An Introduction to Graphiant Network as a Service
In this article
We all love shiny new things. It's part of the reason birthday parties and year-end holidays are so much fun. In the IT industry, there always seems to be a lot of shiny out there, but rarely does the shiny seem like it's made just for the everyday network engineer. After all, we share the space with security, devops, compute, cloud, and sometimes even storage.
Here, I take a look at the latest shiny thing for network engineers, Graphiant Network as a Service.
At its most basic definition, a wide area network (WAN) is a connection of local area networks (LAN) across a large geographical distance, such as a state or province, countries or even continents. The distance creates a host of challenges. Few enterprises have the resources to build their very own infrastructure. The alternative is usually to lease from a service provider or risk the wilds of the open Internet.
One of the most dominant traditional WAN solutions is MPLS VPN. MPLS VPN makes uses of Multi-Protocol Label Switching (MPLS), a solution widely used by service providers to route packets using a label rather than the packet's original destination IP address. MPLS forms the backbone network over which a service provider can offer a virtual tunnel or a network of virtual tunnels. Hence the name MPLS Virtual Private Network (VPN).
But in order to provide full connectivity with a tunnel-based WAN solution, you need full mesh tunnel connectivity. As the number of tunnels increases, so too does network complexity, until tunnel proliferation leaves engineers with a spaghetti mess of a network. Tunnels also do not provide deterministic connectivity, which can cause its own problems. Lastly, securing a tunnel-based network can pose a logistical nightmare, especially if there are multiple modes of connectivity.
For the last few years, the hot new thing has been software-defined WAN, SD-WAN for short. Even current SD-WAN offerings can run into problems with complexity. Today's networks are rarely textbook simple. Modern IT networks have campuses, one or more on-prem data centers, Disaster Recovery (DR) sites and one or more public clouds. There might also be multiple branches, plants, or sites. Adding into all of that is the COVID-19 pandemic's lasting legacy of Work From Home (WFH). And after all, SD-WAN solutions are still virtual networks of some form.
The popularity of using the Internet as a public highway also creates additional challenge. While the Internet might be cheaper than a leased circuit, performance is best effort only, and sending mission critical data risks delay or drop — nor is the Internet trustworthy. All manner of bad actors trawl the Internet looking to steal valuable data.
All of these factors have amounted to a lot of bad options for WAN: complex, unreliable and unsafe. Enter Graphiant.
Graphiant is a company that was formed from the bones of Viptela, and its leadership includes Khalid Raza, who has sometimes been called the "Father of SD-WAN." Viptela created one of the first platforms to drive WAN using software. In 2017, Cisco acquired Viptela for $610M, and it was absorbed into an offering that is today called Cisco SD-WAN. Raza and his team of extraordinary thinkers got together to address all of the problems of WAN and SD-WAN. In September 2022, Graphiant announced to the world at NFD29 that they were coming out of their stealth mode and was ready to show the world what they have to offer.
Network as a Service.
Graphiant's solution to today's WAN problems is to offer Network as a Service (NaaS). Now, rather than leasing bespoke lines or risking a run across the Internet, enterprises have the option of using Graphiant's stateless core. Physically, their core is built on Equinix metal, and so is available throughout the continental United States. With this core, Graphiant provides simple, fast and secure deployment to any wide area connectivity.
Graphiant takes the headache out of WAN deployment and operation. Instead of everyone having to build and operate their own WAN, now you can just consume a ready-built WAN network. Connecting to the Graphiant core is facilitated by a Graphiant VM or appliance, that comes with your subscription. Graphiant maintains the appliance and it arrives ready to connect. Graphiant provides a GUI as well as a rich API set. With these tools you can not only have complete visibility over your traffic as it crosses the Graphiant stateless core, you can control the security policy imposed across your Graphiant WAN network.
Graphiant boasts that they can deliver access speeds up to 20Gbps, and as small as 50Mbps. Since connectivity is the service, enterprises have the protection of SLAs to guarantee that their mission critical data is delivered. Because the infrastructure already exists, Graphiant can bring up a Point of Presence (POP) in 45 days or less.
And lastly, Graphiant encrypts your traffic at one edge and doesn't decrypt until your traffic arrives at the destination edge. This single encryption/decryption means that not only can your traffic pass through faster, but that the Graphiant core doesn't need your keys or see your data. For this reason, they call their core stateless.
Graphiant's stateless core is the true heart of their innovation. When a packet is received at the Graphiant edge, it is encrypted and then tagged with a specially developed Graphiant label.
This label and the IP address of the destination edge are the only parts of the packet exposed in the Graphiant core; everything else is obscured by encryption. The packet then can safely move through the Graphiant stateless core to its destination edge without any manipulation within the core. Once at the egress edge, Graphiant strips away its headers, then decrypts and delivers a completely intact packet to your doorstep.
That means anything that you put on or in your packet — like VLAN ID, QoS markings, SGTs or VRF — arrives at the egress edge completely intact.
The cool thing about the Graphiant stateless core is that it is flexible enough to encompass more than just a single use case. Yes, it works well to provide enterprise WAN connectivity. But consider these other use cases that Graphiant can support:
- Programmable connectivity between or amongst business partners.
- Connectivity to Security Services (SSE) partners.
- Programmable security policy between sites or business partners.