by Adam Gervin
Another holiday, another cultural controversy. Are we having fun yet?
Still, as tempting as it might be to wade into these particularly murky musical waters, we should probably focus on something we can ALL agree on...
... the euphonious hum of an always-on business, powered by a hybrid cloud-enhancing network that energizes your SD-WAN and never lets you down.
But now, our first great news of (almost) 2019: Business Insider has named Mode as one of 44 enterprise startups to bet your career on in 2019! That's a pretty strong endorsement. Question: will this be enough to stop my dad from asking me to stop playing in technology and return to medicine? Answer: probably not. That said, we are really thankful for the recognition. Without a doubt it's going to help keep our business always-on. We will gladly pay this benefit forward to our SMB and enterprise customers who have been living on borrowed time by trusting the Internet Core for mission-critical connectivity. And if you're super-talented and in the SF Bay Area, check out our careers page.
Now, back to (always-on) business:
Are All Internet Core Alternatives Pretty Much the Same?
How does Optimized Internet compare with a Software-Defined Private Core (SD-CORE)?
In our last installment, network control was front and center in our discussion of how to enhance SD-WAN. It was our intention to segue into the vital topic of security, and we will. But we'll do it next time.
Our last blog generated a ton of requests to enumerate the differences between two common approaches to Internet Core alternatives for SD-WAN: Optimized Internet vs. Software-defined Private Networks.
To recap: if you're using the best-efforts Internet to connect your SD-WAN CPE, you're leaving your network open to the outages, performance irregularities, and security risks of public IP. If it hasn't caught up with you yet, it will. Instead of popping Maalox waiting for the other shoe to drop, we humbly suggest getting instant peace of mind by pairing your SD-WAN with a more reliable backbone. But how do you choose?
"An Optimized Internet core and a Software-defined Private Network core (like Mode SD-CORE) are not the same thing, and the differences can have a significant impact on your ability to run an always-on business with your SD-WAN."
First, a point of clarification. Many Optimized Internet providers position their network as "their" network, and imply it's "software-controlled." Not trying to be mean — but this is highly misleading. Their POPs are, indeed, theirs, but everything in between them — the vast majority of infrastructure and distance across which your critical business data will travel — is nothing more than best-practices internet, decidedly not "theirs." As for software control: yes, they control their POPs, but they have no direct visibility or discrete control of the massive, global internet hairball stuffed between those POPs.
With that out of the way, let's consider the four meaningful differentiators of Optimized Internet vs. a true SD-CORE for SD-WAN: measurement, control, security, and service-level guarantees.
Knowledge Is Power
Perfect control comes from realtime, global knowledge of granular network performance. Every node. Every segment. Every 150ms.
Optimized internet approaches use a series of POPs distributed around the world to probe the behavior of the Internet. In between these POPs is a massive collection of various providers' nodes and segments, all of which are completely invisible to this class of provider. To the Optimized Internet provider, the core network is a black box. They can measure the performance among their POPs, a time-consuming attempt to guess what's going on inside. It's less granular knowing and more ballpark guessing. And their rate of observation is often far lower than the actual rate of global network change, so you're left chasing your own tail.
An ideal software-defined private network like Mode SD-CORE sees each node and every segment of the underlying global network — in real time, every 150 ms. That's because the underlay network is made available to us, and guaranteed by partners like Ericsson and nearly 100 service providers around the globe. In fact, Mode SD-CORE grows more capable and comprehensive with each new operator underlay added to its pure, software-control fabric. The ability to continuously know real-time network performance — at a granular level, globally — enables Mode SD-CORE to react instantly to rapid network changes. Perfect Network ControlTM begins with perfect knowledge of the network.
You Can't Beat Perfect
Once Optimized Internet providers identify an "optimal path" from their POP approximation of "black box" Internet performance, they move traffic onto that path. After some time, when a new "optimal path" is identified, traffic is switched from the old path to the new. Typically, this "path switching" is far slower than actual dynamic network changes, often with significant time (hours) between switches.
In the language of control systems, this is known as "bang-bang" control, and in the world of packet networks, it is chock full of performance problems. If one were to examine bang-bang control between two possible paths, you'd see a saw-tooth pattern of segment throughput for each path, with 180 degrees of shift. The end result is a severe underutilization of the underlying capacity of both paths over time. The story with latency is just as bad. Bang-bang control systems experience wild latency swings (and jitter), and an average latency that's far from the ideal physical limit. Combine this with the inherent (and uncontrollable) latency and performance variation of the Internet Core, and you have real problems.
A few years ago, a group of researchers at Cornell did something previously considered impossible by computer scientists: define packet networks as control systems. Their math-based control solution, Mode HALO, went on to wow the academic world and dominate NSF and AT&T software-defined networking competitive evaluations. It also served as the foundation for Mode, and Perfect Network ControlTM.
We know what you're thinking. Perfect is pretty cocky. But in this case, it's not marketing exaggeration, it's truth. As we monitor real-time changes for every nook and cranny on our global private network as a service, every node in our network computes the perfect control solution for every packet, based on math — instantly, and in parallel. This allows Mode SD-CORE to drive the network towards utilization, throughout, and latency perfection in the face of dynamic changes that would crush any other network. And it allows Mode, and Mode alone, to offer a unique mix of carrier-grade performance and affordability.
So while Optimized Internet providers may have fancy names for their magical measurement and control techniques (some of them use Artificial Intelligence!) nothing beats perfect, math-based autonomy for keeping your network always-on.
There is a best-practices approach to business security called Zero Trust Architecture. You can read more about it here. The basic premise is an IT design where your business security is not predicated trusting ANY third-party vendor used in the design. That's revolutionary.
So why would you spend the time to create a Zero Trust business architecture, and then connect those business branches and multi-clouds with a network that REQUIRES you to trust the network provider, or worse, the Internet?
Many Optimized Internet providers require you to decrypt your network traffic in order to achieve their performance or functional benefits. You have to trust them with your security keys and security policy. Not good.
In addition, since the majority of their transport infrastructure is Internet (e.g. not under their supervision, control, or liability), it is subject to redirection errors or flat-out BGP hijacking — both of which are happening ALL the time. (See China's Maxim – Leave No Access Point Unexploited: The Hidden Story of China Telecom's BGP Hijacking and Google goes down after major BGP mishap routes traffic through China). All of this impacts performance, but are also major security vulnerabilities. Sure, your data is encrypted. But when this same, sensitive data is hijacked to a malevolent state entity with virtually unlimited resources, are you willing to bet your business on it?
That's the idea with a Zero Trust NetworkTM — your data is safe precisely because you don't have to trust the provider, or anyone else. Mode SD-CORE is a Zero Trust NetworkTM. We achieve our tremendous performance levels without decrypting your data. All security keys and security policies remain under the exclusive control of your business. And we are a private network, with the lowest of attack surfaces (especially vs. Public IP) — meaning we are hijack-immune. If you've implemented or are considering a Zero Trust architecture for your business, it only makes sense to pair it with a network that preserves your security investments.
Rubber, Meet the Road
All of these factors contribute to the most-important of bottoms lines — the kind of guarantees your network provider offers.
The gold-standard from traditional enterprise networks like MPLS is a carrier-grade SLA. It covers uptime, and discrete performance metrics like packet loss, jitter, and latency variation. They can offer these guarantees because the network is theirs, and under their control.
Not so with Optimized Internet providers. They can offer "uptime guarantees" that cover the uptime of their POPs. They can't guarantee the uptime of the Internet, after all. Nor can they control (or guarantee) its performance.
Mode SD-CORE, like MPLS, offers a carrier-grade SLA. Uptime, jitter, latency variation, and packet loss, worldwide. The essential elements of giving you an always-on business that hums. But unlike MPLS, with Mode SD-CORE you can spin up a global network that supports hybrid and multi-cloud businesses with remote workforces in under 60 seconds. Really.
It's a New Year. 2019. And in this year of explosive SD-WAN growth, there is nothing better you can do for your business network than to pair your SD-WAN with the right SD-CORE, Mode SD-CORE. Getting and maintaining a reliable WAN was never this easy or affordable.
This month we are very pleased to host a webinar featuring the Managing Director, IT of one of the world's largest law firms. He worries about keeping his business secure and always-on, all the time. If that sounds like you, you owe it to yourself to listen in. Dates and info coming in our next blog.