SDN architectures

128T Aims to Displace SD-WANs

Even as more service providers flock to the SD-WAN fold, a new routing company is bucking that trend, claiming the software-defined wide area network is a temporary answer when what is needed is a totally new kind of router.

The company, 128 Technology , came out of stealth mode in June. Founded by the founders and former officers of Acme Packet, the company has raised $36 million from G20 Ventures, its employees and other unnamed investors, all backing what 128T calls "Secure Vector Routing" as the wave of the future.

Designed to run on bare metal or on virtual machines at the edge of the network, in remote branch offices or in hyper-scale data centers, Secure Vector Routing is a new form of routing that is able to simplify the routing architecture, eliminating the piles of devices such as firewalls, load balancers, deep-packet inspection and network address translation gear, while providing secure, session-aware routing, according to Patrick MeLampy, co-founder and COO of 128T and former co-founder and CTO of Acme Packet.

In an interview with Light Reading, MeLampy explains why he thinks SD-WANs' popularity among enterprises is based on a short-term arbitrage situation driven by the cost of MPLS and private connections. As a growing percentage of enterprise connections are external -- to the Internet or to public or private clouds -- business customers need to be able to connect their branch offices, remote sites and mobile workers to these external sites -- data centers and clouds -- less expensively. SD-WANs can deliver that, but they are not the best long-term solution for enterprises or carriers, he argues.

"Offloading traffic onto the Internet as soon as possible is less expensive," MeLampy says. "But it's a short-term ROI."

For the network operators, an SD-WAN service won't generate the revenue of the previous MPLS and private connections, forcing them to find new ways to create revenues. In addition, their services become less "sticky," which can lead customers to move services more easily for cost and convenience. And SD-WANs still rely on tunnels, he notes, so they burn up about 10% of bandwidth and don't simplify network operations.

Want to know more about carrier SDN strategies? Check out our dedicated SDN content channel here on Light Reading.

The longer-term solution is adopting a smarter approach to routing that lets enterprises do their multi-path connections -- to the Internet, to data centers or to multiple cloud services -- more easily. And MeLampy says Secure Vector Routing represents that long-term approach.

This approach uses more intelligent routers at the edge of the network, he says. There are three key concepts involved: session-awareness, first packet processing and waypoints. Basically the routers are able to read the first packet in a session, distinguishing source and destination, and then connecting related flows into a single session. The routers can thus determine the lead packet for every session and extract the key data from that packet, using it to set up the best network path to the destination.

The source and destination addresses are then translated into what 128T calls "waypoint addresses" -- which its routers understand -- and the original addresses are encrypted as metadata. All subsequent packets in that flow are automatically routed over the same best path, but any packets in which the metadata has been altered or faked are blocked, creating greater security, according to MeLampy.

On the receiving end of the packet flow, the original source and destination addresses are restored, and the entire session is treated in the same manner, which includes returning packets, which are processed bidirectionally.

"Session awareness exists today in SD-WANs, but we think it needs to be tied to protocols that can do managing, steering and balancing of traffic without using tunnels, which burn up 8% to 10% of capacity and create larger flows which makes it harder to create different treatment of packets inside those flows," MeLampy says.

He adds that the 128T approach enables centralized management of edge routers, so that large numbers can be managed in the same way data centers manage servers today. Software-driven routers can be regularly updated through the dev-ops process, and operating expenses can be held down.

All of that creates a pretty nicely described world for a new approach to smarter routing -- if it wasn't bucking a major trend in SD-WANs. The new company is working with both potential service provider and enterprise customers, MeLampy says, but has no announcements to make on that front just yet.

"I do believe it's just a matter of time before the concept of privately managed wide area networks is moved aside by intelligent multipath routing over the public Internet," he says. "The half-life of the ROI will be measured in years for sure, due to current momentum of buyers and sellers of private networking circuits, but it will inevitably happen."

— Carol Wilson, Editor-at-Large, Light Reading

NetworkS54457 6/27/2017 | 3:45:38 PM
Re: Closed Loop vs. Open Loop SSL (more accurately TLS these days) is not a secure protocol. Sure the encryption is fine, but the code around the implementation is weak and has been broken numerous ways. In addition, TLS/SL suffers from man in the middle attacks that any decent hacker can affect on a session. Further, technology exists to spoof certificates such that the sender and receiver think they are communicating securely and don't seen the man in the middle which can view all data to and from. Further, certificate authorities become a single point of failure and it is widely speculated the big CAs have already been hacked to the point this layer of security by itself is circumspect for really sensitive data transmissions.

The 128T solution appears to try and counteract man in the middle using source/destination tracking, but if the router tables get compromised, the session security layer won't matter. In short, this appears to be a lazy/cheap way of applying network security that will NOT replace the veractiy of tunnels and other point to point secrity options. Companies with highly sensitive data are likely to adopt only those standards that are proven secure, so I do not expect TLS or 128T session security to replace existing secure tunnels anytime soon.
NetworkT17171 8/29/2016 | 1:56:08 PM
Closed Loop vs. Open Loop It seems to me all of these systems have to exist in a closed loop model (i.e. both ends of the flow need to be aware of each other).  The world is moving to an open-loop model where all services will be accessed over the Internet and the WAN will cease to exist.  SD-WAN tries to fix the problem by tunneling between two systems to close the loop; it looks like 123 is trying to do it the same way just in another context--I don't see how anything that tries to close an open loop is the answer.  Obviously, I must be missing something here because a whole lot of smart people are saying otherwise.  Frankly, just give me two big pipes out to the Internet and leave me alone--webify everything so it's secured via SSL and you can keep all of the other NFV stuff.  
Duh! 8/17/2016 | 10:55:33 AM
Re: Countering Big Trends It's hard to get an accurate read on their architecture from what has been made public.  But it appears that they're not so much countering big trends as challenging the dominant networking paradigm. 

It goes back to the networking wars of late '70s (see John Day's Patterns in Network Architecture for an extended and biased account).  The central architectural tenet of the Internet is a stateless datapath, without a notion of a "connection" which is established, used for data transfer and released.  At the time, there was a valid case for simplicity of forwarding, short transactions completed in less than two round-trip times, and effortless re-routing.  However, over time, states, connections, and explicit set-up turned out to be so massively useful for so many reasons that we had to create work-arounds for their absence.  Thus, we ended up with hacks work-arounds like middleboxes, tunnels, DPI, NAT and MPLS. 

We have seen several attempts to revisit the connectionless paradigm.  All of them failed in the marketplace, despite their technical merits. It looks like 128T is yet another one, with a specific focus on branch-y enterprise networks and proprietary architecture and protocols.  If history repeats, it will be extremely difficult for them to achieve traction.  Good luck.
t.bogataj 8/17/2016 | 3:04:36 AM
Long live marketing! Oh dear... Since when is such an approach something new? It is known for years, and used for years. And tomorrow someone will brag with inventing a wheel?

cnwedit 8/16/2016 | 2:37:32 PM
Re: Countering Big Trends It's my understanding this is software-based and can run on standard hardware or VMs. But they are definitely bucking the SD-WAN trend. 

I'd agree it's interesting to see a company try to essentially start from scratch and figure out what networking should look like, even if the picture it products looks very different from where the industry seems to be headed now. 

At different times in the 30-some years I've been covering telecom, companies have tried this. A few have been succcessful - most have been acquired at some point and subsumed into another larger company. 

But this is different on a larger scale than most of the examples that come to mind right now. 
Sterling Perrin 8/16/2016 | 2:23:34 PM
Countering Big Trends Carol, it is always interesting to see a company running counter to prevailing trends but this company is tackling some big ones. SDN, NFV, white box hardware, and (now) SD-WANs are all moving in one direction. And, here, this company appears to want to run in the opposite direction.

I have not been briefed by the company and don't have full details, so I'm making comments based on the article and the marketing messaging they are coming out with. But I'm not clear on whether their innovations are coming mainly from hardware or from software. And IF they have software based innovation, why would they choose to market as a counter trend, rather than fit into one or more of the existing trends I listed?

Sign In