Cato's Cloud is Now Self-Healing


By: R. Scott Raynovich

Cato Networks continues to differentiate itself in the software-defined wide-area networking (SD-WAN) market by operating its own cloud-based network that includes a full suite of security offerings. Today the company added "self-healing" capabilities to its network, enabling both the core of the network and client endpoints to automatically reroute network connections if a specific link fails.

Here's how it works: Cato connects client endpoints with the Cato Client, as well as Cato hardware devices placed in data centers, to connect to the company's network of 40 worldwide points-of-presence (POPs). Cato operates these POPs with its own IP-based network overlay. If any of those POPs endpoints fail, the Cato network circumvents the connection by routing traffic around the failure. These high-availability -- or "HA" features -- are built into all the client, appliance, and POP layers with software.

Cato officials say this is a unique proposition that is required as the headlines about natural disasters point to the risks to infrastructure.

"We've always had self-healing but now we are extending it as an end-to-end feature from the data center to the endpoints," says Dave Greenfield, Cato's network evangelist.

What's key about this approach is that the re-routing of traffic is automated, without requiring network engineers to reconfigure connections of routers or switches. And the HA features operate at both client and core network levels, to provider distributed properties against failure.

The HA features are also built into Cato's new hardware appliance, the X1700 Socket, which comes with redundant power supplies and hot-swappable hard drives. These devices can be placed in data centers to protect against hardware as well as network failures. In fact, in the extreme scenario that all of Cato's POPs failed, the system can handle that by creating a peer-to-peer network among the client endpoints.

Cato says the HA features also extend to security, reconfiguring security policies to change dynamically with the network. The technology uses network routing algorithms and enhanced Border Gateway Protocol (BGP) features to detect new IP ranges and automatically update all relevant policies.

These network features are significant, making one of Cato one of the rare SD-WAN players that both owns its own global network while at the same time can control what happens in the event in a failure.