Alan Weissberger Cloud Computing Networking Software Defined Network

AT&T’s “SDN-WAN” as the Network to Access & Deliver Cloud Services


For several years, we’ve wondered why there was so many alternative WANs used and proposed to access and deliver cloud computing and storage services (IaaS, PaaS, SaaS, etc.) for public, private, and hybrid clouds. The list includes: the public Internet (best effort), IP MPLS VPN, other types of IP VPNs, Carrier Ethernet for Private Cloud (MEF spec), dedicated private line to Cloud Service Provider (CSP) data center/platform/point of presence, etc.

AT&T is attempting to position its “SDN WANenhanced IP-MPLS VPN as the unified WAN solution for cloud services provided by its partners.  At IT Roadmap in San José, CA on Sept 17, 2014, Randall Davis announced that AT&T is partnering with several CSPs to use its enhanced IP-MPLS VPN WAN to enable end users to access a variety of cloud services. The impressive list of CSPs includes: Microsoft (Windows Azure), HP, IBM,, Box, and CSC. That bestows credibility and confidence in AT&T’s cloud networking approach.

Network Enabled Cloud Solutions via AT&T NetBond:

Mr. Davis stated that AT&T spends ~$20B per year on CAPEX/OPEX to maintain and improve its wireless and wire-line networks. Instead of discrete network functions and equipment associated with individual services running on disparate subnetworks, AT&T’s goal is to consolidate all services to be delivered to customers onto a software based, programmable, cloud like “SDN WAN” which uses their own intellectual property (see below).

AT&T's vision of a network enabled cloud. Image courtesy of AT&T.
AT&T’s vision of a network enabled cloud. Image courtesy of AT&T.

“The User Defined Network Cloud is AT&T’s vision for the network of the future,” Davis stated. “Our goal is to provide a set of services delivered from a single cloud-like network. AT&T is tapping into the latest technologies, open source projects and open network principles to make that happen,” he said.

“It’s a fundamental new way to build a smart “cloud-like network” that addresses the many concerns of end users about the network being the bottleneck in delivery of cloud services.” Indeed, barriers to moving enterprise workloads to the cloud often involve the WAN. For example, how can the network address cloud integration complexity, a warehouse of telecom circuits, security, reliability/availability, and compliance issues?

AT&Ts “network enabled cloud,” called NetBond, allows customers to extend their existing MPLS Virtual Private Network (VPN) to the CSPs platform for the delivery of business/ enterprise applications through fast and highly secure connectivity.  AT&T says they are driving the network enabled ecosystem and working with leading CSPs such as Microsoft,, HP, IBM, CSC and Equinix.

Positioned between the enterprise customer premises and the CSP’s platform/point of presence, AT&T’s NetBond provides a highly flexible and simple way for AT&T customers to utilize their enterprise VPNs to connect to a cloud computing or IT service environment in AT&T’s cloud partner ecosystem (which is growing).  This solution bypasses the public Internet entirely, thereby providing secure and seamless access to CSPs applications and data storage.

AT&Ts NetBond enables the end customer to integrate cloud services within its enterprise wide IP-MPLS VPN (from AT&T, of course).  It does so by extending its MPLS VPN to the CSPs compute/storage platform, thereby isolating traffic from other customer traffic, creating a private network connection. As a result, there’s no need for a separate IP VPN to/from the CSP.

The solution is designed around the following keys areas:

  1. Flexibility. Network bandwidth is optimized for your workloads and fully scalable
  2. Network Security and isolation. Intelligent routing directs traffic to logically separated customer environments on shared physical infrastructure.
  3. Availability and performance. The solution is built on a stable, robust and scalable technology platform resulting in up to 50% lower latency and up to 3X availability.
  4. Automation and control. The solution uses automation and a self-service portal to activate service changes in hours versus weeks.

NetBond permits both the network and cloud infrastructure to scale or contract in tandem and on-demand, rapidly accommodating workload changes. It seems to be well suited for customers who want to avoid exposure to the public Internet and risk of DDoS attacks, as well as, have a highly available and high-performance connection to their cloud resources. Davis said that “NetBond provides a scalable, highly secure, high performance, and integrated WAN solution” for access to the cloud.

Other benefits were identified:

  • Private IP address space avoids DDoS attacks
  • API controlled pre-integrated survivable network infrastructure
  • Elasticity with dynamic traffic bursting (above some pre-defined threshold)
  • AT&T sells baseline units of traffic capacity with most bursting covered
  • Bursting overages at the “95th percentile” incur an extra charge
  • Any to any instant on connectivity (zero provisioning time to reach CSP that’s partnered with AT&T)
  • Improved legacy application performance and increased throughput
  • Privacy from separation of data and control planes
  • Better availability due to simplicity of operations
  • Bursting capability eliminates gaps and gluts
  • Cost model aligns with cloud usage

AT&T NetBond Backgrounder:

AT&T’s website states: NetBond provides benefits of a private network with the flexibility of cloud. With NetBond, security, performance and control are no longer barriers to moving enterprise applications and data to the cloud.

“NetBond uses patented technology that uses Software Defined Network (SDN) capabilities, providing traffic routing flexibility and integration of VPN to cloud service providers. With AT&T NetBond, customers can expect up to 50% lower latency and up to 3x availability. In addition, network connectivity can be scaled up or down with the cloud resources resulting in bursting of up to 10 times your contracted commitment. From a security perspective, AT&T NetBond isolates traffic from the Internet and from other cloud traffic reducing exposure to risks and attacks such as DDoS.”

“AT&T VPN customers can create highly-secure, private and reliable connectivity to cloud services in minutes without additional infrastructure investments and long-term contract commitments. We also enable end to end integration with cloud service providers resulting in a common customer experience regardless of the cloud platform.”

“Because it can reduce over-provisioning, AT&T NetBond can result in savings of as much as 60% on networking costs compared to internet based alternatives. Also, customers experience true flexibility in that they only pay for what they have ordered and are able to change their billing plan at any time to reflect usage.”

For more on the technology used for AT&T’s IP MPLS VPN see this white paper:

What’s the Control Mechanism for NetBond?

AT&T uses its own version of SDN WAN with “APIs to expose control mechanisms used to order (provision) and manipulate network services.” AT&T’s SDN WAN is based on proprietary intellectual property the company refers to as “Intelligent Route Service Control Processor (IRSCP).” That technology is used to dynamically change the routing (end to end paths) in the network to respond to operational changes, new customers, more or less traffic, and to automatically recover from failed network nodes or links. Davis said that AT&T’s suppliers are using the company’s version of SDN WAN in “novel ways.” AT&T is also using open source software whenever possible, he said (we assume that to mean in their suppliers’ equipment and possibly in their network management/OSS software).

A quick web search indicates that AT&T has at least one patent on IRSCP. In 2006, AT&T Labs researchers published a paper titled, “Dynamic Connectivity Management with an Intelligent Route Service Control Point” in the Proceedings of the 2006 SIGCOMM Workshop on Internet Network Management.

Mobile Integration into Cloud Applications is Needed:

With more and more mobile apps on smart phones and tablets accessing cloud based applications, it’s essential to provide a wireless network that solves both security and performance problems. Randall hinted that AT&T’s NetBond may be extended to include wireless access in the near future. The following benefits of doing so were enumerated:

  • Faster time to market for new mobile apps
  • Access to easier solutions which can be quickly configured (no explanation provided)
  • Simpler compliance
  • Improved performance
  • Better security

Author’s Notes:

  1. Mr. Davis referred to “Project Gamma” as an early example of AT&T’s Domain 2.0 architecture. It was said to be an example of “User Defined Network Cloud (UDNC)” in that it virtualizes Ethernet connectivity and routing to automate services delivered to AT&T customers. [No reference was given or could be found for Project Gamma.]
  2. On Sept 17, 2014 (the date of Mr. Davis’ IT Roadmap-SJ presentation), Light Reading reported that AT&T will bring its User-Defined Network to Austin businesses by the end of this year.

“This is really focused on wireline services, specifically, we’re starting with Ethernet… I would expect that we’ll look at wireless too,” says Josh Goodell, VP of Network on Demand at AT&T.

Businesses with the Network on Demand Ethernet service will be able to change some network services and modify upload and download speeds via a self-service portal. This will mean that services will be changed almost instantaneously, “rather than the previous method of modifying, installing or replacing hardware to make network changes,” AT&T notes.


On Sept 18, 2014, AT&T and IBM announced a strategic partnership AT&T Teams with IBM Cloud to Extend Highly Secure Private Network to Clients.

AT&T NetBond services will be extended to IBM’s SoftLayer platform for stronger security and performance. This extension of the IBM and AT&T alliance will allow businesses to easily create hybrid-computing solutions. AT&T Virtual Private Network (VPN) customers can use AT&T NetBond to connect their IT infrastructure to IBM’s SoftLayer private network and cloud services. The service allows customers to benefit from highly secure connections with high reliability and performance as an alternative to relying on public Internet access.

“AT&T NetBond gives customers a broader range of options as they explore how to best leverage a hybrid cloud,” said Jim Comfort, general manager of IBM Cloud Services. “Customers can easily move workloads to and from SoftLayer as if it were part of their local area network. This added flexibility helps optimize workload performance while allowing customers to scale IT resources in a way that makes sense.”

“Businesses look to AT&T and IBM to deliver best in class solutions to meet their most demanding needs— especially when it comes to cloud,” said Jon Summers, senior vice president growth platforms, AT&T Business Solutions. “Together, we’re making the network as flexible as the cloud and giving enterprises confidence they can migrate their business systems to the cloud and still meet their security, scalability and performance requirements.”

End NOTE:  We will update this article if and when we receive a figure from AT&T that illustrates NetBond.  Stay tuned!


Author Alan Weissberger

By Alan Weissberger

Alan Weissberger is a renowned researcher in the telecommunications field. Having consulted for telcos, equipment manufacturers, semiconductor companies, large end users, venture capitalists and market research firms, we are fortunate to have his critical eye examining new technologies.

8 replies on “AT&T’s “SDN-WAN” as the Network to Access & Deliver Cloud Services”

Thanks Alan for reporting on and digging into this interesting development from AT&T, particularly their partnership with IBM. With network and cloud security being in the news daily, it seems like the security aspects of this announcement seems very timely.

It appears that SDN is a network that is programmable with APIs. Full STOP! At last Wednesday’s (9/17/14) IT Roadmap-San Jose,CA:

1. AT&T revealed their SDN-WAN used proprietary intellectual property for the control plane.

2. Nuage Networks talked about their version of SDN which is actually network virtualization/overlay model using VxLAN tags.

3. Rohit Mehta of IDC said that the top vote getter in their April 2014 SDN survey (for data centers and enterprise campus network) was the classical defintiion of SDN using Open Flow API/protocol between the Control Plane and Data Plane entities.

At 2014 Hot Interconnects, Google described their Andromeda SDN network which is totally proprietary. None of the details/orchestration and control mechanisms were described.

And what does “open networking” mean? A SDN network is open ONLY to the network provider and its vendors/suppliers. That doesn’t guarantee vendor interoperability on any other provider’s SDN network! There appear to be more versions of SDN then you can count!

ZDNET: AT&T brings Amazon Web Services into NetBond cloud network.

AWS, by far the latest Cloud Service Provider (CSP), will use AT&Ts NetBond to connect its IaaS customers to its public cloud. Through this new collaboration, AT&T enterprise customers will be able to connect to AWS via AT&T’s IP-MPLS VPN from any location on their private network. An exact launch date hasn’t been revealed, but the integrated AT&T NetBond-Amazon Web Services offering is scheduled to go live at some point in 2015.

As a security precaution, traffic is isolated so that it is directed from Netbond only to cloud platforms with access to AT&T’s private global network (IP-MPLS VPN).

AT&T introduced a similar deal for Microsoft Azure public cloud customers last fall and then with earlier this year. Additional CSPs attached to NetBond include: IBM, Equinix, Hewlett-Packard, Box, and VMware, among others.

When will NetBond offer wireless access to the cloud?
“Our customers want the computing power and cost-efficiency that cloud services deliver with the best security and performance,” said Jon Summers, senior vice president, AT&T Mobile & Business Solutions. “AWS’s extensive portfolio combined with AT&T NetBond offers them the best of both worlds. Our customers will have VPN performance, full cloud networking automation, and flexible and secure bandwidth when accessing AWS cloud services.”
Short video:

I believe AT&T already offers wireless access to their IP-MPLS VPN which connects to NetBond-CSPs.
AT&T Wireless head Ralph de la Vega told the NY Times: “Phone switches are in our past. We’re moving to network functions in commodity computer servers. We’re bringing in new players.” Of the older equipment providers, he said, “Some of them are reluctant to admit this, and want us to do one more upgrade on their equipment. “We’re not buying it,” he said, “this is moving really fast.”

Where’s the comment I just posted? More on mobile cloud:
“All of the corporate connectivity is going from desktop computers to smartphones and tablets,” said Ralph de la Vega, the head of AT&T’s mobile and business solutions business. “We’re looking at an environment where the business mode of operation is changing to ‘mobile first.’”
AT&T is taking out the desk phones and the office exchanges, or PBX systems, that made it a giant company.

My apologies. Your earlier comment was SPAMMED, but I just un-spammed & approved it.
As I understand the network configuration:
A business customer contracts with AT&T for an IP-MPLS VPN which has both wire line and mobile access (see illustration in article). Normally, the VPN terminates at nodes owned by the customer or partner companies. However, when a given customer wants to access a specific CSP in AT&T’s eco-system, the connection is made by internetworking the customer’s IP-MPLS VPN with NetBond, which terminates at the CSP point of presence- typically a switch/router in a cloud resident data center or the private network gateway owned by the CSP.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.