Dig deeper into why not all SD-WAN technology is the same and why Service Providers deserve more.
Create Wide-Area Networks made up of multiple connections — from multiple service providers, in multiple geographies. Deploy new sites, change policies, add WAN links — all in just seconds.
Multapplied SD-WAN for Service Providers is designed to provide your customers with connectivity, resilience, uptime, and the best hosted application performance.
That’s the power of Multapplied. Built for Service Providers.
Click on a section below to learn more about how Multapplied delivers the best SD-WAN technology for Service Providers.
What does it mean to deploy the best SD-WAN technology OEM platform for Service Providers? It means your customers enjoy industry-best network performance. How do we do it?
Automatically load balance packets across multiple circuits per site with bandwidth adaptation
Multapplied SD-WAN distributes packets across multiple circuits and aggregates the bandwidth of multiple circuits to form a virtual tunnel connecting a site to nodes in the Service Provider Data Center.
Our per-packet load balancing approach is the only one in the SD-WAN marketplace that can deliver the best network performance.
Other vendors have concentrated on balancing data flows, which creates a much slower failover environment and forces the vendor to deploy technologies like Forward Error Correction (FEC) (read about the dangers of FEC below) to compensate for the variable quality of Internet circuits and is specifically used to improve the perceived quality of IP telephone calls.
As the single data stream from the LAN is managed at a packet-level, the software can proactively change how each circuit in the tunnel is used:
All circuits in the tunnel are active and any circuits that fail are removed from the tunnel within 300 milliseconds.
Multapplied SD-WAN takes any kind of circuit – fiber, coax, copper, fixed wireless or LTE – and transforms it into a single virtual tunnel.
Multapplied SD-WAN delivers a virtual tunnel with 90%+ efficiency.
Our secret sauce: packet-based load balancing + link aggregation
Packet-based load balancing combined with link aggregation with sub-second same-IP failover will deliver highly reliable connectivity and continuous end-user access to remote applications, cloud services, and the internet, all supporting session, and business continuity.
In addition to optimizing circuit utilization and reliability, packet-based balancing provides security at an architectural level (see Security section). Transmitting complete flows across an individual circuit makes data interception easier, whereas packet-distribution requires interception within the service provider data center or the originating site, thus greatly enhancing security.
Dynamically adapting tunnel bandwidth
Dynamically adapting tunnel bandwidth to reflect actual circuit performance enables the Multapplied SD-WAN platform to manage the customer experience for consistency with the:
- Ability to adjust download and upload speeds of each circuit in the virtual tunnel to off-set increases in circuit latency or packet loss.
- Dynamically remove and re-add circuits to the tunnel if circuits flap or exceed customer-defined thresholds for packet loss. This helps ensure that latency and packet loss remain as low as possible on every circuit in the tunnel and maintains performance of both latency-sensitive and bulk applications.
Beware of Forward Error Correction (“FEC”)
Other SD-WAN platforms focus on balancing data flows, forcing the vendor to deploy technologies like Forward Error Correction (FEC) to compensate for the variable quality of internet circuits. FEC is commonly used to improve the quality of IP telephone calls.
FEC compensates for the packet loss or jitter that standard, broadband internet circuits can create by duplicating voice packets over multiple circuits. Instead of providing a single set of packets over the best circuit, FEC floods all circuits with multiple sets of packets with the hope that eventually all the required packets will reach the other end.
Adding more volume of data packets to a limited and busy network isn’t the answer. Multapplied SD-WAN detects the quality of any of the circuits the tunnel connecting a site to the network and ensures that packets are sent across the best-performing circuits at the time.
Multapplied SD-WAN provides industry-best security to be extended simply and easily to networks requiring redundant connections, LTE backup and to hosts or sites requiring broadband or Internet-based connectivity. It starts right at the architectural level.
Security at an Architectural-Level
Packet-based balancing provides security at an architectural level (in addition to optimizing circuit utilization and reliability see: Performance)
Transmitting complete flows across an individual circuit makes data interception easier, whereas packet-distribution requires interception within the Service Provider data center or within the originating site and enhances security. Multapplied SD-WAN crushes the “man-in-the-middle” by reducing the attack surface through the virtualized tunnel.
Data Transport using a Virtual Tunnel
Composed of multiple, diverse physical circuits with their own paths across multiple carrier networks provides physical redundancy and security by splitting a host’s communications across multiple paths to another site or data center.
The Tunnel protocol is proprietary.
Packet-based Load Balancing algorithms
Distribute packets within every single stream of data originating from a host across multiple carrier circuits and paths.
No single circuit carries an entire stream of data, preventing intercepts from being successful.
Diverse Security Options
Encrypt all traffic on each circuit in the Tunnel independently.
Encryption can be enabled on all links using the AES128, AES256, or Salsa20/256 ciphers, Containerized Layer 2 or Layer 3 firewall instances on a CPE. Even if encryption is disabled, HMAC packet authentication is used to verify the integrity of packets, protecting the traffic from man-in-the-middle attacks.
A Graphical Representation of How it All Works
Per Packet Distribution
Data encapsulated in MNI proprietary tunnel
AES 128, AES 256, Salsa 20, Encryption added to data stream
Install natively on a WAN Edge device or Customer Premise Equipment (CPE)
- Third-party applications can be run on the CPE using containers, which have fine-grained access controls to limit access and exposure.
- The WAN Edge device uses an on-device firewall to limit remote access to network administrators.
- Management of the CPE is performed over a VPN between the CPE and the Management Server/Orchestrator. Symmetric cryptographic authentication verifies that the Orchestrator is valid for each WAN Edge device and that the CPE is valid for the Orchestrator.
How is Encryption Performed?
Encryption is performed using private keys generated when the Node and CPE are provisioned, and hosts are authenticated with x.509 certificates signed by a certificate authority on the management server.
Each circuit in the Tunnel has its own encryption session. For example, a tunnel or bond of three circuits (a circuit is sometimes referred to as a ‘leg’) uses three independent sessions. Sessions renegotiate keys at the interval defined in the Management Server Bond Options—by default, every hour. This can be disabled by setting the value to 0.
Encryption increases the amount of overhead in each packet sent between the CPE and Aggregator, resulting in a smaller MTU available for site traffic. The amount of overhead is different for each cipher. The following list shows the MTU available on a bond with 1500 byte leg MTUs.
- No encryption, HMAC: 1452 bytes
- AES 128: 1403 bytes
- AES 256: 1375 bytes
- Salsa20 256: 1407 bytes
The Multapplied SD-WAN software, both the core node and edge device, is designed to have an open architecture so you can easily integrate our solution with your existing Operational (OSS) and Business Support Systems (BSS).
Multapplied SD-WAN technology is built on an open architecture that enables you, through a RESTful API, to integrate our solution into existing network management, reporting, and alert systems.
The open architecture gives you the ability to integrate other applications you provide, including next-gen firewalls, WAN optimizers, and other customer-preferred applications, into your offering.
If additional applications such as Next-Gen Firewalls are required on the Edge device or CPE, NSPAWN is used to stack those applications with the SD-WAN software. This enables a Service Provider (or your customer) to simplify your network while configuring any additional applications to work with the SD-WAN.
When combined with white-box hardware, open architecture provides the ability to deploy applications at your customer’s edge. Having applications such as Next-Gen firewalls resident on the same SD-WAN edge device simplifies your network deployments and provides you with value-added managed services.
Creating and configuring sites and networks as simple with a few clicks
Choose Multapplied SD-WAN to make it easy for your team to take data provided by your customer and your implementation engineers and input it into the SD-WAN platform.
Create and Configure Sites and Networks
- Use simple data entry to add a new site to an SD-WAN network
- Change or add new broadband circuits at sites for higher reliability, bandwidth and performance
- Provision multiple circuits per site with a single IP address for fast failover and session maintenance
- Use a few clicks to establish secure multi-set encrypted networking and replace manually provisioned VPN
Manage the Customer Experience
- Dynamically adjust or “groom” Internet circuits to offset spikes in jitter, latency and packet loss
- Use LTE to turn up a site quickly without waiting for broadband circuit installation
- Configure site failover options by designating an LTE circuit as a failover circuit and setting up core node redundancy options
- Set up bi-directional Quality of Service to support hosted or offsite telephony solutions
An SD-WAN platform should make turning up new sites, changing configurations or setting up a private, secure, multi-site network the matter of a couple clicks and some data entry. Expect no less.
Manage Customer IP Network Deployment
Multapplied SD-WAN allows you to manage customer IP network deployment and define routing groups and subnets. You can allocate public IPs to customers within the SD-WAN space you provide. In this setup, child spaces can inherit IP assignments from parent spaces.
What does that mean for you? Generally, IP management aids in the distribution of public IPs between spaces. In most cases, creating IP allocations for private IPs is unnecessary. IP management provides two main capabilities.
Take Full Control from One Place
With so many policies, features, connections, and sites, it’s no wonder you’re overworked.
With our SD-WAN technology, you control and monitor every node, in every network, for every client, from a branded, multi-tenant, single-pane-of-glass, so you can make global changes from virtually anywhere.
Multapplied SD-WAN is built for Service Providers.
This means that it’s natively built to provide true multi-tenancy and provide scaling for the business as it grows. Nodes scale horizontally in an affordable and simple fashion.
Multi-tenancy enables a Service Provider to scale their environment based on the growth of sites and clients, and virtual node deployment enables efficient use of processing and storage resources.
This differs from other SD-WAN solutions that are hardware-dependent and don’t scale easily or in a cost-effective manner. A single node is capable of supporting multiple customers, multiple sites and multiple data flows efficiently.
Helping You Grow with SD-Wan Technology
Together with remote management and configuration, the multi-tenancy in Multapplied SD-WAN enables Service Providers to support multiple customers and deploy new sites without touching edge or core devices directly. Service Providers can also use multi-tenancy to develop their own wholesale offerings and provide SD-WAN services and delegated administration to other Service Providers (who can brand the service as their own).
How it Works
Core networking services are provided by two node types within a Service Providers’ network:
- Nodes (servers) – deliver site-to-core SD-WAN tunneling and associated services, and provide secure multi-site networking. Nodes communicate with customer premise equipment at the customer site running Multapplied SD-WAN technology. Nodes can run in virtual environments or on bare metal.
- Management Server – provides command, control, and reporting capabilities. It sits outside any data flows and is often hosted in the cloud.
Pay Only for Additional Sites
Service Providers pay only for the additional sites they deploy, not for additional core nodes deployment. Core node software has unlimited licensing. This approach differs significantly from competitor solutions that are hardware-dependent, don’t scale easily and are much less cost-effective.