Blog: One Less Problem... for Your SD-WAN

by Adam Gervin

I have pretty eclectic music taste. These days, I'm into Buddy Guy. I can swing from Duke to Zeppelin to Shostakovich in a single sitting. But you won't catch me listening to the top 40. No how, no way.

Except at the gym.

There you'd find me working out to Ariana Grande or something equally shameful (she and I went to the same high school), so if you're reading this Ariana, I'm sorry).

Point is, different music works for different moods or settings. Embarrassingly true.

Turns out, it's the same for SD-WAN. Sometimes, the internet fits the bill. Sometimes you need something completely different. But there's no need to be embarrassed — unless you make the wrong choice.

2019 is an inflection year for SD-WAN. The market is beginning to fill with different SD-WAN connectivity options. The good news is, there is now something for everyone.

Before we launch into this blog, I wanted to announce a fantastic upcoming webinar, featuring Searl Tate, Recent CIO, and Managing Director Paul Hastings, an AMLAW 100 Law Firm with strict SD-WAN performance, security, and compliance requirements. The topic: Securing The Enterprise with your SD-WAN + Mode Core. If you're responsible for delivering always-on connectivity with high performance, security, and compliance requirements, you don't want to miss this event.

Featuring: Searl Tate, Recent CIO and Managing Director, Paul Hastings LLC;
When: Thursday, January 31st, 10:00 a.m. (PDT)
Register Now

First things first: Mode is NOT for everyone. Yes, they pay me (at least until they read this blog). But the point of these blogs isn't propaganda or marketing schlock. It's about delivering real information and a unique perspective, so you can make informed decisions. And that starts with a trustworthy source. And that source is telling you that Mode is not for every use case or every business. And that's ok because there are a ton of use cases where Mode is the best connectivity solution for your SD-WAN.

We've told you before that SD-WAN gets its benefits by bringing control to the network edge. Typically, it's connected to the basic Internet. Today, a new category of connectivity for SD-WAN has emerged. It gets its benefits by bringing software-based control to the network core. We call this category SD-CORE. And there are two variants of SD-CORE: Optimized Internet Cores and Private Cores.

Nearly all of these options use the last-mile Internet for initial connectivity to an SD-WAN. That's OK because extensive studies have shown that last-mile connectivity is capable of supporting the performance and security requirements of the most stringent business use cases, especially when coupled with the last-mile redundancy features of SD-WAN. What happens once data leaves the local last mile and travels over distances is a completely different story.

So when is the Internet best for your SD-WAN? Who needs Optimized Internet? And when is a Private Core the best SD-WAN solution? Read on, my friend.

Basic Internet Core

Basic Internet is the ideal solution when low cost is the primary goal. Period.

It's not acceptable for applications and data that require high levels of guaranteed performance. Experience, and lots of studies have shown the Internet Core to have high levels of latency variation and jitter, dropped packets, and daily localized outages — all severely impacting predictable performance particularly for long routes.

If your business deals with sensitive information and compliance burdens, using a public IP backbone for associated applications — even with data encryption — is not best practice. A high attack surface and rampant BGP hijacks and misdirects (see China's Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom's BGP Hijacking and Google goes down after major BGP mishap routes traffic through China) will eventually put your company, and your job, at risk. Just a matter of time.

Beyond price, another advantage of the basic Internet is that is works with any SD-WAN, and doesn't lock you into any single provider, so it's very flexible.

Optimized Internet Core

An Optimized Internet Core is ideal for your SD-WAN when better-than-internet performance (but not SLA-backed MPLS-level performance) is required.

Optimized Internet is as it sounds. At its core, it uses the same public IP backbone as the basic Internet. Similar to CDNs, various WAN optimization techniques are used to improve performance. Because the underlying network is not visible or controllable at the node and link level, the performance of these solutions cannot approach true MPLS performance, despite claims to the contrary. Ever.

For the very same reasons, MPLS SLAs are not possible (SLAs covering not only uptime but also packet loss, latency, and jitter, etc.). Public IP simply cannot be guaranteed, or certainly shouldn't be.

Optimized Internet Core solutions use a public Internet core for transport, so they share similar security and compliance profiles — meaning they aren't best practice for companies seeking ultimate enterprise-class end-to-end security or tasked with satisfying compliance hurdles.

In addition, many Optimized Internet Core providers require decryption of corporate data to achieve their performance gains, necessitating a level of vendor trust that is incompatible with a Zero Trust security goal, and further complicating compliance.

In general, Optimized Internet Core solutions are slightly more expensive than basic Internet, but not nearly as costly as traditional private networks like MPLS.

Finally, some Optimized Internet Cores are designed to work with any SD-WAN, while others require you to use the provider's SD-WAN. Read the fine print.

Private Core

When MPLS-level, ultimate performance — guaranteed by a true MPLS SLA — is necessary, you need a Private Core for your SD-WAN. Applications requiring high-performance over long distances, like voice and video, typically fall squarely into this category.

All Private Core vendors see and control every node and link in their network, enabling a predictable level of performance not possible from basic Internet or any CDN-like optimization of the Internet.

What differentiates Private Core vendors are their approach to performance, and the downstream impact to cost, security/compliance, and network flexibility.

MPLS is the granddaddy of Private Cores. It's expensive. It's not an "as a service" offering, so it takes a while to set up and its pricing and usage are fairly rigid. Historically, most enterprises assumed a private network with a low attack surface was enough for security, so data was sent unencrypted. Meaning you have to trust the operator and their virtualization, which most CIOs know to be far from perfect. MPLS does not have a built-in encryption capability, so work must be done to use it in a compliance-sensitive environment with Zero Trust security aspirations. MPLS can be used with any SD-WAN, which is a good thing if you can afford it.

Another Private Core variant can be labeled "cloud MPLS." It takes a carrier MPLS core and makes it POP-accessible, dramatically increasing the flexibility of this solution vs. traditional MPLS. But this approach makes the cost of these solutions essentially the same as MPLS. Furthermore, the only vendor offering this type of Private Core requires data decryption and key sharing with the enterprise — big no-no's in a Zero Trust environment with rigorous compliance requirements. This same vendor requires you to use their SD-WAN with their Private Core, so flexibility is limited.

Mode Core

Mode Core is a Private Core based on a high-performance private underlay from Ericsson and nearly 100 major operators with superglobal POP coverage. Mode has complete visibility into, and control over, this underlay. Mode exclusively uses our version of software-based core control — Perfect Network ControlTM — to drive the global network to perfection every 150ms.

Perfect Network ControlTM is based on the Mode HALO algorithm developed at Cornell and has been proven in tests by the NSF and AT&T to dramatically outperform other core control methods. In the AT&T test, Mode optimized a massive network in 30 seconds, while the second-place core control algorithm took nearly 24 hours. I'm not allowed to tell you who that was, because that would be embarrassing. Perfect Network ControlTM makes for a vastly more efficient Private Core and allows Mode Core to deliver real-world MPLS performance at a price point competitive with business Internet or Optimized Internet Cores.

Mode Core is a Zero Trust Network. It features full end-to-end encryption. Security keys and policies are under the exclusive domain of the enterprise and never shared with Mode. We achieve our SLA-backed MPLS-level performance (MPLS-level uptime, dropped packets, latency, and jitter, worldwide) without compromising security. This makes it easier to satisfy strict compliance requirements.

Finally, Mode Core works with ANY SD-WAN. Your SD-WAN — now with an affordable, high-performance private global network in under 60 seconds.

Mode Core is the ideal SD-WAN connectivity option when flexible, SLA-backed MPLS performance and ultimate enterprise security and compliance matter the most — all while keeping costs far lower than other Private Core options.

Mode Core is the No-Worry Network for Any SD-WAN.

Which begs the question: what is Perfect Network ControlTM and how does it achieve this amazing mix of affordable performance and security?

That, my friends, is for another blog, and another day. See you soon!


^