Build a better WAN

Enterprise VPN as a Service

Sproute SPAN automatically builds secure tunnels between your sites and cloud locations based on your declaration. Plus, you can choose from a flexible set of options for creating the overlay:
  • Full mesh topology where all participating SPAN routers on an overlay link establish secure tunnels with each other
  • Hub and spoke topology where you can select which SPAN routers act as hubs. The spokes establish tunnels only with the hubs.
  • Multiple overlay links to segment VPN among your sites.
Overlay tunnels

Network overlay

Weighted load balancing and failover

Sproute SPAN routers by default load balance traffic over all the WAN interfaces, thus optimally utilizing the uplink circuits. This mode of operation is called "active -- active". You can optionally configure "active -- backup" option through a policy to allow traffic to use one or more of the uplinks exclusively and keep the rest as backup.

In the default "active -- active" mode, SPAN routers perform weighted load balancing that sprays application flows proportional to the outgoing bandwidth of each circuit.

In both "active -- active" and "active -- backup" modes, when a circuit fails, traffic is automatically switched over to rest of the available circuits.
Load balance overlay

Hybrid WAN

Hybrid WAN enables per-application trafic steering over two or more uplink connection types. The connection types broadly fall under three categories: (1) MPLS, (2) Broadband, (3) LTE. Each has unique path characteristics. For example, MPLS offers guaranteed SLA, but has high cost and (usually) low bandwidth. Broadband has low cost and high bandwidth, but does not offer any SLA guarantees. An LTE connection is one notch lower in terms of reliability, but is much more flexible, portable, readily available, and works best as a backup circuit.

To mitigate for no SLA guarantees, SPAN measures various SLA metrics (e.g. latency, loss, jitter) in real time over each tunnel. SPAN offers a flexible policy framework to let you select the best end-to-end path for an application.
Hybrid wan overlay

Hybrid wan config

Local Internet breakout

With the increase in traffic patterns to cloud and SaaS applications on Internet, the traditional hub and spoke topologies do not scale. SPAN breaks out such traffic locally to the Internet providing maximum flexibility. Some of the salient points are:
  • Traffic is load balanced across all connected uplinks, proportional to the available bandwidth.
  • You can configure hybrid WAN policies to select one or more WAN interfaces to send traffic on per application.
  • By default, SPAN devices perform NAT on all Internet-destined traffic, creating a natural stateful firewall to protect the site from Internet.
Internet breakout

Automatic NAT Traversal

Automatic NAT traversal is the default mechanism that Sproute SPAN routers across sites use to establish secure tunnels with each other. The SPAN backend running in the cloud acts as a rendezvous for these connections. Using this method, the SPAN routers, sitting behind different private networks that are protected by multiple levels of Firewalls and NAT devices, can punch holes, advertise it to the cloud, and learn other sites' NAT endpoints from the cloud to build secure tunnels to.
Nat overlay

Transparent overlay

The transparent overlay functionality allows SPAN routers to be inserted transparently into existing brownfield networks. No configuration change is necessary to provide secure VPN connectivity to other branch sites.

This, for example, allows hosts with static addresses to continue to work as no new subnets are created. The existing edge device continues to provide Intenet access, till such point, when it can safely be removed from the network to put SPAN router at the edge.

Transparent overlay


You may have multiple subnets at your site. Sproute SPAN automatically distributes the routes to all the devices connected on the network once you configure those on your dashboard.
Subnet overlay