top of page

The story of Bumblebee Networks

Updated: Sep 28, 2023

Some background

BGP is instrumental in building large scale distributed networks. BGP's working assumption is that networks wish to communicate with each other as peers; each network is capable of initiating traffic to others. This works well when building networks as an infrastructure layer independent of what's going on at the application layer. BGP has been used extensively in the WAN network when connecting branch offices with the data centers.

Often, WAN network is built over Internet and to add data security and privacy, IPSec protocol is used to encrypt data in motion. With BGP and IPSec, networks become complex.

Sometimes it gets worse: There are times two network segments may have overlapping network address ranges. When this happen, NAT function is added to the mix and you now have a headache of BGP + IPSec + NAT.

Efforts for improvments

There have been efforts to simplify networking. For example, SD-WAN, among other features, tries to automate the provisioning of these protocols and functions. But SD-WAN falls short because, at the end of the day, network administrators still need to understand these protocols in depth, for when network goes down how are you going to troubleshoot if you know nothing about this stuff?

So a new approach should be considered.

Modern applications

Notice that all modern applications are built on client server model. A client server model is where an application consumer, i.e. the client, always initiates connection to the provider, i.e., the server, and once the connection is established, traffic flows in both directions. TCP and UDP protocols are the most popular transport layer that implements the client server model. Any application that is built on TCP/UDP follows this model which accounts for the majority of the applications. For example, Internet is built on TCP/UDP.

With the understanding of the asymmetric nature of consumers and applications providers, network connectivity can be significantly simplified.

For example, AWS PrivateLink is a service connecting application consumers to applications within the same region. Instead of using the traditional peer to peer network technologies to build a two-way symmetric connections between the corresponding VPCs, which would have been difficult given the scenarios of overlapping network address ranges among these VPCs, PrivateLink worked around the problem by creating endpoint and endpoint services. From a consumer point of view, the application's DNS name is resolved to the IP address of the endpoint in the consumer VPC, as if the endpoint is the application. Thus, building the network connectivity becomes activities of managing DNS and IP address.

Network engineers deserve better tools

Similarly Bumblebee Networks recognizes the nature of today's applications and uses the constructs of Endpoint and App Services to create a new user experience of building a secure network connectivity for application access. No more hassle on your end to deal with the decades old BGP, IPSec and NAT. No more troubleshooting on BGP loops, IPSec tunnel down, IPSec cipher suites mismatch or negotiating address spaces with your partners and managing complex NAT rules. DNS and IP addresses are all you need to know.

And that's how Bumblebee Networks was born: we want to give networking engineers better tools to build their networks.

173 views0 comments

Recent Posts

See All


bottom of page