SASE – Does It Need Underpinning With A Global Private Backbone Network?

Previously, in this blog space we looked at cloud application acceleration and how it might finally kill off the wounded beast that never dies that is MPLS, and how SASE can be an underlying architecture to deliver that weapon.

SASE, by Gartner definition, provides capabilities including SD-WAN, a full network security stack, support for cloud resources and mobile endpoints, with end-to-end connectivity throughout. On top of this, add easy management capabilities – single system, single console. Where some vendors differ from others, by extending beyond that basic Gartner definition, is in providing a global backbone network to underpin that sassy solution. It begs the question – and, believe it or not, Gartner has been known to get it wrong in the past 😃 – can you truly replace MPLS without a dedicated private backbone (of sorts)?

Certainly, vendors I speak with regularly, such as Aritari and Cato Networks don’t believe it is possible. If the theory is to provide optimal performance to all resource, wherever it is located (and it is), then how do you guarantee performance if you’re not in control of the end-to-end connectivity? MPLS provides the SLA guarantees, but at a very significant cost, ‘thanks’ to the over-engineering it requires, adding complexity, inefficiencies and thereby $$$$ to the bottom line. It’s basically what IT used to be – clunky and expensive.

So, if the question revolves around purely cost, the obvious starting point is: can you deliver secure, predictable performance over the naked Internet? I could write page upon page about this, but instead I’ll opt for the abridged version, this being a blog an’ all – and the answer is: “no”. Does Satnav guarantee a car and its driver get optimally from source to destination? Does it hell as like… If it had a dedicated road to travel on, clearly signed, where it could bypass other traffic and extraneous incidents, then yes it would. It would also be extremely over-engineered and wasteful in resource. It would, in short, be the MPLS of road travel.

I know that the whole COVID-19 impact thing has been done to death, but the reason for this is because it has revealed some glaringly obvious limitations of basic Internet architectures. A perfect example is here:

https://www.thousandeyes.com/press-releases/2020-internet-performance-report-covid-19-impact

To bolster this argument, this ‘ere blog does a fine job of explaining why t’Interweb is not up to the task and why a global private backbone is so important if you really want to wave goodbye to MPLS – it explains clearly and simply why traditional router-based Internet connections are simply not up to the task of providing an MPLS alternative:

https://www.catonetworks.com/blog/the-internet-is-broken-heres-why

It’s also a great confirmation of the value of cloud-based services; MPLS on a budget, limitless scalability, no geo-limits. By defining all the required QoS parameters – optimal routes, backups and mitigation policies, traffic steering (with no U-turns), redundancy, full ingress and egress control – you have the very makings of an “MPLS killer”. Sure, that quest is two decades old, but only in recent years has it become realistic and affordable.

From sage advice to SASE advice; some questions you might want to ask a provider regarding the benefits or otherwise of having a global private backbone… Does the SASE service provide true, end-to end visibility? It should offer a single view showing all traffic flows, regardless of where those flows are and between who and what. What levels of security and networking capabilities can be applied to that traffic and can it be fully accelerated and optimised? Is there a true single point of management for all functionality – i.e., for networking, remote access, security, Internet/WAN/Cloud? Or does a 3rd party service provider also need management input? In which case we haven’t resolved the finger-pointing “blame game” as soon as there’s a problem. And none of us want to go back there…

Going back to the previous blog on the topic of cloud acceleration, I made the point about the “middle” being the “no go” region for many vendors – it’s the hardest to control. If that “middle” is cloud-based, it becomes totally manageable, but you need that global backbone in place; then you have total control of that middle ground, as well as the edge and endpoints. Then you have your “next gen” MPLS alternative – and at a fraction of the cost and complexity. Win-win…

CIO
Security
Networking
Data Center
Data Management
Close