Software-Centric Network Keeps Business Customers Connected in a Highly
Andre Fuetsch, AT&T
April 6, 2020
don’t design a network for a pandemic. But it turns out that building
your network on software and open hardware specifications can help make
it ready for just about anything.
Over the last five years, we’ve been on a network transformation
journey. AT&T has been virtualizing our network functions – turning them
into apps. For the remaining hardware, we’ve been adopting a “white box”
approach. In this model, instead of using proprietary devices tightly
coupled to proprietary software from just a handful of vendors, we’ve
created open specifications and released them publicly so a variety of
manufacturers can compete and innovate.
The idea was that this model could help us stay ahead of the growing
demand for network data, and it worked.
Now, though, we’re facing much different challenges.
For example, with companies around the world now suddenly sending their
office employees home to work remotely, how do you help those workers
connect to their corporate networks? Demand for these virtual private
networks, or VPNs, is surging.
AT&T offers a Network-based IP Remote Access VPN called SD-WAN Static
Network Based (ANIRA). ANIRA uses an industry-standard capability known
as IPSec (Internet Protocol Security) to authenticate and encrypt data
packets over the broadband network. The service can work with a software
client application that runs on the user’s laptop or a hardware device,
called AT&T Global Network Client. The white box, or gateway, that works
with the service can be placed on the customer’s premises and support
multiple users and various broadband access methods (e.g., cellular or
Thanks to the work our network team has done, ANIRA is a cloud-based
software platform. And the gateway is a simple plug-and-play white box
that doesn’t require a professional installer. Plug it in and it
automatically configures itself, much like our new AT&T TV platform.
Simple. Flexible. Efficient.
a result, when the number of ANIRA customer connections jumped roughly
700% over the last few weeks, our teams were able to respond with
appropriate capacity. These were customers in healthcare, financial
services, and other vital segments around the world.
And AT&T was able to accommodate that demand surge without missing a
beat. Just a few years ago, that would have been impossible. In fact,
we’ve been adding more capacity to be ready for future needs.
Of course, it looks seamless on the surface only because of the
tremendous work the engineers, developers, and others at AT&T have put
into this effort, both over the last several years, and particularly
over the last several days and weeks.
It’s been the ultimate proof point for our push into software-centric
networking, and I couldn’t be prouder of what our team has done for our
Here’s some technical background from a few of the folks on the team who
made this all possible. Their hard work is what makes it all look so
Bill Mueller, director – Remote Access Development, AT&T Labs
“Over the past few years AT&T has made significant investments in the
infrastructure that supports the ANIRA service, transforming it from a
hardware appliance model to a software-based cloud native architecture.
We developed these infrastructure components internally because
off-the-shelf products just didn’t have the scale, performance or
cloud-native designs we wanted. The VPN Internet Gateway (VIG) software
incorporates some industry-leading middleware that has allowed us to
achieve dramatic improvements in real time packet throughput. And we’ve
made the VIG cloud native – meaning it runs as a tenant in a
general-purpose compute environment. We’ve also focused on automating
the provisioning of network connectivity between the VIG and the
Alan Klausner, director – Remote Client Development, AT&T Labs
“The AT&T VPN Gateway is our original white box solution where we took
white labeled hardware from a contract manufacturer and married it with
our internally developed Network Operating System software. This is a
proven system with 15+ years of design and tuning, and more than 100,000
active units in operation. We also wanted to make the VPN Gateway simple
to use so we developed a concept called Zero Touch Provisioning. The
customer unpacks the Gateway which ships with the base configuration
installed, plugs it into the network, and it knows how to “call home” to
retrieve any customer-specific configurations. And then the customer is
up and able to focus on their work.”
Mike Beltzer, assistant vice president – Network Infrastructure
“There were a couple long, hectic days, but we feel really good that our
investments in building a software-defined network paid off. The AT&T
team was able to respond quickly by spinning up new instances of the VIG
on cloud compute resources from a pool of pre-deployed assets. It was
another great example of amazing teamwork across several AT&T teams. It
can’t be said enough – when an AT&T team is challenged with a hard
problem, we rise to the occasion and it just makes us stronger.”