The internet was designed to take the shortest and best of multiple paths to any given destination. As the internet evolved, capacity constraints and demand spikes spawned architectures that brought content closer to consumers in the form of CDNs. Fundamentally however, we still seek the shortest and best path to our destination; we merely replicate our destination and bring it closer to achieve scale and performance.
This works great for content that can be replicated. It does not work well for destinations that cannot be moved, which is often true of private network resources. For private network access, most solutions require users to connect to a secure jumping-off point (some leveraging CDNs), and then transit either public or private networks to the final destination. This introduces at least one detour, and often many more, in addition to data security and sovereignty questions. This architecture of concentration and hops is the most straightforward to implement, but robs us of the direct multipath design brilliance of the internet. As a consequence, users experience congestion, latency, and fragility. Ease of implementation for the operator results in a user-hostile solution.
We can do better.
With Bowtie, control nodes are distributed across customer networks, be they physical facilities or virtual resources in public clouds, and are exclusively under customer control. Bowtie clients use standard routing architectures to take the shortest network path to each customer destination concurrently. While this architecture offers the fastest and most resilient connectivity available, it does introduce a coordination problem. Many private access services take the shortcut of centralizing coordination in control nodes they operate on behalf of customers, introducing security and availability challenges.
One of Bowtie’s foundational promises is that customer networks will not depend on Bowtie Inc.’s availability. To achieve this, we have invested in a CRDT-based data layer to power our control plane for managing client access and access control policies, all on customer infrastructure. With this approach, we can accept clients and policy changes on any customer control node and merge those changes across the customer’s environment simultaneously.