In addition to being excellent tools for collaboration, voice and video are also effective network diagnostic tools. With their sensitivity to circuit conditions, interactive voice and video more easily reveal problems with internet performance that other applications can limp through. A certain amount of packet loss and jitter won’t do much to your email or even a file download, but a video call will freeze, distort, and drop. 

These issues reveal that your network likely needs an update. It needs to be reimagined for what we need it to do today…and what we will need of it tomorrow.

Enabling cloud-first business

To run the business the way that they imagined, the leadership of the mortgage service provider TruHome had a vision of improving their telephony system and becoming a cloud-first organization. To support all of that, they needed a more resilient network that wasn’t subject to outages or poor performance. However, moving beyond traditional network transport was daunting, because their call center locations were the heartbeat of their business. 

Although cloud-based voice over IP (VoIP) solutions offered a lot of tempting advantages, any move that would increase the risk of downtime or compromise call quality was a non-starter. Their leadership, IT team, and consultants knew the stakes were high as they forged ahead planning a resilient, multiple-location network. They imagined a network that didn’t just improve their call quality but also positioned them to take advantage of other cloud-based applications for the future.

Data networks that use legacy architecture designed with an on-premise server mindset can hamper the evolution of business technology. Branch offices traditionally used carrier-based circuits on costly, rigid MPLS networks that centralize connectivity and bind together the network reliability of every location. This made sense when business resources were hosted on-premise at a single location. 

Now and into the future, traffic is increasingly going to cloud-based resources, not to a central office. TruHome’s vision of a resilient, distributed network that relied on the internet and cloud-based solutions was a good plan. Unfortunately, the challenges they faced were different than what they were familiar with or prepared for.  

The internet is a jungle filled with potential outages, poor BGP configurations, and flaky routers. The more you learn about how the internet functions, the riskier it sounds to rely on it as your business lifeline every second of every day.

And yet, this is what we do. The good news is that reliable, cost-effective internet performance is possible. With an intelligent software-defined wide area network (SD-WAN), businesses can run mission-critical applications in the cloud without worry. As needs and applications change, the business can continue to adapt, all without major overhauls or downtime.

The SD-WAN needed today

The new technologies that enable business operations are less often found at centrally located on-premises servers. Other services are not all at the same location, either: phone, collaboration, transactions, and data originate with different providers that each need to be reliably accessible. 

Networks should be more intelligent, dynamically and autonomously supporting the continuous evolution of business technology. IT teams can’t be focused on the day-to-day changes, particularly for their distributed workforce. SMBs need their IT staff and vendors to be working on long-term initiatives, not constant tweaks to QoS or troubleshooting flaky phone calls.

Organizations, especially SMBs, benefit greatly when they can count on their network to manage their traffic intelligently. The type of SD-WAN needed today understands the current challenges of ISPs and IT teams. It adds intelligence to an organization’s network by autonomously:

• assessing and adjusting to the conditions of a circuit in real-time
• recognizing business-type application traffic and prioritizing it end-to-end across a network, even when new technologies are introduced
• utilizing multiple connections for their best use, from load-balancing traffic across all circuits to delivering redundancy and seamless failover where connections stay up; continuing phone calls and internet access like nothing happened. 

Today’s SD-WAN needs to achieve reliability and resilience without constant personal attention. Business-class traffic should travel reliably across commodity broadband without the need for technical staff to constantly monitor and make complex, manual configurations or compromise on firewall security. 

The Right SD-WAN

The key to the TruHome plan was an SD-WAN that could intelligently optimize how traffic behaved on a network and provide the performance that VoIP and unified communications as a service (UCaaS) required. For it to have long term value, the implementation and ongoing management needed to be simple.

Before they found Bigleaf, the TruHome implementation was in trouble. The cost and complexity of a cloud-first network with the appropriate security controls was daunting. Knowing what problems the internet would throw at them, the planners were not convinced the architecture would be reliable. There was too much on the line to accept that.

“It’s one thing to run your data applications on ISP circuits and your telephony on a standard carrier separately. If one is down, some operations can still continue. When you are running data and telephony needs over the same solution, that means you must up the ante on your edge network and data circuits. It means you need a topology that allows you to leverage multiple diverse carriers and solves every outage scenario you can throw at it, not just the ones you think to write policies for.”

John Pentlin, Vice President of IT, TruHome

Resilient and Autonomous Networks to Ignite Distance Collaboration

TruHome has been able to realize its vision of a resilient and autonomous network by implementing Bigleaf. 

The Bigleaf Cloud Access Network peers to 150 cloud host providers, bringing cloud resources “closer.” Operations are less vulnerable to the many outages, breakages and slowdowns that occur across the internet.

The Bigleaf equipment and the Bigleaf Cloud Access Network function autonomously, providing intelligent responses to issues on the internet and to new applications brought online. No IT person needs to be available. No QoS rules need to be configured.

Operating as the firewall’s connection to the internet, the Bigleaf SD-WAN solution does not require any modifications to the firewall itself.

With reliable business-class voice and UCaaS over their internet connections, TruHome relies on intelligent, autonomous networks built with Bigleaf. With redundancy that maximizes the function of all connections and dynamically optimizes for mission critical services, they can move into their cloud-based future. 

Want to see intelligent networking in action? Check out our webinar with Lionakis IT Director Matthew Onken, “Creating a Resilient Network.”

Sometimes the internet breaks. 

Over the course of two hours on 24 June 2019, the internet broke down for most of the United States. Popular websites and apps were inaccessible on browsers and phones.  

The cause was achingly human while also being deeply technical. It is called a route leak: A Border Gateway Protocol (BGP) route list that was intended as a map to guide traffic between a few networks was published to networks that should not use those directions. It is like all the rush hour freeway traffic being routed to a suburban side street.  

As a result, traffic for 2,400 networks was unfortunately sent through the network of Allegheny Technologies in Pennsylvania. Their infrastructure was not up to the task and most requests failed. 

BGP is one of the many arcane arts that usher traffic across the internet. The “inter-net” is a connection of many autonomous networks, and BGP provides rules for how to get from here to there by moving data from one network to another. A BGP route is somewhat like the turn-by-turn directions you get from Google Maps, only it tells data how to get from a server in Bellevue, Washington to your customer support desk in Trenton, New Jersey.

Propagation of a bad BGP table is preventable. This was clearly an error that everyone agrees never should have happened, but it did. And while the Allegheny incident was a high-profile breakage whose source we can identify, this sort of thing happens in harder-to-diagnose ways all the time.  

Due to the nature of internet infrastructure and the laws of probability, they are inevitable. The internet will break, connections will drop, services will fail for no obvious reason. 

The more you know about how the internet functions the more difficult it is to believe that it works at all. Along with leaky BGP routes, services depend on DNS, content delivery networks, cloud service providers, and a variety of technologies run by different companies falling well beyond the reach of the customer support or sales person whose web browser is displaying a cute “504, timed out” message instead of the new customer’s loan document.  

Where does that leave your business operations, particularly now that cloud-based SaaS applications are taking over?  

If your vendor is not taking your concerns about outages seriously, they clearly don’t know much about the “modern” internet. 

The concern naturally increases when the risks are greater. The closer the cloud-based solution is to customer engagement where customers are won and lost, the more reasonably nervous you would be about uptime.  

• If you are a car dealer and your parts lookup is cloud-based, short downtime is awkward and undesirable.  
• If your customer-facing staff rely on a scheduling system based in the cloud, downtime is an absolutely terrible prospect.
• If your medical clinic’s electronic health records or electronic medical records are cloud-based, downtime is completely unacceptable. Significant downtime needs to be beyond belief.    

For some locations, such as many rural and suburban areas of the US, the internet breaks worse and more often. When considering a cloud-based or SaaS solution for a business, concerns about downtime are legitimate and substantiated. Regardless of the technical advantages, inconveniencing customers isn’t worth it. Putting the weak links of the internet between the business and customer interaction at the service counter isn’t worth it. 

As technologists, we can’t just complain and shirk connectivity. These applications are the key to being competitive in the modern marketplace. We have to make cloud solutions functional and reliable. They simplify business operations, keep technology up to date, and save money.  

Despite everything fragile and subject to failure between that key service and our users, we have to create resilience the right level of resilience.  

Key Network Issues for SaaS Deployments 

• Uptime and bandwidth 
• Management and support requirements 
• Security 

Uptime and bandwidth 

Some things you don’t want to know, such as how many problems the internet has at any one time. Not every issue makes the news, but even very short incidents can cause problems for mission-critical real-time applications. A hiccup at the ISP can be enough to drop a call or tangle up a customer service response.  

A study of Bigleaf router performance data shows that a typical single-ISP business experiences 3.5 hours of internet downtime a month. What’s more, they experience an additional 23 hours of severely degraded service from jitter, low throughput, and other internet problems that don’t register as downtime but the effect on applications – and thus customer experience – is the same. It is downtime by another name. 

Calculating management and support 

When networking gets critical, the solutions can be very involved. They can become a problem in themselves. When deciding on quality of service (QoS) settings to optimize a Voice over IP (VOIP) system, are you impacting another mission-critical system? Is YouTube video downloading important to a business operation or can you lower its priority? Do you have to manually tweak and then stress test these applications to see how they interact?

As new applications emerge and the business develops new expectations of network performance, maintaining the network, troubleshooting problems, and new installations can be significant time and budget burdens.   

Security in all things 

Security has to be a part of every conversation now, and the resolution of our network challenges is no exception. The perimeter firewall is a centerpiece of current network security strategies. Particularly in regulated industries with compliance requirements, the business needs to have control over their firewall to keep rules and monitors up to snuff. Network solutions can interfere with existing firewalls and potentially provide a new attack vector. 

The Uptime Reality 

Bigleaf Networks was built with all of these concerns in mind. Our SD-WAN platform allows clients to seamlessly use multiple ISPs for higher reliability and performance of their network making them more reliable than any one ISP by itslef.

In the course of our business, we have a window into the reliability of the internet. In a recent month, all the circuits that our clients used averaged 92.5 percent reliability. That is not measuring just major outages but also moments when throughput, errors, or jitter is preventing the internet from being usable. 

Our data also shows the solution: with Bigleaf  implemented, uptime at the client location was 99.88 percent.  

Bringing a business-critical SaaS application into the office is exciting but scary. There are no guarantees in this world, but using the right SD-WAN solution means that, the next time someone transposes a couple numbers on a BGP table, your operation is more likely to stay up and running. 

For our latest white paper, we’ve partnered with Sierra Wireless, a global provider of wireless connectivity solutions, to show you how easy it can be to make wireless a part of your cloud connectivity using SD-WAN technology. In the white paper, you’ll learn:

• How companies have built a more reliable connection to their cloud technologies using wireless internet
• How SD-WAN can help streamline the integration of wireless internet
• How to choose the right wireless internet and SD-WAN solution for your business

Check out the white paper today to learn how simple cloud connectivity can be with SD-WAN and wireless internet. As always, feel free to reach out any time with questions or if you’d like a demo.

Fortunately for us, the cameras were rolling…

Video Transcript

Hi. I’m Joel Mulkey, founder and CEO of Bigleaf networks. The world of business is in the middle of a massive shift right now. The cloud is taking over, and Office 365 is driving much of that. However, the connection between users and the cloud is preventing adoption in many cases. IT leaders are scared to deploy the great applications that folks like you were building. There are two main reasons for that.

The first is that the internet connection connecting to the cloud is unpredictable. We monitor thousands of internet connections all over and based on that data, we see that each internet connection on average experiences three and a half hours of downtime in given month. On top of that, if the connection up, it’s not necessarily healthy. You’ll see there are twenty-three hours of unhealthy time where the circuit is basically unusable.

The second major issue is that networks aren’t keeping up with the cloud revolution. Users are able to bring apps into their environment at any time, and Enterprise networks are built on static network policies. That’s a collision where the network is just simply not able to adapt as users procure and deploy these applications.

The cloud requires a new kind network, a new kind of Internet. One that’s smarter. That’s Bigleaf. Bigleaf has deployed software defined wide area networking (SD-WAN) to hundreds of mutual business customers. Those are Microsoft customers who are getting the application experience the developers intended because the network is no longer in the way.

Let me talk you through what this looks like.

Bigleaf is built into the internet backbone, the core of the internet. We also own and operate our own core Network. We deploy routers and servers and data centers all over.

We peer that network with hundreds of different networks, including [Microsoft’s]. We then deploy a small router at each customer location and between those endpoints we run our intelligent network software. This platform gives full visibility and control over the whole internet path ensuring that the application user is getting the experience that they should. Because we own this network, we peer it with over a thousand different Cloud applications. This means no matter what the user’s using, whether it’s a Microsoft app or something else, they get a consistent experience this what they were expecting.

Now want talk to you through four areas that we’re innovating in network today. The first is, when you deploy Network Technology, it needs to be easy to implement. Otherwise, it won’t be used. Bigleaf is simple. Our router drops in in between the customer’s firewall and their internet connections. That connects back to our core Network and that’s it. We don’t touch the LAN. We don’t touch the security. We simply focus on internet reliability and performance.

The second area is reliability. Users are expecting a very real-time experience today. If you’re on a key phone call and it drops, or even if it’s glitchy, people upset. Or, if you’ve got a video, you’re streaming and it picks the lates people wonder what’s wrong with the application or what’s wrong with the network. At Bigleaf, we address this through intelligent software that inspects each internet connection ten times second, gathering huge amounts of data on packet loss latency, jitter and capacity. We then take that data and make real-time routing decisions on it to keep the user experience great. You can think of it like a genius network engineer who has access to statistics on the whole internet path end-to-end, and who never takes any restroom breaks, never takes a day off and commits no errors.

The third area is flexibility. The problem with networks built on static policies, like much of today’s Network Technology, is that they don’t adapt to the continual evolution in applications where users are adding things constantly. At Bigleaf we believe users shouldn’t have to worry about how to make their network deal with new applications. So we use intelligent software that automatically identifies those applications through algorithms and heuristics and classifies them into six different categories. We then take that traffic end-to-end across the internet and prioritize it even when it’s congested our users get the best possible application experience without having to manually configure their Network.

The fourth area I want to touch on is autonomy. Autonomous software is very exciting. You’re all here because of that. What we see in the networking space is that it can be applicable to take away the low-level details of managing how to implement the network and releases people to focus more on the outcome that they really want. When I look at autonomous software, I see that it tends to sit in this Sweet Spot somewhere between full manual control and full automation in network software and routing technology.

Like what we do. You can automate it pretty heavily and have that be successful. That’s because computers are better than humans at real-time network monitoring and routing decisions. And the scope of the problem is small enough that you can build autonomous software effectively to accomplish things. Networks built on autonomous software means that administrators are happy because their networks behave like they intended them to, even when conditions change, and users are happy because their applications work right all the time. Bigleaf customers are happy customers.

We make their applications behave like they were intended with our direct peering to Microsoft network and our automatic classification of all types of cloud traffic. Bigleaf is the best way to connect to Office 365. If you want to learn more or talk about how we can work together. Please see me the back afterward. Thank you.

SD-WAN has become a confusing term. Just like “Cloud”, it can mean a few things. Here at Bigleaf we’ve put a stake in the ground — we are Cloud-first, providing the best possible experience for Cloud and other Internet based applications.

When I say “Cloud” in this post, I’m talking about public cloud, SaaS, hosted services like VoIP and virtual desktop, and other Internet-accessible resources. So when I say we’re “Cloud-first”, that means we built our platform from the start to optimize the experience for those applications rather than other networking needs.

The alternative, which other SD-WAN vendors have built for, is MPLS replacement. These “private networking first” products provide VPNs to connect offices together, to datacenters, or to private cloud environments. While we acknowledge there’s a need for private connectivity, and we have a strategy for it, it isn’t our primary focus.

These distinctions of SD-WAN/Cloud designs and use cases are crucial to understanding the value that SD-WAN brings for a business.

The Evolution of Enterprise Networking

Analysts and other industry experts agree that Cloud is taking over and private networking will become less and less important over time. But how long is that going to take? It certainly varies based on company culture, size, and geography. Based on conversations we’ve been in with IT executives, other vendors, and analysts, we believe the shift for the majority of businesses will happen over the next 2-5 years.

Here’s a great example from Cisco’s Global Cloud Index:

Public cloud services are growing far more aggressively (44% CAGR) than private (16% CAGR).

So if you agree with the industry experts that in 2-5 years Cloud connectivity will be more crucial than private connectivity, how should that educate your networking decisions?

Investing in the Future

We decided to build Bigleaf specifically for Cloud and other Internet based applications. We built our SD-WAN platform with a dedicated back-end core network. We co-locate our own equipment in datacenters, connecting over our own network, peering directly with every major Cloud provider, ensuring peak performance for Cloud applications. We deliver this as a fully managed, SLA-backed service, so customers can rely on us 24×7.

We also knew that customers would need time to migrate to the Cloud, so we built Same-IP failover and a dedicated outside-the-firewall deployment model. This provides the easiest possible deployments and migrations, plus a comforting security story, since customers don’t need to bypass or replace their firewall.

We believe Cloud and Internet optimization is the best and highest use of SD-WAN technology. If you want more from your network than just a cheaper alternative to MPLS, then we should talk. Bigleaf Cloud-first SD-WAN is the future of enterprise networking.

Bigleaf VPN Enhancement

You probably know that Bigleaf is the best way to connect to cloud-based applications like VoIP, VDI, and SaaS, over standard broadband. However, you may not know that many of our customers also use Bigleaf as their foundation for site-to-site connectivity, in combination with VPNs running on their firewalls. This diagram shows what that looks like:

Diagram showing how a VPN works with Bigleaf’s overlay tunnels

SD-WAN Complexity and Security Challenges

In the growing SD-WAN space many vendors seek to replace the customer’s firewall and establish site-to-site connectivity using their own equipment. The benefit of this approach is that it makes hybrid WANs leveraging both MPLS and broadband connectivity easier to deploy. This can be a useful design for Enterprise customers with large IT teams that want to keep MPLS as part of their WAN architecture. However, the downside of this approach is that it requires complex deployments and forces the customer to turn their security and firewalling over to their new (and often young) SD-WAN provider.

Bigleaf, Plug-and-Play, Outside the Firewall

Bigleaf provides a plug-and-play implementation that allows for a quick 5-10 minute self-install. Our onsite router drops-in outside of the customer’s existing firewall — no need for complex changes in security policies or equipment. Our philosophy is that most small/mid-sized customers (and many distributed Enterprise customers) would prefer to leave their security policies and firewalling to the trusted vendors that are well-established in the space (Cisco, Juniper, Palo Alto, Barracuda, etc.). We also believe site-to-site connectivity needs are diminishing every day as businesses move more and more of their key applications out to the cloud. Site-to-site connectivity needs that remain can often be addressed through a trusted VPN architecture, with a high-performance Bigleaf foundation.

Bigleaf Directs VPN Traffic

When a customer sets up a traditional VPN architecture via their firewalls, Bigleaf’s SD-WAN optimization directs and controls the tunnel traffic to provide a previously-unachievable level of VPN stability and performance. Bigleaf’s system will:

• Ensure the customer’s VPN rides the most stable ISP connection
• Fail-over the VPN tunnels when necessary (during both full outage and brownout situations) without dropping the VPN sessions
• Prioritize critical traffic within the customer’s VPN tunnels, through coordinated packet marking
• Prioritize the VPN tunnel traffic above other bulk traffic like Microsoft patch updates and YouTube streaming
• Provide all this functionality over commodity broadband ISPs with variable bandwidth, like cable

This is a great solution for customers looking to move away from an MPLS network to take advantage of cost savings, WAN redundancy and/or more ubiquitous connectivity options to cloud applications. For customers that don’t have the IT expertise to configure the VPN features on their firewall, there are many quality providers out there that can assist with managed VPN services. Please let us know if you would like us to connect you with one.

Bigleaf is here to make your IT experience easier and less stressful. SD-WAN technologies can be exciting and enable a ton of new capabilities, but if the end result is a complicated mix of expensive equipment and mind-numbing installation procedures and management, it can be a wrong-fit for many customers. At Bigleaf, our use of SD-WAN technology to complement (not replace) traditional VPNs provides a plug-and-play experience, and makes us truly unique in the marketplace.

SD-WAN stands for Software Defined Wide Area Networking. It’s a combination of Software Defined Networking (SDN), which was created for use in cloud data centers, and Wide Area  Networking (WAN) which is the network outside of your office (e.g. the internet, or site-to-site networks  like MPLS and Metro Ethernet).

The SD-WAN umbrella

Network engineers would love to strictly define SD-WAN, but marketing departments have turned it into an umbrella term, like “cloud.” There are many types of cloud services, like SaaS, PaaS, Public, Private, and Hybrid Cloud; and similarly there are multiple categories of offerings that come with an SD-WAN label. This guide will help you decipher the choices and shed some light on the decision-making process.

The 3 categories of SD-WAN

1. Cloud-managed routers and firewalls

How do you make 15-year old router and firewall technology look appealing? Add a cloud-based web management interface and market it as SD-WAN! That’s essentially what you’re getting with this category. You buy a network appliance to connect your ISP circuits into, and instead of logging into an interface on the actual device to configure it, you now log into the vendor’s shiny new cloud-hosted management dashboard.

Common labels

• Load Balancer, Aggregator, Firewall, Bonding Appliance, Link Balancer, Failover Router, Dual-WAN
• Cloud Managed, Cloud Provisioning, Cloud Based
• Centralized Management, Single Pane of Glass, Dashboard

Pros

• Low Cost
• Familiar Vendor

Cons

• 15-year-old technology at the core
• No real-time adaptation to ISP performance issues for cloud traffic
• Ineffective (upload-only, fixed rate) QoS
• Generally have access to all your private LAN data (see note on security in category below)

2. VPN services and devices

Most “real” SD-WAN offerings fall into this category. They are meant as a lower cost tool to displace MPLS for site-to-site connections. At their core, these devices and services provide site-to-site VPNs, just like standard firewalls or routers.

So the question becomes: what’s the difference between these SD-WAN solutions and standard network edge devices like firewalls? Well, there’s nothing significant at first glance. They boast of cloud-based management (as noted above), plus other existing networking hardware features like application or user-based security and routing policies, or WAN-optimization features like compression or TCP optimization.

But there is a major differentiator, and that is awareness of and adaptation to quality issues on the network paths between sites. Traditional firewalls and routers don’t monitor for or adapt to issues like 3% packet loss or 70ms jitter. These performance issues that affect real-time applications can now be identified and resolved through SD-WAN. Buyer beware: how this detection and adaptation works differs greatly by vendor, with varying results.

One big factor you’ll want to consider when looking at this category is that you’re now trusting your network security to your SD-WAN vendor. Since they’re providing the site-to-site VPNs, all of your private traffic is now touching their equipment, unencrypted. That brings up some questions:

• If someone hacks their cloud-based management can they access your private data? Are you sure?
• Is their system and/or company PCI, HIPAA, or [insert your compliance need here] compliant?
• How do their security practices and implementations compare with the security offered by major brands like Palo Alto, Watchguard, Checkpoint, Cisco, and others that spend huge resources on this?

If you choose one of these devices or services, be sure you feel good about the answers to those questions.

Common labels

• SD-WAN, Cloud WAN, Intelligent WAN, MPLS replacement, Hybrid MPLS, Cloud Networking, Overlay WAN
• Realtime, Adaptive, Dynamic, Variable
• Cloud-Managed, Orchestrated, Controller, Control Plane, Forwarding Plane
• Security Policy, Application Aware, Application SLA

Pros

• Usually lower cost than MPLS
• Adapts site-to-site traffic to changing network performance (but generally not public cloud applications)
• Strong QoS for site-to-site (not cloud) traffic, as long as network bandwidth is 100% stable (generally only SLA-backed fiber or T1s)
• All-in-one box for firewalling, VPNs, DHCP, NAT and other network edge needs

Cons

• Ineffective QoS for cloud traffic like VoIP, VDI/DaaS, and SaaS
• Non-seamless or no network performance adaptation for real-time public cloud traffic
• Many solutions are very expensive hardware, plus yearly maintenance/support fees
• Typically highly complex, requiring lots of configuration and fine-tuning
• Generally require ripping out your existing firewall, or disabling many of its features
• Often trusting your security to a younger company focused on fast growth

3. Internet and cloud optimization

Bigleaf is the leader in this category, providing optimization for access to the cloud, and for remote access to on-site resources. Public-cloud and other Internet-based applications are the most difficult to optimize connectivity for, because traditionally there is so little visibility and control to the public cloud. Unlike site-to-site VPNs, which are relatively simple to set up and monitor, connections to cloud services like VoIP and SaaS involve a lot more complexity.

To optimize internet-based applications like cloud, you first need visibility. Bigleaf monitors each internet connection from your office to the core of the internet 10 times per second, across the exact same paths that all of your data travels. This end-to-end monitoring typically covers over 98% of the path from your office to your cloud applications.

You then need control. Bigleaf routes all your traffic via our redundant gateway clusters in the core of the internet. We collocate these in datacenters called “Carrier Hotels.” These locations are the major internet peering points in each region, ensuring you have the lowest possible latency. Because we route all your traffic through these gateway clusters we have 100% control of the routing and QoS prioritization of your traffic. This dedicated network architecture is core to our success in optimizing cloud-based applications.

Of course, you also need the best possible network security. There are many vendors that have spent hundreds of millions of dollars building advanced network security offerings, and you’re probably already using them. With Bigleaf, you can keep using your best-of-breed security solutions, and still get cutting-edge SD-WAN benefits for your traffic! Bigleaf drops-in between your firewall and your ISP connections, optimizing traffic while your firewall handles security and VPNs. This creates a stable, reliable, and adaptive foundation for both cloud-based applications and site-to-site VPN traffic.

Common labels

• Internet Optimization, Cloud Optimization, Cloud Acceleration
• Distributed Architecture, Split Architecture, Cloud Routing
• Seamless Failover, Same-IP Failover, No-Drop Failover
• Intelligent Load Balancing, Mid-Stream Adaptation
• Cloud-Managed, Automated, Seamless, Simple, Plug-n-Play
• Dynamic QoS, Cloud QoS, QoS over Broadband, VoIP QoS, SIP QoS

Pros

• Automatically adapts both site-to-site VPN and public-cloud traffic to changing network performance
• Strong bi-directional QoS for both site-to-site VPNs and public-cloud traffic that adapts to changing network bandwidth (great for cable and wireless)
• Compliments existing firewall/security
• Doesn’t touch private network data
• Usually lower cost than SLA-backed circuits (plus Bigleaf adds a service SLA even when circuits don’t have one)
• Easy to use with no complex configuration

Cons

• Not an all-in-one network-edge box with advanced security functions
• Typically small increase in baseline latency
• Overlay tunnels add slight throughput overhead

Which SD-WAN option is right for you?

While there can be many considerations to end up at the right vendor, the decision of which category is pretty simple. Here’s an infographic with some basic questions to help you choose:

While SD-WAN can be confusing, I hope this guide has made the options clear and oriented you in the right direction. If you have any questions please don’t hesitate to request a demo, we would be glad to discuss if Bigleaf is best for your environment.

Bigleaf QoS Concepts, In-Depth

Let’s dive into the details, through all 5 concepts discussed in the previous post.

Smart Sacrifice

Legacy network appliances (routers, firewalls, load-balancers) provide a self-contained device that attempts to provide useful control of traffic at one point in the network path. These devices provide high efficiency (there is no tunneling overhead) and sometimes low cost for basic versions, yet sacrifice in almost every other area. For more details on how they compare, check out this comparison against Bigleaf.

Then there are the newer Software Defined Networking (SDN) entrants in this space such as Bigleaf. Some have adopted the term “SD-WAN” to describe use of SDN across Wide Area Networks (WANs). Unfortunately, just like “Cloud” can mean many things from private VMs to public-facing SaaS services to Hosted VoIP, SDN and SD-WAN are marketing terms that vary widely in meaning. Some use them to describe simple features like cloud-based device administration, while others use them to mean fully separated control/data plane architectures, and everything in between.

So the question you need to ask is, what are the sacrifices or tradeoffs they are making? Buzzwords don’t matter, the experience for your users does. Unlike other offerings, we at Bigleaf sacrifice a little bit of speed and latency for vastly improved reliability, performance, and user experience.

We do this by tunneling all user traffic through our gateway clusters. This means there’s tunnel overhead (typically about 8%) and a geography-dependent latency increase (typically 5-20ms). Internet-based applications don’t even notice the tiny latency increase, and with broadband circuits so prevalent, the tunnel overhead is basically meaningless. However, what this tradeoff gains us is Seamless Failover of all applications, effective QoS across the public internet, and everything else you read about on this website, without caveats.

Internet Path Visibility

Typical load-balancers and firewalls decide if an internet circuit is up or down by pinging Google or some other IP address out the circuit. If the pings go away then the circuit is down.

First issue here: Up or down, on or off, that’s the granularity available. Real-time applications like VoIP and VDI require far more delicate treatment than this, as they are sensitive to even 1% packet loss.

Second issue: Varying internet paths. Thanks to internet routing protocols like BGP, once traffic leaves your office it can take many internet paths, it’s “The Web”! This is a neat tool for viewing how hugely internet paths can vary. Below is a screenshot showing an example of why this is an issue.

The big dot is your ISP, some of those other dots are the stuff you’re trying to interact with on the internet. Notice how there are a gazillion paths? Just because the path to Google is clean, does not mean that path to your business-critical applications is clean, or even up!

So SD-WAN fixes this right? Not in many cases. With most other offerings, the providers will tunnel some of your traffic back to their cloud servers, but not other traffic. This is a huge issue when quality comes in to play. As this visualization shows, the path tunneled back to their cloud datacenter(s) may be clean, while other paths are nasty or even offline.

Here at Bigleaf we recognized that we can’t sacrifice visibility of what the internet is doing to your application traffic. We absolutely have to know what’s going on at all times for all traffic. Because of this, we tunnel all traffic back through our gateway clusters, your traffic and our monitoring traffic. This ensures that we have fine-grained details on performance of the full internet path that your traffic is taking into the core of the internet. With Bigleaf, the path our monitoring traffic takes is the same as almost the entire path to your VoIP provider, to Google, to Salesforce, and everywhere else.

We monitor that path 10 times per second with custom monitoring packets that our on-site router and gateway clusters pass back and forth. This gives our SDN algorithms packet-loss, latency, jitter, and capacity data for each direction along the whole path, updated in real-time.

There is a small portion of the internet path that we don’t fully see and control – the path between our gateway clusters and the endpoints your traffic is flowing to. Typically that path is just a few hops away on the backbone of the internet (which tends to be the most reliable portion), and with many networks it’s only 1 hop away over connections that we control.

Total Control

The state of QoS on most internet-facing routers and firewalls is sadly very broken. Users think they can check an “enable QoS” checkbox, put in a few rules, and have something that works. As mentioned in the previous post, inbound QoS is basically uncontrolled with on-prem-only solutions due to UDP traffic (and often TCP traffic too).

To get around this issue, we implement control at both ends of the internet path. For upload traffic we control everything at our on-premise router, nothing too special there. For download traffic though, we control all traffic in the core of the internet, at our gateway clusters. These gateway clusters are located in carrier hotels, essentially datacenters that are core internet peering points. We operate our own network rather than using cloud providers like Amazon where resources are shared. These decisions ensure that customers have the lowest latency to the endpoints they are trying to reach, and that we have complete autonomy to run the network in a way that provides maximum performance with no compromises.

In our gateway clusters and on-premise routers we classify user traffic into 6 different categories, rate-limit and queue traffic as needed to ensure proper QoS prioritization, and then send it out through our tunnels. Those categories are:

1. VoIP
2. Hi-priority Interactive
3. Med-priority Interactive
4. Low-priority Interactive
5. Bulk Transfers
6. Default

Because this is happening at both ends (your office and the core of the internet), we have full QoS control over almost the entire internet path. When we say that our QoS works you can believe it, and we’re glad to help you test it if you’d like.

A Creative and Evolving Ruleset

The six QoS priorities above are useless without rules to classify traffic into them. There tends to be 3 widely used philosophies to QoS rules:

1. Have none
2. Have none, except for a few specific ones for those really sensitive applications
3. Use Deep Packet Inspection (DPI) for super-fine-grained control with thousands of rules

#1 obviously is no good. #2 is getting better, but there are lots of basics it leaves uncovered. Maybe business critical applications will work OK, but users may hate the rest of their internet and cloud experience. #3 could be effective, but do you want to maintain that, and do you want to pay for hardware powerful enough to run each traffic flow through thousands of rules?

We’ve come up with a better, more creative method. We have a base ruleset that covers almost all applications, not solely with specific rules but also with other methods that identify traffic beyond basic ports and protocols (but without the overhead of DPI). This ruleset provides an excellent experience for almost every customer and application situation.

However, we acknowledge that any fixed ruleset won’t meet every need, and it needs to change over time. That’s one huge benefit of Bigleaf’s SDN technology – it evolves. When we update the ruleset with new optimizations, those get implemented on your service automatically. You get the benefits, with no additional cost or work. And if you need something custom that our base ruleset doesn’t handle then we can also implement custom per-site rules.

Real-time Adaptation

This part is pretty crucial. Without real-time adaptation, nothing described above matters. If the network devices at each end of a path don’t have accurate speeds set, then they can’t buffer traffic and prioritize it – other hops along the path will do that, almost surely without regard to your desired QoS priorities.

Pretty much all routers/firewalls/load-balancers are rather dumb about speeds for QoS. They either assume that the speed or throughput capacity of a given network path is equivalent to the speed of the port that it’s connected to (e.g. a 100Mbps ethernet port), or that if a speed is set in the UI for the port (e.g. 40Mbps) that the speed will never change. Internet paths are often congested though. Cable circuits experience heavy congestion in the last-mile. DSL and Ethernet-Over-Copper circuits often experience middle-mile backhaul congestion, and all circuits are prone to varying bandwidth due to network failures and peering congestion.

So how should this be fixed? We spent a lot of time back when we started Bigleaf working on this problem, because it’s not easy to solve. A few SDN-type solutions run a bandwidth test at boot-up or device set-up to evaluate the circuit throughput. The problem with that is that throughput changes! Consider a typical 50M/10M Cable circuit. At varying times it may have capacity like this:

• 6AM: 50M/10M
• 9AM: 43M/6M
• 2PM: 47M/7M
• 8PM: 39M/9M

Theoretically you could just set the QoS rate-limiting settings to 39M/6M for this circuit and have success, but what if you set it wrong? And what about all the bandwidth you’re wasting during better times? That’s not good enough for us.

We created a patent-pending mechanism that automatically adjusts the QoS rate-limiting settings as circuit capacity changes. This ensures that for both download and upload, you get the most possible speed from each internet circuit, without sacrificing constant QoS that’s always prioritizing traffic, even during times of ISP congestion. Our devices at each end are the only devices buffering traffic along the path, so we control the QoS priority.

QoS is One (big) Piece of the Bigleaf Solution

If an ISP circuit is so congested that there’s no “clean” bandwidth available, there’s just constant packet-loss, heavy latency, or bad jitter, then we’ll move your traffic off that circuit using our Intelligent Load Balancing. But for most situations Dynamic QoS is a game-changing feature that enables effective use of over-the-top services like VoIP and VDI across the public internet.

Please Sign Up for service, or Contact Us with questions.

Header image by Ministerio TIC Colombia
Last image by MattysFlicks

This is Joel here, Founder and CEO of Bigleaf, and that’s a question I got tired of having to find answers for. Back when I came up with the concept for Bigleaf, I had grown sick of implementing fancy new load balancers and multi-wan routers for customers, just to be disappointed by all the caveats and false promises. Look at the marketing materials for those devices and you’ll see terms like “Seamless Failover”, and “Intelligent QoS”, yet those promises fall empty in almost all cases, except for specific lab environments that aren’t seen in the real world.

Bigleaf is different. We’re passionate about truly providing effective internet optimization. One of the features we use to do that is our patent-pending Dynamic QoS Prioritization. Our QoS implementation is different that others in a number of ways, which we’ll explore in this 2-part blog series. This first post addresses our higher-level philosophical thoughts about QoS, and the 2nd post will be more of a technical deep-dive.

Bigleaf QoS Concepts

Below are the 5 overarching concepts that go into our QoS Prioritization design.

Smart Sacrifice

You will make sacrifices in your network implementation. Cost, reliability, speed, quality, relationships, and a number of other factors influence how you build your internet and cloud connectivity. At Bigleaf we believe that the cloud calls for a new priority ordering of sacrifices. You’re going to spend hundreds, thousands, or more each month on your cloud applications, and you need connectivity that’s worthy of those apps. We built the Bigleaf QoS system to sacrifice a tiny bit of network latency and cost, so that you can see huge gains in reliability and performance. You no longer have to settle for caveats and poor performance.

Internet Path Visibility

To provide effective QoS a network system needs to know about as much of the path as possible between the application and the users. As you move to Software Defined Networking (SDN) technology like Bigleaf, this is even more crucial. Networks can’t adapt to what they can’t see. Application developers are getting more creative about solving network problems via protocols like Multi-Path TCP, however only the network layer can provide QoS Prioritization, so it’s a crucial place to have visibility. Bigleaf extensively monitors the entire path that your traffic takes from your office all the way to our gateway clusters in the core of the internet. No traffic takes other paths, all of your traffic runs along the path that our monitoring traffic uses, so there are no hidden un-monitored “brownouts” or outages for lower priority applications.

Total Control

QoS doesn’t work unless you control all the traffic passing over a network path, in both directions, along the whole path. This is crucial. You can carefully configure QoS on your router or firewall, with lots of complex settings and rules, and not realize that it’s completely ineffective. And it’s really hard to test QoS properly, so you likely won’t even know until your co-workers complain of VoIP quality or other application issues.

Why is this? Here’s why: There are 2 primary traffic protocols on the internet: TCP and UDP. TCP is like a phone conversation, it goes both ways, and if someone’s talking too fast you can tell them and they’ll slow down. UDP is like a TV show, one-way, if they’re talking too fast then you’re out of luck, the show is useless. The only way to provide effective QoS prioritization is to have total control of download and upload traffic, for all protocols, including UDP.

An on-site load balancer, router, or firewall has no control of inbound UDP traffic (yes, their marketing literature is misleading). Some very expensive on-site devices will attempt to control inbound TCP traffic via hacks of the protocol’s return traffic, but this is only part of the traffic flow on the circuit, there’s still uncontrolled UDP traffic that will destroy QoS. It’s like you’re trying to have a phone conversation, but the TV is on really loud so you can’t hear and there’s no way to turn it down.

Bigleaf controls all traffic, TCP, UDP, and every other IP protocol, end-to-end between your office and our gateway clusters. Total Control for real QoS.

A Creative and Evolving Ruleset

Complexity ruins many great intentions. Do you have time to manage QoS rules all day long, or do you need to deal with business-critical work? Yes, it’s fun to geek out at times and tweak knobs and settings, but that fun quickly turns in to a hassle (or outright failure) with typical complex QoS implementations.

We take a different approach: plug and play ease. Our standard ruleset is creative, correctly handling new applications automatically in most cases. And as the ruleset evolves those changes propagate automatically to all sites, so you benefit continually from improvements. If you do need to get geeky to accommodate some esoteric application we can manage that via custom per-site rules, but our standard rules meet almost everyone’s needs well.

Real-time Adaptation

QoS only works when network devices at each end know how fast the network path is. This is a little-known fact, but it’s crucial for effective QoS. Network devices have to manage traffic flowing into a circuit so that the circuit doesn’t become saturated: full of traffic. If circuit saturation occurs then the devices trying to implement QoS are effectively doing nothing, their rules are no longer controlling the network prioritization. Yet almost all network QoS devices are completely naive of changing circuit bandwidth.

When using broadband circuits, or even SLA-backed circuits like T1s or fiber, the speed of the path between your office and the remote destination is often variable. Speed can be affected by issues along the whole path, last-mile, middle-mile and peering problems. Your internet QoS is ineffective if it’s based on a statically set speed.

Our patent-pending QoS implementation is Dynamic – it adapts to changing circuit bandwidths in real time to ensure that high-priority traffic like VoIP and other real-time applications experience true prioritization across the full path from your office to our gateway clusters in the core of the internet.

You Need It All

Without all of the concepts above, correctly implemented, and carefully managed, QoS across the internet is impossible. With Bigleaf’s Dynamic QoS you get the best possible experience for your VoIP and Cloud traffic in a simple-to-use service. Please Sign Up for service, or Contact Us with questions.

Check out Part 2 where we dive into some technical details about the above topics.

Feature and Last image by MattysFlicks