Americas

  • United States

Startup promises SD-WAN service with MPLS reliability, less complexity

Feature
Oct 17, 20223 mins
SD-WANVPNWAN

Graphiant’s label-switched backbone routes to provide appropriate levels of transport based on customer-set policies.

the latest in innovation in the sd wan managed services market1400
Credit: jamesteohart

Startup Graphiant emerged from stealth mode last month with what it describes as an enterprise-grade network service that provides the privacy, security, and reliability of MPLS but with the cost effectiveness, agility, and scalability of broadband internet.

In addition, the service, called Graphiant Network Edge, is simpler to deploy and manage than the hybrid SD-WAN/MPLS networks that many enterprises wind up with when they adopt SD-WAN, according to Graphiant CEO Khalid Raza.

And there are financial savings, the company says. Customers are billed based on bandwidth consumption, with no hardware or software licensing costs, delivering 60% better ROI compared to MPLS plus SD-WAN, according to Graphiant.

“Network architects have to provide connectivity for an impossibly complex world,” Raza says. “Connecting business resources, hybrid cloud, edge networks, and remote workers is time-consuming, error-prone, and full of security challenges.”

Graphiant contends that Network Edge removes this complexity by providing as-a-service connectivity between the enterprise WAN, hybrid clouds, network edges, customers, and partners.

At first glance, Graphiant Network Edge looks very much like existing SD-WAN deployments. Enterprises connect to a Graphiant point of presence through whatever last-mile connectivity they choose, and from there, traffic is optimally routed according to policy over Graphiant’s network that connects geographically distributed PoPs and then on to branches, cloud services, partner sites, etc.  

Graphiant says that what makes its service different from SD-WAN offerings is how its Stateless Graphiant Core handles WAN data and control planes.

The company says many large enterprises have been unwilling to give up the SLAs that come with MPLS for mission-critical traffic. Thus, SD-WAN augments the MPLS network for lower-priority traffic, and the network team must manage two different networks.

The operational and administrative overhead of the combined solution, along with the complexity of overlays, tunnels, and policy management means that many enterprises are turning back to MPLS providers that offer their own SD-WAN or that resell others’. That way, the enterprises can order to relieve the burden of managing a complicated managed service themselves.

“Enterprise networks have transitioned from predictable topologies to unpredictable ones,” Raza says. He argues that cloud services, IoT, work from home, and a range of other pressures have pushed the MPLS-plus-SD-WAN formula to its breaking point.

Yet, whatever comes along to replace them must retain the strengths of each in order to meet the requirements of modern use cases. The replacement must deliver a private network with enterprise-grade reliability, but it must also come with as-a-service advantages, including agility, scalability, and cost-effectiveness. 

“It’s time to try something different,” says Raza, who was co-founder of SD-WAN vendor Viptela. “We realized it was time to get back to the original goals of SDN and innovate with protocols.”

Graphiant says it overcomes hybrid-network complexity by creating its own label-switched network. It separates WAN data and control planes and provides the means to optimize traffic across its backbone in accordance with policies set by users. That network architecture combines SD-WAN-like cloud-based routing and control with Grapiant’s proprietary metadata protocol that it eventually intends to publish to BGP.

Graphiant Stateless Core handles the data plane, which provides a multitenant, programmable global transport network. Software on-premises adds a Graphiant label to each packet and encrypts it within an IPsec VPN tunnel that connects to a Graphiant PoP where the VPN is terminated. Once a packet is within the core, its metadata label routes it based on customer-defined and application-specific policies. At the exit PoP, the label is stripped off each packet, and it is delivered to its destination in an IPsec tunnel.