Cato Networks Edge SD-WAN
Zero-touch device ready to work in minutes
Link Aggregation
Cato improves capacity and resiliency by balancing traffic across links. Multiple link aggregation scenarios for MPLS and Internet circuits (fiber, DSL, cable, 4G/LTE, or 5G) are supported. In active-active mode, Cato balances traffic across last-mile circuits. Using active-passive or active-active-passive, customers can designate one or two active connection(s) and a secondary connection for reliability purposes.
- Regardless, should a brownout or blackout occur on a link, Cato instantly switches traffic to the best available link. Customizable management policies guide link failover, prioritizing applications so business-critical applications continue to receive the optimum capacity. Preconfigured timers determine failback, preventing flapping from disrupting network operation.
Dynamic Path Selection
Applications receive the optimum network experience with Dynamic Path Selection and Policy-based Routing (PBR). Cato Socket monitors link quality metrics (jitter, latency, and packet loss), dynamically selecting the optimum link based on preconfigured network rules. Using Cato’s PbR capabilities, applications can also be pinned to specific transports, such as restricting business-critical applications to high-quality, symmetric fiber links and leisure applications to lower-quality, asymmetric links.
- Network rules describe application routing through traditional application and network information, as well as Cato’s identity awareness capabilities. Identity awareness allows use of familiar constructs, such as team, username or other Microsoft Active Directory (AD) attributes, making policy creation intuitive and providing the highest level of policy abstraction.
Application Identification
Cato’s advanced Deep Packet Inspection (DPI) engine automatically identifies thousands of applications and millions of domains on the first packet. This robust library is continuously enriched by third-party URL categorization engines and machine learning algorithms that mine a massive data warehouse built from the metadata of all traffic flows traversing Cato Cloud.
- Customers can also configure policies to identify custom applications or have that done for them by Cato engineers.
Bandwidth Management and QoS
Cato aligns network usage with business intent through Bandwidth Management rules. The rules assure that more critical applications always receive the necessary upstream and downstream capacity, serving other applications on a best-effort basis. Rules contain priority, class of service, and capacity limits, if relevant.
- Administrators can modify or create rules, network-wide or per site. Detailed analytics for all rules can be easily seen through Cato’s advanced reporting capabilities.
Packet Loss Mitigation
To address last-mile packet loss, Cato employs numerous mitigation techniques. The effects of packet loss are dramatically reduced by detecting lost packets nearly instantly in the nearby PoP and not the remote destination. When packet loss does jump, Cato Sockets automatically detect the change and switch traffic to alternate link(s) connecting the site. Cato intelligently resumes the use of primary links to avoid link flapping.
BGP Integration
- When organizations consider WAN transformation, they can face the migration challenge of integrating SD-WAN with their existing routing infrastructure. Without routing protocol integration, companies end up having to manually configure multiple static paths to connect their routed and SD-WAN infrastructure.
Configuration and Management Application
Cato provides a single-pane-of-glass for managing networking and security infrastructure. The Cato portal provides more than just visibility into the SD-WAN; customers and their partners can also configure, manage, and troubleshoot their networks. An overall view provides a snapshot of the global network including cloud resources and mobile users. Detailed statistics can be accessed by drilling down into each entity. Security services are available from the same interface.
Real-time Analytics
- To troubleshoot problems, Cato includes real-time network analytics providing metrics on jitter, packet loss, latency, packet discarded, throughput, and dropped packets for both upstream and downstream traffic. Mean opinion score (MOS) ratings provide real-time insight into the quality of experience across Cato Cloud.
Event Discovery
- Event Discovery (called Instant*Insight) provides any IT team with the advanced hunting and research capabilities of a high-end operations center. Event Discovery organizes more than 100 network and security events into a single, queryable timeline. Complex queries can be easily built by selecting from the types and sub-types of events presented on the screen. The data warehouse is stored and maintained by Cato.
Zero-Touch Deployment
- Without local IT personnel, branch deployments have long challenged IT, requiring remote network and security appliance configuration and personnel visits on-site. Cato addresses branch challenges with zero-touch deployment. The Cato Sockets only need power and an IP address — dynamic, or static, it doesn’t matter — to become operational. Once on the Internet, Cato Sockets automatically connect to the nearest Cato Point of Presence (PoP) and configure themselves.
Meshed Topologies and Scaling
- Applications have different topology requirements. Some, such as client-server applications, work fine when the network is configured as a hub-and-spoke; others, such as a voice, are more effective when the network is configured as a full-mesh. Cato’s unique architecture allows any network configuration, providing customers with fine-grain control over the sites, cloud resources, and users' access to one another. In addition, Cato imposes no practical scaling limitations on network size or topology. Cato can support fully meshed configurations of hundreds of locations without requiring segmentation or additional SD-WAN equipment.
High Availability (HA)
- Cato’s Affordable High Availability (HA) guarantees continuous operation in the event of a Socket failure. Primary and secondary Sockets are connected via VRRP, seamlessly switching over without disrupting application sessions. Should a Socket’s Internet connection degrade or fail, the Socket automatically reconnects to the best available PoP. Affordable HA carries no additional recurring charge; deployment is simple and completed in minutes.