Over the past few months we have been putting our service through a series of tests run by us internally, by customers, and by third parties, and the results have been incredible! We believe it’s by far the fastest, easiest, and most reliable way to connect your distributed workforce -- employees working from home, mobile users, or branch offices -- with cloud services and on-premise resources.
We had Ananda tested against leading legacy VPN products, as well as newer “SASE” (Secure Access Service Edge) solutions. In this blog post, we will share some of our results and talk about how we are able to get such results.
In case you don’t wish to read through this entire blog post, here’s the bottom line. While performance can vary from location to location, between different carriers, and even at different times of the day, we have seen speed improvements of anywhere from 100% to 2,500% (and in some extreme cases we have seen as much as 8,000%)! We are also seeing better link quality in terms of latency, jitter, and other key parameters when compared to legacy VPN solutions, SASE services, and many times even when compared to the raw Internet.
Below is a snippet of our testing. Unfortunately, we won’t be disclosing specific vendors since this has got companies into hot water recently. We encourage anyone who is curious to try to replicate our results with the few top vendors in each space (just google “top SASE providers” or “enterprise vpn solutions”.)
Ananda vs. well-known VPN brand X
A few words about testing methodology: The test below averages out communication speeds across seven different geographical regions and providers (covering US East coast and West coast, Europe and Asia), showing the speed boost in comparison with one of the most commonly deployed VPN solutions. We used iPerf3 and wget for benchmarking. Since the Ananda network learns and optimizes the traffic over time, we let the benchmark run for a while to reach peak results.
As you can see, Ananda is almost always significantly faster (over 3x on average), and can get as much as 10x and above for certain providers and geographies. In fact, in real-life scenarios Ananda would generally be faster than the above simulated scenarios. Stay tuned to more testing information.
Ananda vs. well-known SASE brand X
As a second test, we tested Ananda against some of the leading SASE solutions out there. Even though SASE is considered to be a more modern solution than VPN, we still saw throughput increase of 2x-3x on average for most geographies we had tested. So SASE solutions did a little better than VPNs, but were still slower. In some scenarios, most existing SASE solutions are unable to provide connectivity or can do so very inefficiently (for example, when testing communications between different cloud providers). In such cases Ananda was able to show 10x the speed or more compared to these SASE solutions.
Testing network reliability
Reliability is as important as speed, if not more for many use cases. Take for example many companies connecting manufacturing plants, ICS/SCADA equipment overseas with data centers and cloud services in the US or Europe. These devices are mission-critical and need the connection to be as reliable as possible, and a lot of time and expense is spent on making that happen.
Our tests showed that in addition to speed, Ananda improves on other network quality attributes and shows much more consistency over time as compared to a VPN connection or even when compared to the regular Internet when it comes to packet loss, disconnects, jitter, latency and other key parameters. Below is an example of a more reliable connection and lower latency achieved with Ananda.
How did we accomplish this?
Below are some of the elements that go into Ananda to make it faster and more resilient. Some other elements we consider as trade secrets, so this is a partial list.
#1 A distributed vs centralized network
Ananda is not yet another centralized network, such as a VPN or a SASE implementation, whereby your traffic goes through a gateway (physical or virtual) or a set of gateways. In the case of a VPN, traffic typically goes to a gateway in the data center, and then it goes on to the destination host inside the data center (or worse yet, on to the cloud or SaaS application). In the case of SASE solutions, the SASE vendor is typically running such gateways in dozens of locations, so each packet flows to one of the nearest locations, or POPs, and then on to its final destination.
Unlike these centralized implementations, with Ananda, any two nodes can communicate directly without an intermediary gateway or proxy between them. This means in many cases the packets can take the shortest, fastest route between point A and point B, rather than taking a “detour” from point A to a gateway or POP, and then to point B. This is especially important when talking about nodes that are relatively close by, such as in the same city or state, not to mention nodes that are in the same physical data center or public cloud! Our tests we shared don’t show the full impact of such centralized architectures on performance, such as where traffic is backhauled through an enterprise VPN gateway and then goes to a cloud instance. In real life scenarios, Ananda could provide another order of magnitude boost in performance.
Even if your network is blazing fast, if it stops working, speed doesn’t really matter. From a reliability perspective, a software-based, distributed architecture removes the reliance on the vendor to provide the actual network’s “data plane” that can be a single point of failure. If your SD-WAN device (either virtual or physical) fails, you’re done. If the SASE POP is down, you’ll either get disconnected or move to a less ideal POP. The Ananda architecture just doesn’t have all these potential points of failure, as it doesn’t rely on any hardware or POPs to capture network traffic.
#2 Optimizing protocols
Many of the protocols we use on a daily basis were never designed for use over the WAN, as they are too “chatty” or unreliable. VPNs introduce tunneling protocols that slow down your traffic even further.
Without going into all the secret sauce involved, Ananda can tweak the protocols to make them more “friendly” to the WAN and essentially create a LAN over the WAN that allows these protocols over it. Our tunneling protocol used is also more modern and doesn’t introduce the same issues as the old IPSEC and similar VPN tunneling protocols.
#3 Optimizing routing
When applicable, Ananda can accelerate traffic further by introducing Nitro™ relays as waypoints to force superior routing of the communications. This is especially useful over longer distances. How does that work?
In addition to facilitating direct connections among its network nodes, Ananda is able to dynamically spin up Nitro™ relays in hundreds of locations across multiple public clouds to be used for additional traffic acceleration. Using machine learning, Ananda may determine that taking a route from a source node, through a Nitro relay (or multiple relays) in a specific location, and on to the destination node provides better link quality. In which case, Ananda will choose this Nitro-assisted connection option. This method improves on the Internet’s routing both in terms of connection speed and connection reliability. And since Ananda is using multiple cloud providers, even if there’s a localized issue with a certain cloud providers, carrier, or region, it can use another to provide the greatest resiliency. Switching over does not disconnect your connection because it’s seamless to the Ananda overlay network.
#4 Creating a self-optimization network
Nodes on the Ananda private network continuously test for an optimal connection. This connection might be a direct connection, a connection that goes through a Nitro™ relay in one of hundreds of locations, or involve different encapsulation protocols. Depending on nodes’ locations, carriers, peering, network congestion, ISP quality of service, and other parameters such a decision is made. For example, an Ananda node A wishing to connect to a node B will do the following:
· Receive a list of candidate connection options from the Ananda control plane.
· Test each option and compare the throughput, packet loss, jitter, and other parameters: a direct connection, a connection via one or more relays, and a connection using different protocols.
· Choose the best combination and forward packet over the chosen connection.
· Keep revisiting continuously and switch over as needed.
In our tests, it was clear how switching to the best connection route and protocol significantly improved performance, and also made the connection much more resistant to underlying issues with the Internet.
One more thing…
One more thing about performance. We are constantly working on improving it, and we have a lot in the works. Expect our releases in the coming months to deliver significant performance boosts going beyond what we had reported on here!