, we know one thing for sure. If you want to simplify reliable end-to-end WAN so your businesses can hum, you can't stop at SD-WAN. You need to replace the Internet Core with something far more reliable. You could use something overpriced and rigid like MPLS. But you really want something that's SD-WAN friendly, flexible, and affordable. You may not know it yet, but your want a software-defined core (SD-CORE).
Jennifer English at TechTarget has done a nice job reviewing Steve's presentation. Her conclusion you may not be able to rely on SD-WAN + Internet, but you no longer have to pay for expensive solutions like MPLS. SD-CORE might be just the thing for simplifying the reliability of your SD-WAN.
Who doesn't love The Princess Bride? I got my first copy at the Dartmouth bookstore outside of summer camp (for those who've been reading this blog, you'll recognize the tie-in to the very first Mode post). No, the movie isn't nearly as good.
It was a tight book. A real page-turner. In fact, this masterpiece by William Goldman was an abridged version of the hideously plotted, unedited, and unreadable original version, penned by S. Morgenstern. Or so Goldman claimed. In fact, it was a clever, but bogus, literary device. Now I digress.
So what do R.O.U.S. and "as you wish" have to do with this next part in our blog series of "Is the Internet good enough for mission-critical business?" Quite a bit, actually. Or at least one bit.
In our last blog, we showed evidence that the Internet was too unpredictable to support mission-critical business applications (or other applications like streaming gaming, and a whole host of next-generation devices, applications, protocols, and services from IoT to blockchain to 5G).
We must ask: do we dismiss the entire Internet on this basis? Or is there a "good parts version" of the Internet that we can carefully separate, and use with confidence as part of an end-to-end cloud connectivity solution? (I know you were waiting for that tie-in, and yes, you're welcome).
It's common practice to divide the Internet into two parts the on and off ramps we call Access. The center, we call Core. Access has different names like last mile (or first mile), and Core is sometimes called backbone or middle mile. So can we attribute the unpredictability of end-to-end Internet entirely to either Access or Core? Is it really that easy?
It turns out that we can, for the most part. Internet Access outages are exceedingly rare. Physical network distances at the last-mile are relatively short, and global, long-distance studies show that Access contributions to latency and jitter are relatively insignificant vs. end-to-end values. Solutions like SD-WAN offer additional Access resiliency via redundancy. Additional studies of last-mile U.S. operators reinforce this truth: Internet Access is predictable, can be trusted, and is getting better all the time.
This makes sense when you consider how well-capitalized and well-marketed Access solutions are. It's a highly competitive marketplace, and poor performance is a deal-breaker.
The Internet Core is an entirely different story. It's not nearly as visible, not heavily marketing, and is composed of complex peering arrangements that shift continually. Its "shortest path" priorities are often economy, not performance. Third-party tests show that the vast majority of latency variation (jitter) happens in the Internet Core, as do daily globally-dispersed Core outages that have not gotten better over time.
This leaves us with a remarkable conclusion, one our SD-WAN partners have known for some time: the "good parts version" of the Internet is Internet Access. It is the Internet Core than requires a more predictable, higher-performance alternative.
SD-WAN has led the way by bringing software-based control the edge of the enterprise WAN. What if we adopted this approach, and brought software control to the Core? That would be remarkable. But how?
This isn't a Princess Bride-style "battle of wits." We know the answer, and we'll happily tell you in our next blog installment.
We aren't alone in our search for an Internet Core alternative that's SD-WAN-centric. Steve Garson @ SD-WAN Experts just published an article detailing various ways to take the goodness of SD-WAN and extend it end-to-end across the WAN core. You can read Steve's article here.
There was no Bogart. No tearful goodbyes. But the Mode team left Paris with something better — confidence. Not just our confidence, but yours. You, the CIO, the VP Network Operations. For some time, you've feared the transition to the cloud.
You've woken up at night in a sweat. And that fear has made you cling to the past. To rigid, expensive, and decidedly cloud-unfriendly connectivity solutions like MPLS.
We left Paris, and we gave you the confidence to let go. The confidence that the cloud could deliver both where MPLS succeeds (reliability and QoS), and where it falls short (flexibility and economy).
We didn't start the ball rolling. That was SD-WAN. It gave you confidence in the edge of your network, with visibility, and the flexibility to chose among different networks. It made site-to-site connectivity a snap. And it did it without breaking the bank.
Still, you knew that at its core, it was still using the Internet. And that made you nervous. And for good reason. The Internet Core is anything but reliable. At least SD-WAN let you pick and choose, and that's exactly what you did, using MPLS like the preciously expensive resource that it is.
SD-CORE sounds a lot like SD-WAN, and that's not an accident. Where SD-WAN brings software-defined control to the edge of the enterprise WAN, SD-CORE takes it end-to-end, across the world's highest-performing private global network as a service.
The need for an SD-CORE has never been greater, and in Paris we learned we are not alone. We saw SD-CORE like projects from Cisco (NGENA) and VMWare. All driven by the need for a better middle mile and the increasing reliability and performance of Internet access. But only Mode offers a network operating at the theoretical limit of packet-switched efficiency. Translation: an untouchable combination of performance and economy.
Mode has replaced that pesky Internet Core with the world's highest-performing SD-CORE, and it works with any SD-WAN with the turn of a key. Still, it was Paris, and you know what those arrondissements can do to star-crossed technology companies. In fact, rumor has it that Mode and Versa Networks were seen holding hands at the Tuileries (read the press release here).
We also saw lots of traditional vendors piling into the SD-WAN space, each trying to differentiate via a better end-to-end experience at a reasonable price. Enter Mode, and our SD-WAN + SD-CORE partner program.
Paris is now a memory. But now you're more confident in the cloud than ever. You know that the combination of SD-WAN and SD-CORE gives you MPLS-level QoS and reliability AND cloud flexibility, and it does it at a business internet price point.
Bonne nuit et beaux reves!
Talk about a busy week. You know the way fast-growth startups can be. Some weeks, you're just pushing that boulder. And other weeks, it comes at you nonstop, and you just don't have enough hours in the day.
This week is one of those.
First, we are incredibly pleased to welcome Versa Networks to the Mode fold (read the press release). Big handshake. Versa Networks is a leading provider of SD-WAN solutions, and the first to join our newly minted SD-WAN + SD-CORE Partner Program. What's that, you ask?
Well, it's like peanut butter and chocolate. Or Gracie and George (Meghan and Harry for you millennials). Two great things that are just better together. SD-WAN brings cloud service flexibility to the edge of the enterprise WAN. That means easy setup and management, and edge visibility. Still, lots of folks continue to use rigid, expensive legacy connectivity solutions like MPLS because of its rock-solid reliability (hint: that's not good cloud etiquette). But we understand. There was no good alternative. Until now.
Mode has stretched the software-defined goodness of SD-WAN, and brought it to the core of the network. We use our breakthrough autonomous routing control to make our cloud private network as reliable as MPLS, but as affordable as business internet. We call this flexible network-as-a-service SD-CORE, and it's built to literally turnkey enhance any SD-WAN. All that SD-WAN edge goodness of flexibility, reliability, and visibility now goes end-to-end, over the entire corporate WAN for the cost of business internet. We think that's pretty sweet. Peanut butter and chocolatey goodness.
Versa is our first SD-WAN partner. Together we are making enterprises big and small confident in their transition to the cloud. No more clinging to legacy connectivity solutions. It's ok, you can let go, little by little if that makes you feel better.
In other news, Mode is at the SD-WAN Summit 2018 in Paris! And … we are a Diamond Sponsor!!! Funny, because of the shape of those tetrahedral carbon bonds sort of looks like an autonomously routed network, but that's just me. Our CEO Paul Dawes is giving the keynote all about the need for the SD-CORE I just described. Nithin Michael, Ph.D., and Mode co-Founder will talk about how he brought the world's first autonomous network to life.
When we aren't presenting, you can find us celebrating in the Versa booth, where we will show you how Versa + Mode = SD-WAN + SD-CORE = Better Together = Cloud with Confidence. That's math that I know you'll appreciate. See you there!
In our last blog, we asked a simple question: is the internet good enough? In fact, this is typically how our sales conversations start: Mode Sales Guy, "Hi VP IT, why do you use MPLS today when the internet is so great and cheap?"
This question elicits two different responses:
VP IT: Oh, I don’t use MPLS at all. We don’t really use UC or VoIP, or have any sensitive applications that run in our data center or cloud. Basically we just pump everything over the internet.
Mode Sales Guy: Great. Have a nice day!
VP IT: Look, I hate the cost of MPLS. It’s also a real pain to work with — slow to setup, hard to change, cloud unfriendly. But I don’t have a choice. Any problem — video conference glitches, voice call dropouts, access or performance issues — it’s all my fault. Saving money over reliability isn’t worth it. So we use MPLS for mission-critical, and the internet for everything else.
Mode Sales Guy: What if I told you that you could save money and gain flexibility, without affecting reliability?
It’s pretty common for IT departments to complain heartily about MPLS, but not believe that they can rely on the internet to replace it.
Remember that this question is the first in a series of three:
Let’s assume for a moment that IT is just being conservative, and look for outside, broader answers to the first question beyond just businesses that use MPLS.
If you think about it, the entire CDN market came into being a while ago because the internet wasn’t good enough for delivering video. The persistence of CDN solutions like Amazon and Akamai suggests it still isn’t.
On the gaming side of things, companies like Riot Games spent millions of dollars to build their own backbone because the Internet isn’t good enough for their gamers. Imagine that — a gaming company becoming a network operator. That’s desperate. And they’re not alone. Nvidia built the GeForce NOW edge network because the Internet isn’t good enough for interactive streaming.
Finally, it’s pretty clear that the $40B+ MPLS market is evidence that the Internet isn’t good enough for mission-critical business applications. Here you’d have a ton of IT professionals nodding in unison about the need for global, consistent reliability with an SLA for mission-critical cloud access, unified communications, VoIP, etc.
It’s pretty clear that there are growing number of applications which require more reliability than the Internet can deliver. In this post-HTTP world, that trend is accelerating.
So the next logical questions are: why is this true? And, can we do anything about it?
If you think Mode might have something to do with the solution, let’s just say you’d be getting pretty warm right about now.
How's that for clickbait? OK, in fairness, the internet is pretty darned good. I like to think of it as the biggest infrastructure project in the history of humanity (truth). It's transformed our lives and our world in profound ways. It seems pretty short-sighted to rail against it.
But, it's a living network. It's not static (although most routing techniques are, go figure). So it can get better. And questioning its capabilities is part of this process. Fair?
Beyond the clickbait, the question I'm really asking is this: is the internet good enough for mission-critical applications? You would think it is, because more and more businesses are running hybrid clouds. They're keeping lots of their mission critical data in the cloud. And over 90% of employees rely on the Internet to access these apps and this data. They're putting a lot of faith in the internet. How's that going?
This question opens up a boxful of follow-ons:
And that, ladies and gentlemen, is the subject of our next series of intriguing and informative blog posts.
Stay tuned! (Hint: we know the answers, but the slow reveal ... priceless)
We were very excited to read that Cisco was integrating their Viptela SD-WAN into one million of its routers. Cisco is clearly committed to SD-WAN, everywhere. At Mode, we are committed to ENHANCING SD-WAN, everywhere. We are thrilled that we are so aligned!
SD-WAN does amazing things, of course, which is why Cisco wants it ubiquitous. It simplifies enterprise WAN setup and management, and offers edge flexibility and edge transparency. It's all about visibility and flexibility, actually.
Which is why it's so disheartening to hear that so many businesses are dissatisfied with the performance of their cloud applications. Inconsistent SaaS performance. Dropped connections to IaaS. Laggy VoIP and unified communications. As good as SD-WAN may be, it's only as good as the networks available to it.
And while the ISP last-mile offers the kind of performance that can support mission-critical business applications, the internet's core is inconsistent. A best-efforts internet core means intermittent dropped packets, and lots of latency variance. That translates into poor SaaS, site-to-site, UC, VoIP, and remote access experiences. The alternative to date has been MPLS. Problem solved but at a cost. A very big cost. Money and time, actually. While SD-WAN helps IT folks keep those costs down by saving only the most-important application traffic for this costly hardware-defined network, enterprise needs something better. Soon.
Enter a new breed of cloud networks, with big promises (we're one of them of course). Some of them offer MPLS-like performance, but at an MPLS cost. Their feature flexibility. But only with their own SD-WAN. Others still use the internet core network, but offer global POP access and some optimizations. Again, only with their SD-WAN. None offer the performance of MPLS, the flexibility of cloud, and the price of business internet. With ANY SD-WAN.
Except Mode. We are a reliable and transparent core network, and work with any SD-WAN or UCaaS solution. How do we do it? Simple (not really). Mode is built around an NSF-sponsored autonomous routing discovery that triples network resource utilization using just software. And not just any software: the Mode HALO algorithm is the only mathematically optimal routing solution in the world. Really. The result is an unmatched combination of cloud network performance and price. Mode is the world's highest-performing Cloud Private Network for enterprise. Today we enhance any SD-WAN, SaaS/IaaS access, UCaaS, and cloud CPE. Tomorrow we #tripletheinternet
So thanks, Cisco. You keep setting 'em up, and we'll be there, ready to swing.
A few days ago, news broke that Amazon was going to sell its own network devices. This led to a precipitous drop in the value of a number of market leaders, and the quick denial of any such move by Amazon itself in the form of a direct phone call to Cisco.
Whether or not any or all of this is "fake news" for me the takeaway is that people can feel that networks as we know them, and the technologies used to run them, are ready for disruptive change. We are all just waiting for the other shoe to drop.
Making networks better, faster, cheaper at moving data begins with rethinking the way packet data is routed. Today, it is done using a fixed heuristic approach, e.g. Shortest Path First, where "shortest" is whatever heuristic you wish to emphasize capacity, latency, cost, etc. So what's the downside of this approach? Network utilization in the 30-40%. range. OMG. The internet could be three times bigger without spending a penny on new infrastructure if only routing were better. But how?
Mode HALO already does it. It defines packet data routing as a control system. It brings dynamic, autonomous optimization to any network, and triples network utilization, sustaining 90%+ use of resources.
Mode isn't making the internet 3X bigger (today). Instead we use Mode HALO to offer the highest-performing Cloud Private Network in the world, Mode Core. Our breakthrough in network utilization translates into MPLS-like performance and reliability, as a transparent and flexible cloud service that's available at a business-internet price point.
Mode enhances any SD-WAN, Unified Communications, Cloud Access, Remote Access, and a host of next-generation applications that demand ultimate network performance without the ultimate price tag.
It's hard for a startup to create a new solution category. It's generally a bad idea. Everyone thinks of the world in a contemporaneous paradigm, and they want to stick you into the right preexisting box. There is little startups can do to change that.
So when we talk about what we've built, for the sake of clarity, we use terms like "Cloud Private Network" or the idea of delivering a flexible, SaaS-friendly private network as a service. It's all very descriptive and easy to digest. Still, there is another term we favor.
SD-CORE. It's no accident that it sounds like SD-WAN. SD-CORE is the yin to SD-WAN's yang. Mode Core is the world's highest-performing SD-CORE, and it's a perfect complement to any SD-WAN. Here's why:
The combination of SD-WAN and SD-CORE produces a transparent, flexible, secure end-to-end global QoS solution for enterprise, at a business-internet price point.
Two weeks ago, we launched Mode. Launches are full of hope and anticipation, but the truth is you're probably going to have a long wait before the world notices you even exist. So you can imagine my surprise when I woke up to find Mode in a top 10 list from Network World. In an article that used the word "hot" to describe us. Twice. That wasn't expected, at least not so soon.
Of course, it's a short article, and this space is pretty complex. So here are some SD-WAN musings on a sunny Friday in the Bay Area:
So thanks for the swipe right, Jeff Vance. You are definitely in the Mode.
The folks at SDxCentral wrote an interesting piece this past week. "Why SD-WAN Won't Kill MPLS." Interesting, because in truth it reads like an advertisement for Mode. Except, we had nothing to do with it. As a startup, you live for moments like these when the market gives you a big, hearty affirmation that your raison d'être isn't delusional.
Could it be that SD-WAN providers promised more than they could deliver? The author seems to think so. Data shows the market for enterprise connectivity is not a zero-sum game: SD-WAN is growing, but so is MPLS. So the article's premise seems to be accurate for now.
The author highlights the chief complaints about MPLS: 1. costly, 2. slow service start, slow modification, and 3. frustrating troubleshooting. But he makes an important point about trading one set of problems for another "tell a network professional you can cut their monthly WAN spending by two-thirds, but... performance will degrade by half, and I bet they won't even consider it."
And that's the rub of using the best-efforts internet core as a backbone for SD-WAN deployments. Not reliable enough for the kind of stuff companies use MPLS for today.
But he's not done, "Tell that same network professional person you can drastically improve reliable connectivity between branches for less than a traditional WAN circuit while streamlining operations and you’ve got their attention."
The idea of a Cloud Private Network is pretty simple give businesses the reliability and security of traditional private networks like MPLS, but in the form of a flexible cloud service. Give them instant service starts, realtime management, and end-to-end transparency (not just edge transparency). Let's throw in dynamic bandwidth and elastic pricing to boot.
Above all, give them the same reliability they expect from MPLS. It's possible to do all this as a Cloud Private Network without the Mode HALO breakthrough. What Mode HALO enables is curve-jump in network efficiency that allows us to offer all this at a business-internet price point. Best of all, we work with any SD-WAN installation, side-by-side with MPLS. So you can transition at your own pace from MPLS to SD-WAN + Mode. A little goes a long way.
Here's the original article.
We've been waiting for years to share what we're doing with the rest of the world. It started at Cornell in a research lab, was vetted working with the NSF on their GENI network, then moved to the West Coast and won the AT&T SDN Network Challenge. And now it's here and networks as we know them will never be the same.
We are Mode, and we have created the world's first autonomous software-defined network. What does that mean? Game without lag. Video conference without a glitch. Move mission-critical business data without choosing between cost and reliability. In fact, wherever there is a network, there is a network that Mode can make better.
We are in the Mode. Are you?
I remember leaving camp with my parents on visiting day, late 70s, New Hampshire. It was hot and sticky and bright green out as we drove to the Dartmouth campus and the Kiewit Computation Center. Inside was cool and crisp. White and sterile, with the hint of a hum among the rows of machines. On display was connectivity, and it was mesmerizing.
A few years later, in 1982, I leveraged this family memory and asked my father for an Apple II for my bar mitzvah. It took five seconds flat for him to resist nostalgia and turn me down. By 1984 he reneged, and I had a shiny, new Mac on my desk. My first act: connecting with my Hayes modem over that day’s X.25 network to Compuserve. Awe once more. Back then, just the idea of connectivity was inspiring, a blank slate of potential and inspiration, there for anyone to embrace.
Boy have things changed. Reverence for connectivity has given way to frustration. Today, the network the internet specifically seems to be holding all of us back. Consumers curse their access providers when their show gets interrupted or their gameplay gets laggy and drops. Businesses have been hybridized, running multiple networks despite the associated cost and complexity, because the internet just can't cut it alone. And app developers, particularly those with a need for resilient reliability and/or low or ultra-low latency (ULL) performance, have in many cases been forced to become their own network operators, all just to avoid the pitfalls of the open internet.
It's really not surprising. The internet was built to serve web pages, to run HTTP over TCP over IP. It wasn't designed for newer protocols like WebRTC, or for handling a large flow of small packets in a highly performant, consistent manner. The internet's core in particular is a best-efforts service, with over 99.95% of latency variance happening in the first and middle miles. Add to this the fact that the whole notion of routing and peering has been largely designed to serve economics first and foremost, not performance.
No biggie, right? I mean, frustration with networking isn't entirely new, and we've always found ways to improve things to meet demand. Wireless is a good example, where app developers screamed for faster data rates. I can hear Andy Rubin banging his head in frustration at Danger, trying to get the Hiptop to work on that era's infuriating wireless networks. Those developers got a steady march of improved protocols, and faster and faster throughput. Problem solved. CDNs cached popular video files at the edge, and Netflix flourished. Problem solved.
This time is different. It's not just about throughput or proximity. It's about the fundamental layers of the OSI model. All of the clever tricks and optimizations, from WANOP, to compression, to pattern recognition, to tuning none of them changes the fact the way data is routed on the internet, and for that matter all networks, has become the true limit to performance. If you believe that packets MUST always flow, and that data should travel at the limits of physical law, you have to completely rethink the way packet data has been routed to this point in time. And the ultimate result of that exercise is quite simple: autonomy.
From the original ARPANET, packet data routing has been heuristic. That's a shame, because it turns out that the routing of packet data on a network can be defined as a control system, and the characteristic equations derived. Armed with this pure math truth, you can approach the theoretical limit of packet data routing performance. Implementing this discovery as a virtual router, and using this as the basis of a pure software-defined network gives a packet-size/protocol-agnostic boost to infrastructure efficiency of many multiples, and the near elimination of latency variance. Perhaps best of all, you get an inherent, autonomous parallelization of routing solutions, with each node self-optimizing in real time. Given ten, ten thousand, or ten million nodes, the routing ability of an SDN employing this algorithm approaches perfection regardless of scale.
What does all this mean? A new era in routing is here, and it makes any network built around it performance-first. The efficiency it provides translates into economy as well, so you get reliability, resiliency, performance, and cloud flexibility at a business-internet price point. Extending SD-WAN. Enhancing UCaaS. Embracing MPLS. Empowering ULL.
Mode is a new backbone for a new world. Often, a post-HTTP world. And for me, personally connectivity is cool again.