SuperWAN: able to secure directional network connectivity between locations! Able to provide session-by-session mutual authentication at each network element! Able to give you total control over all cryptographic keys used in transport, even in foreign network locations on remote planets! And more!
Imagine you are Clark Kent, CIO of a large organization in Metropolis, and current trends in network disaggregation continue. As such, you must now provide connectivity to three Azure data centers for Office 365; 20 AWS sites located all over the world for a host of outsourced IT applications; four corporate data centers (older applications); 10 Equinix data centers for outsourced private use; direct access to 25 additional cloud service offerings for security reasons, including UC services, Salesforce.com and Concur, to your 500 branch sites; and 30,000 telecommuting employees.
Look up in the sky! It’s a WAN! No, it’s a SD-WAN! No, it’s… SuperWAN!
Assuming no nearby Kryptonite, the SuperWAN could provide secure directional network connectivity between every single one of these locations solely to enable services and applications, with restrictions that limit connectivity to just those that need it. The powers of SuperWAN include:
- Session-by-session mutual authentication at each network element;
- For traffic not already encrypted—session-by-session, edge-to-edge stateless encryption. Re-encryption is not performed;
- Total control over all cryptographic keys used in transport, even in foreign network locations on remote planets;
- Multi-path routing to each destination;
- Service specific access controls (ACLs);
- Elimination of tunnels saving up to 30 percent of bandwidth;
- Quality of service support for specific services (UC/Skype for Business);
- Automatic selection of the correct and best data center from each branch office, with resiliency (elimination of dynamic DNS);
- Telecommuters are all connected to the same managed WAN;
- NATs and NAT64s become transparent and all networks involved are internetworked end-to-end.
This amazing SuperWAN is not an earthly WAN; it is not an SD-WAN. Rather, it is something new: a large collection of networks (in my example, 537 private business grade networks and 30,000 home networks) that are inter-networked to provide secure connectivity, many of which are owned and controlled by third parties.
SuperWAN network connectivity is focused on services and applications and who can use them rather than earthly concepts of IP address ranges, VLANs, ACLs, MPLS, tunnels, and private addresses. SuperWAN securely and directionally routes sessions to enable a service or application, not stateless packets. The likelihood that Lois Lane’s client and service instance will be on the same physical network is going to be unlikely in the future, therefore SuperWAN will support routing policies that are meaningful across network borders (NATs, NAT64s, IPv4, IPv6, and private networks). As a result, SuperWAN policies do not use IP addresses. SuperWAN policies are instead defined with words. SuperWAN will return Ethernet layer solutions to the domain of the local area where they belong, eliminating ARP proxies, stretched broadcast domains, multi-location VLANs, and Ethernet pseudo wires which are really just Kryptonite in disguise.
So next time you see an old hardware based router, drag it to a nearby phone booth (if you can find one) and transform the old paradigms of networking into intelligent software based routers that understand sessions and services. Yes, the S stands for Software.