Cato Brings Self-Healing Capabilities to SD-WAN

Over the last couple of years, businesses have been shifting to software-defined WANs for a number of reasons, including lower costs, greater agility, and better application performance. But an SD-WAN isn't a panacea for all networking problems.

 

In fact, the use of broadband, local Internet breakout, security overlays, and other factors can make troubleshooting more difficult. On top of that, enterprise network architects must now design for high availability (HA) -- a task that network operators have traditionally handled. If enterprise network architects don't design for HA correctly, their organizations may see an increase in network outages and longer times to resolution than they're used to in legacy environments.

Most SD-WAN providers use broadband Internet for end-to-end transport, which is fine for mid-size and regional companies, but not global companies given how unpredictable application performance can be over the Internet at long distances. For these types of companies, network downtime can cost big dollars. Based on my research with ZK Research, I calculate the average cost of downtime across all enterprises to be about $1.7 million/hour, with the potential of being significantly higher in verticals such as banking and e-commerce. Cato Networks, an SD-WAN service provider, addresses this challenge by carrying global traffic over its own private network, only offloading to broadband for the last mile.

And, for companies where the network is the business, Cato earlier this month introduced a new data center appliance and self-healing SD-WAN capabilities. With the self-healing capabilities, the Cato SD-WAN service automatically handles service disruptions using a variety of techniques, such as switching links in an active/active configuration, dynamically moving between compute nodes within a point of presence (PoP), or even switching to a separate PoP, if required. The Cato service can also move apps between data centers and cloud providers.

Most SD-WANs can handle basic problems such as broadband congestion, but they're challenged in guarding against a wide range of more obscure problems that occur at the edge hardware as well as at a PoP. Protecting against these often requires a myriad of branch appliances, virtual network functions, and custom configurations. Cato's new X1700 Socket appliance simplifies the data center infrastructure; the existing X1500 appliance provides similar functionality at the branch.

 

Cato Networks' X1700 data center appliance

 

The X1700 is a rack-mountable, enterprise-grade device that includes redundant power supplies and hot-swappable drives to protect against common component failures. The appliance works in conjunction with Cato Cloud, which is where many of the advanced network and security services run. Cato's approach differs from most SD-WAN vendors, which utilize low-cost appliances that have no ability to protect against hardware outages. Also, the X1700 comes with HA software for no additional recurring charge.

In addition, Cato has announced self-healing security functionality that allows rules to change dynamically with the network. As an example, if a workload or application moves between locations, the network will automatically update policies in firewalls, intrusion prevention systems, network appliances, or other security tools. Cato's self-healing algorithms use enhanced Border Gateway Protocol capabilities to see new IP ranges and dynamically update all relevant policies for true zero-touch service continuity.

SD-WANs are proving to be transformative as they bring unparalleled levels of agility to the WAN. However, they don't solve all problems, particularly for global organizations. Most SD-WANs can protect against basic problems, but not more troublesome issues -- think of the 80/20 rule, with 80% of the problems fixed by basic SD-WAN functionality and the remaining 20% requiring more advanced approaches.

Cato's self-healing functionality is designed to bring enterprise-grade HA to SD-WANs by pulling the complexity of protecting against less common errors into the network.