When it comes to networking and dealing with branch networks, a very common, tried and true method of connectivity, was to use an encrypted IPSec VPN tunnel. This allowed traffic to securely be transmitted over the WAN between the locations without the risk of data exposure during transmission. The fact is though, there is a time and a place for these IPSec overlays. Depending on the specific network scenario you are dealing with, there may now be a better way to connect these networks.
Downsides of IPSec Overlays
128 Technology is a company providing a new method to connecting networks over a WAN connection. Their drive with this mission is to provide a better, more modern way of establishing this secure connection between locations. They are doing this with secure vector routing where the first transmitted packet provides session information about the payload, including original source and destination, and how the transmission will occur. Following packets have this metadata changed to the ingress and egress waypoints that will be utilized for the transfer. Once the destination waypoint is reached, the data is returned to its original state with the original source, destination, and port information.
With this process, there are two main points that I take away from their argument on why using an IPSec overlay might not be the best option. This breaks down into simply bandwidth and hardware resources.
When looking at a standard IPSec VPN situation, the fact is that every packet sent via this method has so much of itself dedicated to the overlay and those requirements as such. This includes things such as different headers and trailers that would not be present without an encapsulated transport method.
128 Technology uses metadata within a packet, which includes original source and destination as well as ports, and then encrypts the data as needed. As needed meaning data such as HTTPS streams will not be double-encrypted. This is all done without the overlay and via a secure vector routing method. By scrapping the IPSec overlay and freeing up that space in each packet, more of a user’s true data payload can be transferred in each packet, making the overall transfer faster.
With an IPSec VPN tunnel situation, the router or firewall that you are working with needs to maintain each and every IPSec session for each of the tunnels in use. This is not an issue for small and maybe even medium size businesses, but once you look at the large enterprise scale configurations, the amount of hardware resources needed can skyrocket when you are increasing the number of IPSec tunnels being used. The scalability of this method of networking becomes more and more difficult the more it is used.
A New Twist on SD-Wan
128 Technology has a new, SD-Wan method of connecting your remote networks over a WAN connection. It does NOT use IPSec like so many solutions do, but uses a unique method of routing and packet encryption as needed to keep your data secure. This method of secure vector routing has benefits for small, mid, and large enterprises alike. Smaller enterprises might not have the circuit speeds of a larger enterprise so they are looking to maximize throughput wherever they can. On the other end of the spectrum, large enterprises are looking to increase scalability and cut hardware costs where possible. 128 Technology has provided a single method that can help in each of these cases. That’s my take on what they are currently doing and why I see this as potentially beneficial for a lot of situations. So many solutions are tailored to one “type” of environment and it’s always refreshing to see a scalable solution that can be used across all sorts of environments in the same manner.
128 Technology recently hosted a Tech Field Day Exclusive event where they showed off their platform and capabilities. For more info on how their secure vector routing works, here is a great video explaining more: