Winning WAN Ways

Peter Welcher
Architect, Operations Technical Advisor

This blog is an update on what the recent startup Graphiant brings to WAN networking. See also the launch blog from NFD29.

From what I hear, Graphiant is growing by leaps and bounds. And as they’ve grown and staffed up, their website has a lot more content on it. I’m going to try to describe what they do and provide a high-level technical overview. I like what they’re doing, so apologies if this blog ends up sounding like a commercial. (Fanboy here! Well, maybe fan grandpa, #4 g-kid due soon.)

First, what space is Graphiant in? I’d call it something like NG-WAN, competing with SD-WAN and managed or MPLS services. It was founded by the team that built Viptela, acquired by Cisco. It represents a rethinking of how to do SD-WAN better. And it is NOT looking to be acquired.

How does it compete? Graphiant does have edge routers as SD-WAN vendors do. (1) It uses local connections to a nearby Equinix location (2) and CoLo-based circuits between CoLos, providing (3) efficient end-to-end encryption and (4) flexible connectivity between sites, to CSPs and to business partners, but (5) with SLAs for the core network. (The latter perhaps being the one really desirable aspect MPLS had that SD-WAN generally lacks. Well, managed core routing or forwarding arguably being another.)

The NG-WAN Space

A relevant detour, if you will.

There is competition and different approaches to WAN as the SD-WAN space mutates. Let me just discuss the categories of services I see and then move on.

  • SD-WAN: forms of VPN over the Internet for WAN. Cheap but lacks SLAs, you can manage anything along those lines. Faster self-provisioning (or managed service).
  • MPLS: costly predecessor, why SD-WAN took off? Long lead times re provisioning.
  • CSP WAN, e.g., Amazon WAN: CSP provides virtual router services, either SD-WAN/VPN based or direct links. Convenient but perhaps single CSP lock-in. Cost for data egress? Still can leave you in the circuit provisioning business. SLAs? Leveraging CSP global backbone a plus.
  • Traditional forms of inexpensive WAN links. Issues: lead-time, cost, managing them. Provisioning lead-time and low flexibility. Services tend to be CoLo-based, leveraging the big pipes from those sites to provide WAN services. Examples: Equinix, Megaport, and PacketFabric.
  • Bare metal leasing. E.g., Equinix. Get lower cost shorter-range circuits into regional CoLos, lease a physical router there, use the backbone to interconnect the routers, and connect to CSPs. Sometimes combined with bare metal firewalls. Equinix provides a web GUI for ordering such services.
  • Virtual routers: growing market featuring various parties, e.g., the CSPs as above, or the WAN link providers. I’ll perhaps revisit this topic in a month or two.


Graphiant is arguably a re-mix of many of the elements above, provided as a managed service.

It is SD-WAN like in that you put one of their edge boxes at your premises. It connects via circuit or Internet to a CoLo-based Graphiant managed router. This much is MPLS-like, with a Customer Edge or CE router connecting to a Provider Edge or PE router (called Graphiant Edge, so “GE”?). Except that the VPN aspect allows for rapid initial connectivity, e.g., while selectively putting circuits in place at the edge. The tunnels do not have to be pre-configured. From a consumer perspective, you specify the connectivity you want, and the encryption happens auto-magically.

Here’s a screen capture from their website:

What’s different is the middle part and the encryption. Header and payload encryption are used at the edge, and in the Graphiant core, the header encryption is replaced by tags, like MPLS Segment Routing. (“Graphiant stateless core” – it just routes and tag switches.) This helps alleviate encryption overhead, and allows for the privacy of end to end payload encryption without imposing the cost of header or full packet decryption in the middle. This may vastly decrease the cost of the core hardware, allowing it to just do forwarding without decryption/re-encryption costs. It also provides end customers end-to-end security.

The Graphiant core routers currently run in Equinix bare metal edges and leverage cost-effective links out of Equinix CoLo sites. They readily connect to other Equinix locations and CSPs. And who knows, other CoLo sites may well get included. My take is that the Equinix bare metal services allow Graphiant to spin up new routers and scale up quickly.

In the core, your traffic runs over CoLo-based circuits, which are well built-out, cost-effective, and generally have lots of spare capacity as CoLo providers generally try to stay ahead of bandwidth demands. And that plus core QoS is what lets Graphiant provide solid SLAs cost-effectively.

You get web GUI controls for the edge routing (my hasty impression is SD-WAN like, but simple). Ordering and configuration is done via the Graphiant Portal. And provisioning the onsite Graphiant CE devices is done by their partner(s).



Videos (Tech Field Day):


If you’re not happy with your current WAN or SD-WAN service, its costs, or would prefer Networking as a Service (Naas) and offloading management to someone else, Graphiant might be of interest. Ditto if you really need core WAN SLAs, and IPsec or other VPN over the Internet just isn’t good enough.

Disclosure statement