This article was originally published on the Border0.com Blog here.
Have you ever had to say “Let me get off the VPN” in the middle of a video call because of poor quality? If so, you’re not alone. It’s become an accepted norm that security and performance can’t go hand in hand. But at Border0, we know that’s not true.
We believe that you shouldn’t have to sacrifice ease of use and performance for security, visibility, and control. That’s why we designed Border0 with reliability and speed as our top priorities from day one. In this post, we’ll dive into how we’ve achieved both, and explain why Border0 is faster than the internet. We’ll also introduce you to a new speed test tool that can help you better understand the impact of Border0 on your service’s performance.
The old way
Before delving into modern security, let’s first examine how security and visibility are traditionally achieved. The traditional approach is known as the “Castle-and-Moat” model, where your corporate network is the castle, and its moat consists of all the security appliances your favorite security vendor will sell you. Access to the castle is granted through a VPN.
As your company expands and moves to the cloud, things get a little more complicated. Suddenly, you’re using multiple cloud providers, regions, and services like AWS and GCP. And what’s the solution? You guessed it: everything gets funneled through that centralized VPN and firewall, creating a bottleneck and slowing down your Internet traffic.
It’s like a traffic jam on the freeway during rush hour — frustrating and inefficient. By hair-pinning everything through your centralized firewall and VPN, all this traffic is taking a longer inefficient de-tour through typically slow roads, resulting in poor performance and a hard-to-scale-up choke point.
But why are things slow?
Let’s continue the road analogy; the slow roads problem is a metaphor for an unreliable internet connection. Of course, your company has invested in a nice high-performance Internet link, but the problem is that you’re still relying on the rest of the Internet infrastructure to get you from A to B. The Internet is a network of networks and at ay given time one of those networks can have issues, causing your users to experience poor performance. These “Internet bad weather events” can be caused by a variety of issues, but since these happen in upstream networks, almost all of them are out of your direct control.
A Better way
So the solution should be simple then! Just look at the Internet weather reports and avoid bad Internet weather. Or, even better, avoid these other networks altogether; just keep it all in your own control! Sounds simple, right? But remember, we just said, the Internet is a network of networks.
Well, there’s a way, and that’s exactly what we’re doing to optimize the Border0 service so it’s highly performant: using Anycast and Middle-mile optimization technologies. Grab your nerd glasses 🤓 and buckle up for a deep dive into the magic of Anycast and Middle-mile optimization.
Anycast, bad-ass BGP magic
In networking class, we all learn that IP addresses need to be unique. You can’t have two computers with the same IP address, as that would cause an IP collision. However, it turns out that if you know what you’re doing (™), you can actually have multiple servers with the same IP address, it’s called Anycast.
This technology is popular amongst many DNS & CDN operators and uses the BGP routing protocol to “announce” the same IP address from multiple different places worldwide. This way, if you have many servers around the world (like we do at Border0), you can make sure your users reach the server that’s closest to them.
That’s a great feature, but it gets better; not only do your users automagically get routed to the closest region, but it also can help with load balancing within a region. And, in the case of failures of a server, or entire region, automatically and almost immediately route you to the next closest location! Instant failover magic.
Anycast ensures that users are directed to the nearest Border0 server, thereby eliminating the need for long journeys across potentially unreliable and slow networks. This reduces the likelihood of encountering “Internet Bad weather events” as traffic is routed through the closest network, minimizing the distance traveled and maximizing the user experience.
Middle mile optimization
With Anycast, we ingest customer traffic as soon as possible, as close to the user as possible. Today traffic is ingested into the global network at 104 Points of Presence in 88 cities across 48 countries. From that point on, we own the traffic and can control its path to the closest server. Again, avoiding congestion, delays, low throughput paths, etc. This is called middle-mile optimization, i.e., finding the best path between two locations on the network.
“The best path” is a bit of a subjective term; it could mean the cheapest (lowest dollars), lowest latency, highest throughput, or lowest packet loss. Etc. Building this is a lot of fun, experimenting with the various nerd knobs, etc. However, this only works if you have your own global backbone or create a virtual overlay network, which allows you selectively route through different hops (cities, providers, etc.).
Using Global Accelerator
Building an Anycast infrastructure and middle-mile network optimizers is fun! I know because I’ve done this for a decade or so. But cloud providers have come a long way, and some offer this as a service. We’re building on AWS and are happy users of AWS global accelerator; it gives us both the benefits of Anycast and their high-performance optimized global backbone.
See The Benefits For Yourself
With the above in place, traffic for services on Border0 will avoid most of the Internet’s bad weather events and benefit from a backbone faster than what a typical Internet experience can provide. For the users using Border0, the result is typically a much better experience than what they’re used to. If you think about it, this is sort of amazing considering the extra work performed, i.e., traffic over Border0 is authenticated, continuously authorized, and recorded by our secure proxy and tunnel system.
But don’t just take our word for it. To demonstrate the power of Anycast, a fast middle mile network, and the performance improvements your users can enjoy when their traffic is handled by Border0, we built a web page where you can verify the difference yourself here: https://speedtest.border0.io/
The tool downloads a test file from two URLs, one through Border0 and the other directly from the test server without Border0’s optimized traffic path. We repeat the test three times, calculate the average, and compare the results for all of the global regions we have a presence in. And the results? We record the test results and over 90% of the user’s traffic through Border0 is faster than the regular internet! It’s like upgrading from a donkey cart to a Lamborghini.
Security and visibility without the performance penalty
In this Blog, we took you on a bit of a tour of “how the Internet works,”; and although that’s interesting, it wasn’t necessarily the point. The key takeaway is that traditionally we’ve come to accept that adding security, control, and visibility can come at the expense of performance. And in a way that makes sense, you’re putting something in the middle; you need to re-route and process traffic, evaluate policies, potentially log and record it, etc.
However, I believe we can do better and mitigate many of these costs using innovative solutions and highly optimized software. And as we’ve seen with our test results, in many cases, Border0 outperforms the regular Internet. With that in mind, Border0 will likely outperform your legacy VPN, even p2p VPNs, especially if you have a geographically distributed company.
Wrap up
At Border0, we believe security, control, and visibility should not come at the expense of excessive performance degradation. That’s why we’ve gone the extra mile to build and deliver our service in the best possible way. The end result is a highly available service, delivered so that the experience doesn’t just match the Internet but outperforms it in many cases. As a result, you and your users can access your resources such as SSH, Database, and HTTP services as if they’re colocated right under your desk in a low-friction environment, using just your SSO credentials. As an administrator, you get all the necessary visibility and control without worrying about appliances, scale, and users complaining about slow connectivity. It’s a win-win-win!
So, what are you waiting for? Join the Border0 community, and try out our fully featured free community edition.
Top comments (0)