Cloud native WAN

Disclosure: The kind folks at Pureport have provided me with free access to their platform for testing purposes.

During my career I have seen many companies of all sizes struggling to setup reliable connectivity links that suited their needs. VPNs, Direct Connect / Express Route, integrate their branch offices, get into 3 or 5-year long contract with telcos, long waiting times for provisioning or changes, relying on 3rd parties for any changes, … I’m sure you all can relate to one or all of these pains.

It is clear that the next summit to be conquered by the software industry is to simplify complex connectivity solutions. Azure, GCP and AWS are doing their fair share of simplification, but mostly inside their networks and in some occasions (Azure VWAN) with some selected connectivity partners.

One of my more solid beliefs 🙂 is that VPNs are probably one of the most expensive products a company has ever to support, mainly because of the complexity of the solutions, the personnel you need to hire to maintain it and the amount of downtime you eventually accrue over the years. In my last two support roles, VPNs were pretty much the #1 product in case volume.

What if someone came around and offered a way to simplify and glue together all your VPN and connectivity options? What if that was offered as an API-first product, so you could configure your connectivity infrastructure to self-heal, scale and provision in an automated fashion? and even more important, what if all these could be affordable for companies of any size?

This is what the folks at Pureport are doing. In a nutshell, they offer a wide area network (WAN) with a series of points of presence (PoPs) where you can connect your VPNs, Direct Connect, ExpressRoute or Google Cloud Interconnect circuits. They operate this speedy and resilient network between their PoPs, so Pureport takes care of backhauling all your traffic between branches and cloud regions. Have you ever had any technical or administrative headaches with MPLS networks? Then this is definitely for you.

When I first heard about them I thought their product was similar to one of my side projects. How wrong I was! 🙂

They offer their customers the possibility of having a fully programmable WAN for companies of any size. Everything is dynamic with Pureport, so you can provision, deprovision, build, rebuild, update, change, delete pretty much anything in your WAN through their API, whilst you can connect pretty much anything to it.

Quick example

My simple WAN with an on-premises site connected to Pureport through VPN in Seattle and my AWS VPC connected through DirectConnect in Washington DC

In the above scenario, my on-premises HQ in Seattle can communicate to an AWS VPC through a local VPN, that’s all I need to know, but behind the curtains Pureport backhauls that traffic through their network, delivering it to my Direct Connect link in Washington DC as my VPC is in AWS us-east-1.

What if I wanted to add a new branch in e.g. Dallas? As simple as adding a new connection to my network in Pureport, filling in the requested information (peer IP address, PSK, BGP or static routing settings, NAT, etc) and Bob’s your uncle. Adding a new site took me a couple of minutes, plus another few minutes for the provisioning on the Pureport side

Now we’ve got a mesh network of 3 sites, using different connectivity options.

I could keep adding more connections such as VPNs to other branches, to 3rd parties such as vendors or customers, to different cloud providers by using their direct connection options (DX, ER, Interconnect), etc

All their connectivity options support BGP for dynamic routing updates or just plain old static routing, plus NAT options if you are on-boarding 3rd party networks that overlap with your IP address space.

If you are leveraging BGP across your Pureport‘s network, doesn’t matter how complex your network is, adding a new site and having it fully integrated in your routing tables is a matter of minutes. This enables scenarios where you manage your infrastructure as code and provision / deprovision new sites (e.g. new Azure VNets or AWS VPCs) on the fly, without human intervention and without human mistakes at all.

I’ve found Pureport useful for having all your WAN needs in one single view and controlled from one place. You can create isolated networks per project and consultants can manage the WAN of their customers with a few clicks or API calls.

Overall experience

I haven been on and off testing Pureport for a few weeks now, but life always gets in the way and I couldn’t spend as much actual time as I wanted. Some things that I did not try are the API, even though creating API keys is damn easy from their portal and their API is fully documented and testable from the portal.

You can try any API call from the portal itself!

The folks behind Pureport have a wealth of experience woking with enterprise-grade customers, so their product supports many enterprise features from the get go, such as roles, members, child accounts, etc

I only hit one clear bug during my tests. I reported it and not only I got an almost immediate response, but it was fixed and in production that same day. It also turns out they also became aware of it a bit earlier than I reported it, meaning their proactive monitoring seemed to work as expected. Kudos to them for that.

So far their network expands through the US and has 5 PoPs or locations, including both coasts, but during a conversation with them it transpired that they are looking at expanding outside the US.

Conclusion

Pureport is a great solution for consolidating your WAN connectivity needs and making sure you minimise the amount of interoperability issues between VPN vendors. It also unlocks scenarios like e.g. easily connecting Direct Connect to Express Route.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.