Even as more service providers flock to the SD-WAN fold, a new routing company is bucking that trend, claiming the software-defined wide area network is a temporary answer when what is needed is a totally new kind of router.
The company, 128 Technology , came out of stealth mode in June. Founded by the founders and former officers of Acme Packet, the company has raised $36 million from G20 Ventures, its employees and other unnamed investors, all backing what 128T calls "Secure Vector Routing" as the wave of the future.
Designed to run on bare metal or on virtual machines at the edge of the network, in remote branch offices or in hyper-scale data centers, Secure Vector Routing is a new form of routing that is able to simplify the routing architecture, eliminating the piles of devices such as firewalls, load balancers, deep-packet inspection and network address translation gear, while providing secure, session-aware routing, according to Patrick MeLampy, co-founder and COO of 128T and former co-founder and CTO of Acme Packet.
In an interview with Light Reading, MeLampy explains why he thinks SD-WANs' popularity among enterprises is based on a short-term arbitrage situation driven by the cost of MPLS and private connections. As a growing percentage of enterprise connections are external -- to the Internet or to public or private clouds -- business customers need to be able to connect their branch offices, remote sites and mobile workers to these external sites -- data centers and clouds -- less expensively. SD-WANs can deliver that, but they are not the best long-term solution for enterprises or carriers, he argues.
"Offloading traffic onto the Internet as soon as possible is less expensive," MeLampy says. "But it's a short-term ROI."
For the network operators, an SD-WAN service won't generate the revenue of the previous MPLS and private connections, forcing them to find new ways to create revenues. In addition, their services become less "sticky," which can lead customers to move services more easily for cost and convenience. And SD-WANs still rely on tunnels, he notes, so they burn up about 10% of bandwidth and don't simplify network operations.
The longer-term solution is adopting a smarter approach to routing that lets enterprises do their multi-path connections -- to the Internet, to data centers or to multiple cloud services -- more easily. And MeLampy says Secure Vector Routing represents that long-term approach.
This approach uses more intelligent routers at the edge of the network, he says. There are three key concepts involved: session-awareness, first packet processing and waypoints. Basically the routers are able to read the first packet in a session, distinguishing source and destination, and then connecting related flows into a single session. The routers can thus determine the lead packet for every session and extract the key data from that packet, using it to set up the best network path to the destination.
The source and destination addresses are then translated into what 128T calls "waypoint addresses" -- which its routers understand -- and the original addresses are encrypted as metadata. All subsequent packets in that flow are automatically routed over the same best path, but any packets in which the metadata has been altered or faked are blocked, creating greater security, according to MeLampy.
On the receiving end of the packet flow, the original source and destination addresses are restored, and the entire session is treated in the same manner, which includes returning packets, which are processed bidirectionally.
"Session awareness exists today in SD-WANs, but we think it needs to be tied to protocols that can do managing, steering and balancing of traffic without using tunnels, which burn up 8% to 10% of capacity and create larger flows which makes it harder to create different treatment of packets inside those flows," MeLampy says.
He adds that the 128T approach enables centralized management of edge routers, so that large numbers can be managed in the same way data centers manage servers today. Software-driven routers can be regularly updated through the dev-ops process, and operating expenses can be held down.
All of that creates a pretty nicely described world for a new approach to smarter routing -- if it wasn't bucking a major trend in SD-WANs. The new company is working with both potential service provider and enterprise customers, MeLampy says, but has no announcements to make on that front just yet.
"I do believe it's just a matter of time before the concept of privately managed wide area networks is moved aside by intelligent multipath routing over the public Internet," he says. "The half-life of the ROI will be measured in years for sure, due to current momentum of buyers and sellers of private networking circuits, but it will inevitably happen."
— Carol Wilson, Editor-at-Large, Light Reading