This article is more than 1 year old

Cloudflare reheats network-as-a-service buffet with WAN plan

Try, try, try to understand, it's a Magic WAN

Network infrastructure biz Cloudflare on Monday plans to launch a service called Magic WAN to allow companies to bring geographically dispersed data centers, offices, devices, and cloud services under a single cloud-managed wide area network.

It has nothing to do with Magic Wan, a restaurant in Grandville, Michigan, though the eatery could deploy the service if it had relevant IT needs.

Last October, Cloudflare CEO Matthew Prince, talked up the idea of wide-area networking and security as a cloud service when the company was touting its Cloudflare One product.

Well, now Cloudflare actually has the WAN component ready. And along with a set of partners dealing in SD-WAN (software-defined) kit, it's eager to cater to businesses looking to oust legacy networking gear from the local server closet, or at least minimize the presence of dust-collecting, rack-mounted kit.


Oblivious DoH, OPAQUE passwords, Encrypted Client Hello: Cloudflare's protocol proposals to protect privacy


Magic WAN, in conjunction with the previously released Magic Firewall, wants to provide businesses with cloud-based networking and security without hardware boxes and Multiprotocol Label Switching (MPLS), a timeworn WAN transport scheme destined to be killed by SD-WAN in a future anticipated by Gartner's researchers.

"Companies burn significant resources provisioning and maintaining legacy connectivity technologies like MPLS," said Matthew Prince, co-founder and CEO of Cloudflare, in a statement. "With Magic WAN, we’re leveraging Cloudflare’s global network to offer reliable, faster, much more cost-effective connectivity with security built in."

Magic WAN can incorporate both remotely working employees on commercial internet connections and facilities with more elaborate networking setups.

"Customers may use different on-ramp mechanisms to connect their traffic to Cloudflare’s network depending on the source," Rustam Lalkaka, director of product at Cloudflare, told The Register in an email. "For example, they can configure Anycast GRE tunnels to connect offices with SD-WAN appliances or basic router hardware, and install the WARP client on employee devices to connect traffic from remote workers. Customers will be able to enforce security policies in one place to apply across traffic from any sources/destinations they connect."

Bigger plans

The service also serves as a potential replacement for VPNs. The company says Cloudflare for Teams and Magic WAN offer a way to transition away from traditional VPNs and their potential performance drawbacks.

"Employees can install the WARP client on their devices to send traffic to Cloudflare's network, where it can be authenticated and routed to private resources in data centers or VPCs that are connected to Cloudflare via other traffic on-ramps," the internet biz said.

"This architecture solves the performance and capacity issues customers often experience with legacy VPNs – rather than sending all traffic through single choke point devices, it’s routed to the closest Cloudflare location where policy is applied at the edge before being sent along an optimized path to its destination."

Cloudflare's preferred world of tomorrow is built upon a model known as SASE, or Secure Access Service Edge, wherein wide-area networking mingles with firewalls, private networks, and others networking niceties to form an easy-to-swallow cloud-based service.

It's a vision that becomes confusing when described: "Cloudflare acts as a conceptual hub in a hub-and-spoke architecture, but the hub is our global edge network," the company explains in a blog post.

It's a hub. It's an edge. It's both at once. It's Cloudflare as far as the eye can see.

Certainly there's something to be said to being able to plug everything into the same SD-WAN network, to be able to set security policies for everything, and to be hardware agnostic enough to let businesses bring their own partners to the dance. But there are plenty of other networking firms vying to provide that service to enterprises, like Cisco, Fortinet, VMware, and so on.

It also may be too soon to count MPLS out. IT biz Avant Research and Analytics in January published its 2021 State of Disruption report in which the firm noted that while roughly 60 per cent of 500 "enterprise decision makers" surveyed expect to increase SD-WAN usage by the end of 2021, about 59 per cent anticipate an increase in MPLS usage during the same period. And with SD-WAN able to handle transport services like MPLS, the two seem likely to co-exist for a while. ®

More about


Send us news

Other stories you might like