Digital Business Agility Enabled by IT WAN-Edge Resiliency Banner

Digital Business Agility Enabled by IT WAN-Edge Resiliency

Today, virtually everything in business is becoming digitally enabled, and enterprise WANs are a driving force for this enablement. Business is conducted over distributed networks, yet when the network is unable to respond to changing business demands and new market opportunities, transactions suffer.

Enterprise WANs must rapidly evolve if companies are to succeed in today’s competitive and demanding market. This requires them to be more cost-efficient, with greater agility, reliability, security and performance; and support open and diverse networking and cloud technologies.

Talari’s software-defined WAN (SD-WAN) addresses these requirements and more. Talari SD-WAN helps lower costs, simplify management, secure networks and applications, and elevate network and application reliability. The Talari SDWAN utilizes its Adaptive Path Networking (APN) WAN technology and network performance management software for failsafe connectivity. Creating a virtual network overlay, Talari takes advantage of all available WAN connections, while centralizing control of, and visibility into, the entire SD-WAN. Talari APNenabled SD-WAN decouples network configuration from individual WAN links and hardware components, creating a software-driven, unified WAN fabric.

Talari SD-WAN elements include a central orchestration controller, Talari Aware centralized management, and edge appliances (physical or virtual) that scale to meet the needs of cloud services, data centers, branch offices and home offices.

Transport Independent

Talari SD-WAN is agnostic to all carrier and transport methodologies. Companies can use any carrier, and easily migrate from one carrier to another, aggregating multiple bandwidth sources and transports, such as MPLS, VSAT, LTE, Broadband/DSL Internet and DIA Internet. Each Talari appliance can aggregate up to 8 public and 32 private WAN links and provides a variety of 1Gbps copper and 10Gbps fiber-optic connectivity based on the model type.

A collection of all physical links and interfaces are aggregated into a single, logical interface, creating a virtual WAN conduit. This WAN conduit uses the Talari Reliable Protocol (TRP) UDP 2156 “tunnel” that supports 128b or 256b AES encryption across all aggregated WAN paths. All WAN paths are measured and managed unidirectionally so that every packet reliably reaches its destination. Talari conduits provide secure, flexible, reliable, and fast network connectivity, delivering unmatched application quality.

Application Optimization Via Path Selection

Talari’s unique path selection matches each application with the most appropriate path characteristics to ensure applications are reliable with optimal performance.

Talari does not force or statically pin any single application onto any specific path. In the absence of traffic, Talari will probe every path at 50ms intervals, using the Talari Reliable Protocol (TRP//UDP:2156). Upon receiving traffic destined for another Talari appliance, each packet is encapsulated and encrypted into a TRP frame which is used to measure path characteristics. The net result is every packet is now a path probe. The data is used to provide intelligent path selection on a per-packet basis, using the best possible path at any moment in time. Talari provides seven “default” traffic classifications, in which applications such as VoIP, VDI, CIFS, FTP and others, are already pre-defined and require no further modifications unless the administrator feels the need to re-classify or prioritize traffic.

Packet duplication or load balancing can be enabled for any application:

  • Packet duplication sends identical packets across the two paths to proactively mitigate loss
  • Load balancing uses all available bandwidth for bulk flows, splitting a single flow across multiple paths

Talari virtual WAN conduit is a secure, meshed interface for reliable packet delivery
Figure 1. Talari virtual WAN Conduit is a secure, meshed interface for reliable packet delivery

Intelligent Path Control

Talari utilizes a patented approach to path selection. By timestamping every packet using TRP at microsecond granularity, Talari makes real-time, per-packet decisions as to which path to put a packet on for transport. This allows Talari to use the best path for each packet. In addition, all packets are assigned a sequence ID, allowing resequencing in the event that asynchronous transport paths are chosen. This ensures reliable packet stream reassembly. The sequence ID also allows the Talari SD-WAN to proxy the retransmission of any lost packets, without having to push that load to the client or server.

Packet duplication for VoIP and critical real-time apps
Figure 2. Packet duplication for VoIP and critical real-time apps

Secure Connectivity

Talari offloads all Internet traffic, or specific URLs directly at the branch, using Talari’s integrated NAT/ PAT firewall and/or Talari’s DNS Proxy for URL redirection to the Internet for “trusted” URLs. For the standard Talari firewall, there are no pricing or licensing requirements to utilize these features. Optionally, a virtual Palo Alto Networks firewall can be installed on a VM partition to provide DPI firewall capabilities.

Talari supports TACACS+ and RADIUS authentication for management access to our edge appliances. Every packet is encrypted by default, using Talari’s AES encryption. Additional security features include:

  • Cipher Block Chaining (CBC)
  • Per-protocol sequence numbers
  • Per-session symmetric encryption keys
  • Encryption key rotation
  • Extended packet encryption headers
  • Packet authentication trailers

Automated Deployment and Management

Deploying a Talari SD-WAN edge appliance in the branch is fast and simple. By completing three simple steps, IT personnel can have a Talari edge appliance online and in production. All administration and reporting takes place from Talari’s centrally managed SD-WAN controller. Companies benefit from the minimized amount of IT expertise required at each branch, while gaining a scalable WAN that can support large numbers of branch offices.

Monitor and Analyze the Entire SD-WAN Fabric

Talari Aware management software enables monitoring with unprecedented visibility into the entire SD-WAN. Due to the comprehensive nature of Talari’s SD-WAN, data can be captured by tracking traffic within the SD-WAN without probes or injecting test data. This allows for the most granular and accurate view of network and application performance possible.

Since Talari collects granular data across the entire SD-WAN, Talari Aware helps IT staff identify the state of the WAN, and any anomalies that have occurred. Events throughout the SD-WAN are displayed on graphical maps and tables. Current and historical reports are available to support fault detection, troubleshooting, network and capacity planning, ROI analysis and SLA confirmation. Talari SD-WAN monitoring can also be integrated with third-party management and reporting tools.

Cloud Interconnect

Talari provides multiple methods to connect to AWS and Azure clouds through a marketplace metered method, or by a Bring Your Own License (BYOL) model. The AWS or Azure instance is treated, and behaves, just as any other node within the Talari SD-WAN overlay.

Talari APN7 introduces a Zscaler integration capability that leverages the IPsec tunnel as the communications mechanism between Talari Network SD-WAN edge nodes and the Zscaler cloud security presence.


Bremer Bank provides banking, investment, trust, and insurance services throughout Minnesota, North Dakota, and Wisconsin. Each of Bremer Bank’s branches was connected to their primary data center in St. Paul through a 1.544 Mbps MPLS circuit. In larger branches where more bandwidth was required, additional MPLS circuits were bonded to the first, providing 3.088 or 4.632 Mbps in total. While bonding delivered more throughput, it did not provide redundancy, as all the bonded MPLS circuits at a branch would fail together. Cut off from the data center, business at the affected branch would quickly come to a standstill.

To enable redundancy, Bremer Bank installed separate, independent MPLS circuits at 40 percent of their branches. Should the primary MPLS link fail for any reason, automatic failover to a second MPLS circuit would take place. Unfortunately, this solution was not ideal, because before a transfer could be completed, any active sessions would terminate. This meant phone calls would be interrupted and branch employees would have to log back on to applications hosted within the data center.

The backup MPLS circuits were expensive, and the only time bandwidth could be utilized was when a primary MPLS link went down. The ongoing expense of the backup circuits was sizable, and the cost of deploying backup links at the remaining 60 percent of the branches was cost prohibitive.

The bank could have put off making a change, hoping the MPLS circuits wouldn’t fail and existing bandwidth would suffice. But new applications were planned, including desktop videoconferencing and collaboration, which would demand more bandwidth at every branch. These business-critical applications would only increase the need for more bandwidth and reliability. They needed to do something sooner, rather than later.

They had a list of must-have requirements a new solution would need to provide, including the ability to failover quickly to prevent session interruptions, and have the ability to aggregate both primary and backup links, so the company could take advantage of bandwidth from all links, all the time.

The bank chose the Talari SD-WAN, which satisfied both primary requirements - and more. Talari’s SD-WAN builds a detailed map of all paths through the WAN (e.g. downtime, loss, latency and jitter), and the bandwidth used by each application. It then uses this information to build a virtual network overlay on the physical WAN, and directs traffic to the optimal path based on network conditions and business policies. To ensure voice sessions are uninterrupted, Talari can optionally go further, by sending all voice packets simultaneously across all paths. Even if the MPLS connection is lost, or packets are lost or delayed, the quality of the call does not suffer, and there is no delay incurred when switching to the Internet circuit, as voice packets are already being transmitted over that link.

Dayton Superior Banner for Talari
Dayton Superior Logo

Dayton Superior is a global supplier of concrete construction materials. The company relies on WAN connectivity to support their 1,200 employees in 30 locations, including manufacturing sites, distribution centers and an innovation center.

Dayton Superior operated an MPLS network with primary and secondary T1 circuits to each site, supporting data centers in Cincinnati and Dayton, Ohio. Their backup WAN connections were only used when the primary circuit failed, which meant they were unused for the vast majority of the time. Unfortunately, the company was paying for a costly resource it wasn’t actively using. They weren’t able to use both network connections at the same time because of their routers. When an MPLS circuit did fail, the cutover was not seamless, causing phone calls and application sessions to drop.

The solve this problem, the company deployed Talari’s SD-WAN that gave them a responsive network that adapts in real-time to bandwidth demands and actual network conditions. Today, Dayton Superior ensures the best user experience for critical applications by continuously using the best quality path over the network. Phone calls, ERP, sales transactions, desktop virtualization and other essential business applications are assured priority over the network. With the Talari SD-WAN, even if a network problem occurs, phone calls and applications aren’t dropped.

The jointly validated Zscaler-Talari solution is comprised of the following capabilities:

  • IPSec tunnels with one active tunnel per Talari SD-WAN node
  • Talari tunnels inside Zscaler's trusted internet Zone with defined Internet service types
  • Talari app-aware routing rules to selectively determine what traffic to forward to Zscaler

Talari SD-WAN software will now enable optimal connectivity from a Talari appliance to Zscaler's cloud-based security services. Many enterprise customers are looking to alleviate backhaul bandwidth requirements (so-called hair-pinning) and reduce application latency to ensure a higher quality of end-user experience.

Quality of Service (QoS)

Talari’s SD-WAN provides granular QoS based on inherited DSCP tags, or optionally, re-mark/ re-classify traffic based on Layer-3, Layer-4, DSCP or VLAN tags. If bandwidth in any given MPLS-based QoS queue is at capacity, Talari will re-mark traffic up or down, depending on the application and bandwidth requirements, while preserving a quality user application experience.

Talari’s QoS allocates bandwidth based on a share algorithm that factors in the current conduit bandwidth, as well as the share value assigned to a specific traffic class. This allows for dynamic and elastic QoS bandwidth allocation based on total available bandwidth across all paths simultaneously.

Every Talari edge appliance within the SD-WAN overlay is fully aware of all bandwidth, both ingress and egress, at every other Talari endpoint. This knowledge allows the SD-WAN to permit or deny bandwidth for any given application. Additionally, this enables Talari to preserve QoS inbound through the last mile, ultimately preserving the quality of experience for the end user.

Service Level Agreements

Because Talari monitors all traffic, on all paths, on a packet-by-packet basis, all traffic will remain within the SLA(s) defined within QoS, even when WAN conditions begin to degrade across all paths.

Highlighted Talari SD-WAN benefits:

Significantly lower WAN edge capital and operational costs

Enable Internet links with MPLS-grade reliability and availability

Effectively utilize all available bandwidth across all links

Extend enterprise WAN effortlessly to cloud services

Combine enterprise WAN policies with data center, branch, and the cloud

Improve branch uptime and application quality

Deploy WAN services and policies with centralized management

Reduced Complexity Through Device Consolidation

More than just an SD-WAN device, Talari SD-WAN services support popular functions such as Firewall, NAT, Routing, VRFs, VPN Concentrator, DHCP, and IPsec termination. Instead of combining physical or virtual devices from a variety of vendors, a single
Talari edge appliance does the work of many, reducing device sprawl, simplifying deployment, easing on-going support and lowering costs.

Talari SD-WAN solutions now also provide native support for core WAN-optimization features such as data compression and deduplication of data, in addition to congestion controls. Talari WAN Optimization (WAN-Op) is a composite feature that increases efficiency across the WAN for bulk file-transfer traffic, especially for data requested by more than one user at the same location, which combined with Talari SD-WAN software, introduces significant new branch office simplification and cost efficiencies to network administrators’ IT procurement scope.

Scalable and Easy Service Chaining

A service chain consists of a set of network services, such as firewalls, NAT, routers and VPN concentrators that are interconnected through the network to support an application. In the past, building a service chain to support a new application took a great deal of time and effort, since it meant acquiring specialized, individually configured network devices, and connecting them together in the required services sequence. Talari makes service chaining and application provisioning significantly faster and easier.

SD-WAN Use Cases

Hybrid WAN

A hybrid WAN composed of MPLS and one or more broadband links deployed in an active/standby mode is increasingly common in today’s enterprise. But this configuration has some downsides, including inefficient use of bandwidth and session drop on failover. With Talari SD-WAN, all circuits are active, so every application has access to the full aggregated bandwidth. Policy-based prioritization ensures real-time quality sensitive applications, such as VoIP, get the highest priority and are securely transmitted over the best possible network to maintain application quality.


Companies are looking for alternatives to MPLS because of high cost, lack of cloud access, limited bandwidth, long lead time, and extended contract terms. Aggregated broadband Internet links are an enticing option, that offer large amounts of bandwidth at lower cost, more favorable terms, and are often immediately available. Internet links can deliver the same, if not better reliability than MPLS, by using Talari SD-WAN to build-in security, reliability, quality of service, and high availability.

Extending the Enterprise WAN to the Cloud

Talari’s SD-WAN extends the reach of the corporate WANs into cloud services. We make cloud access seamless, easy to control and manage, with visibility into the connection between a company’s data center, remote physical locations, private cloud instances, and public cloud instances.

Branch Office Simplification

Corporate IT is under pressure to deliver branch office access with improved quality of experience to applications located in multiple locations, including the cloud. The increased number and diversity of applications accessed within branch offices results in added complexity and higher support cost. While branch services and complexity are increasing, the required technical skills available to support the new infrastructure is often lacking or non-existent.

Talari SD-WAN consolidates multiple core functions such as SD-WAN, routing, firewall, NAT, QoS into an easy-to-deploy, virtual or physical appliance, administered from a central location. The Talari SD-WAN fabric is extensible, and works with leading 3rd party vendors, to deliver the services enterprise applications require – in any location.