Empowering Optimized, Global Branch Networks across Multiple Geographical Regions
In the ever-evolving landscape of enterprise networking, Nepean Networks stands out as a global award-winning SD-WAN provider, delivering flexible, high-performance solutions since 2010. Specializing in partner-focused offerings for Managed Service Providers (MSPs) and enterprises, Nepean Networks excels in creating secure, resilient Private WANs (PWANs) that leverage advanced SD-WAN technology. What sets Nepean apart is its unique ability to run private WANs aggregated across separate data centers in diverse geographical regions, enabling highly optimized branch networks. This architecture ensures that edge nodes always connect to the closest data center, eliminating the need for inefficient hairpinning over long distances and dramatically improving performance, latency and reliability.
The Unique Architecture of Nepean Networks’ Private WANs
At the heart of Nepean Networks’ PWAN is a multi-tenanted SD-WAN mesh network, part of their Global Secure SD-WAN Cloud, which features over 50 ingress and egress points strategically distributed worldwide. These points act as distributed data centers or gateways, allowing sites to connect directly to one another via the mesh or through a secure gateway for internet breakout. This geographically diverse setup is a game-changer for global operations: instead of forcing traffic to route back to a central hub (hairpinning), which can introduce significant latency over long distances, Nepean’s system intelligently directs traffic to the nearest ingress/egress point. For example, a branch office in Europe can aggregate connections to a nearby data center in the region, while an Asia-Pacific site uses a local one, ensuring optimized routing without unnecessary transcontinental hops.
This aggregation capability supports carrier independence, bonding multiple internet connections from various providers (e.g., fiber, leased lines, 4G/LTE) and scales bandwidth dynamically as needs grow. The result is a robust overlay network using private IPs between edge nodes, providing secure, low-latency communication for critical applications like VoIP and video conferencing. Failover occurs in under 300ms and features like data compression can boost throughput by up to 400%, making it ideal for remote or multi-site deployments. In essence, Nepean’s architecture transforms traditional WAN challenges into efficient, cost-effective solutions, rivaling MPLS in performance but surpassing it in flexibility and affordability.
Demystifying SD-WAN Private WANs: The Fundamentals
SD-WAN private WANs may sound fancy, but at their core, theyβre not as complex as they seem. If youβre familiar with the fundamentals of IP networking and router concepts, youβre halfway there. Letβs break it down in plain terms.
Itβs Basically Like a Cisco 2600 Setup
Think of an SD-WAN device as being conceptually similar to a Cisco 2600 router. In the old-school days, if you wanted to connect multiple sites, you might set up GRE (Generic Routing Encapsulation) tunnels between locations. Each site would have a base IP and potentially a routed subnetβthis could even be as specific as a single IP (/32) routed through that base IP.
An SD-WAN private WAN works in much the same way:
It has a base IP address.
A subnet is routed via the base IP. This could be any size, from a larger block to a /32.
The sites are interconnected over the internet, forming a mesh or hub-and-spoke topologyβjust like you would with GRE tunnels.
But Instead of GRE Tunnels, SD-WAN Uses Linux Networking
Hereβs where things get interesting. Most SD-WAN solutions are built on stock Linux and instead of relying on GRE, they use Linux network namespaces. These namespaces create isolated networking environments that behave much like the VRFs (Virtual Routing and Forwarding) used in MPLS networks.
So, in essence:
Each namespace functions like its own virtual router.
Traffic between these namespaces can be securely encapsulated, routed and managed across the internetβeffectively creating a private WAN that behaves like MPLS but without the cost or complexity.
How Linux Network Namespaces Work & Their Similarity to MPLS VRFs
Linux network namespaces are a powerful feature that allows multiple isolated network stacks to exist on the same machine. Each namespace operates as if itβs a completely separate network environment, with its own routing tables, interfaces and IP configurations. This functionality mirrors the behavior of VRFs (Virtual Routing and Forwarding) in MPLS, which are used to create virtualized, logically separated networks over shared infrastructure.
What Are Linux Network Namespaces?
A network namespace in Linux is essentially a container for network resources. When a namespace is created:
It gets its own set of network interfaces.
It maintains its own routing table and nftables rules.
It can have its own loopback interface, which is isolated from the host system and other namespaces.
This means that processes within a namespace only see and interact with the network stack of that namespace, creating a virtual network environment independent of others on the same machine.
Example:
Namespace A has interface veth0 and routes 192.168.1.0/24.
Namespace B has interface veth1 and routes 10.10.10.0/24.
These namespaces do not share routes or communicate unless explicitly configured to do so.
How Do They Compare to MPLS VRFs?
The concept of network namespaces aligns closely with VRFs in MPLS:
Isolation: Both namespaces and VRFs provide logical separation of routing domains. In MPLS, VRFs are used to segregate customer traffic, ensuring one customerβs routes do not interfere with anotherβs. Similarly, namespaces keep network configurations isolated on the same Linux host.
Routing Tables: In MPLS VRFs, each VRF has its own routing table, which dictates how traffic is forwarded. Linux namespaces achieve the same by maintaining independent routing tables for each namespace.
Scalability: Just as MPLS VRFs allow providers to support multiple customers over a single physical infrastructure, Linux namespaces enable multiple network environments to coexist on a single machine, whether for containers, virtual machines, or SD-WAN.
How Linux Namespaces Are Used in SD-WAN
In SD-WAN, Linux namespaces are often used to emulate the functionality of VRFs to create isolated routing domains for different sites or customers. Hereβs how this works in practice:
Namespace for Each Site or Service: Each site in an SD-WAN deployment can be assigned its own namespace, keeping its routing and traffic handling isolated from other sites.
Encapsulation and Interconnection: Namespaces can be interconnected using VPN tunnels, such as WireGuard or IPsec, to simulate the customer isolation provided by MPLS VRFs.
Dynamic Routing: Routing protocols (e.g., BGP or OSPF) can run within each namespace to ensure dynamic and flexible traffic management.
Why Namespaces Are Powerful for SD-WAN
The use of Linux namespaces in SD-WAN solutions provides several advantages:
Cost Efficiency: By leveraging open-source Linux features, SD-WAN eliminates the need for expensive MPLS infrastructure while maintaining similar capabilities.
Flexibility: Namespaces can be created, modified, or removed dynamically, allowing SD-WAN to adapt to changing business needs.
Feature Parity: Namespaces offer the same routing isolation and control as MPLS VRFs, making them an ideal building block for private WANs.
Linux network namespaces are a modern, software-driven alternative to MPLS VRFs. By providing isolated network environments within the same system, namespaces enable SD-WAN solutions to deliver the same level of traffic segregation and routing control as MPLS, but without the cost and complexity. This makes namespaces a foundational technology in the evolution of networking, enabling businesses to create scalable, flexible and efficient private WANs over the internet.
Where the Magic Happens: The βSecret Sauceβ of Nepean Networks
The real differentiator in Nepean Networks SD-WAN isnβt the basic connectivity setupβthatβs relatively straightforward. The magic lies in the features and applications that has been built around this foundation. The implementation from Nepean Networks is unique and its makes difficult tasks simple. Hereβs what makes it shine:
Automation
Dynamic path selection: Automatically chooses the best path for traffic based on real-time network conditions like latency, jitter and packet loss.
Zero-touch provisioning: Devices can be deployed and configured remotely without manual intervention.
Visibility
Centralized dashboards provide a single pane of glass for monitoring all sites, traffic flows and application performance.
Detailed analytics help pinpoint issues and optimize performance.
Security
Built-in features like encryption, firewalls and intrusion detection/prevention ensure secure communication across the public internet.
Policies can be centrally enforced to maintain compliance across all sites.
Optimization
WAN optimization techniques like traffic compression and deduplication improve throughput and reduce bandwidth consumption.
Quality of Service (QoS) ensures critical applications (e.g., voice or video) get priority over less important traffic.
SD-WAN actively monitors and adjusts for network conditions to deliver a consistent user experience.
Real-time traffic, such as voice calls, gets preferential treatment to ensure crystal-clear audio.
Quality of Experience (QoE)
SD-WAN actively monitors and adjusts for network conditions to deliver a consistent user experience.
Real-time traffic, such as voice calls, gets preferential treatment to ensure crystal-clear audio.
Nepean Networks SD-WAN: The Holy Grail of SD-WAN Networking
When all of these features come together, Nepean Networks SD-WAN transforms from a simple private WAN to the holy grail of networkingβa single pane of glass that combines:
Routing: The basics of IP networking, but smarter and centralized.
Firewalls: Integrated security at every edge.
Network Management: Centralized control and visibility across the entire WAN.
WAN Optimization: More efficient use of bandwidth.
Quality of Experience: Enhanced application performance and reliability.
Nepean Networks SD-WAN private WANs leverage tried-and-true networking principles and enhance them with modern Linux-based technology. While the underlying concepts are familiar (think Cisco 2600 with GRE tunnels), SD-WANβs real value comes from the advanced features built around the connectivity layer. This makes SD-WAN a cost-effective and highly flexible alternative to MPLS, perfect for todayβs businesses needing secure, efficient and reliable networking across dispersed sites. With Nepean Networks’ innovative approach to geographical aggregation and mesh optimization, enterprises can achieve unparalleled performance without the pitfalls of traditional WANs.