What is NaaS (network-as-a-service)?

Network-as-a-service (NaaS) is a cloud service model in which customers rent networking services from a cloud vendor instead of setting up their own network infrastructure.

Learning Objectives

After reading this article you will be able to:

  • Define 'network-as-a-service'
  • Explain how NaaS contrasts with legacy network configurations
  • Discuss the advantages and challenges of NaaS
  • Compare NaaS vs. SASE

Related Content

Want to keep learning?

Subscribe to theNET, Cloudflare's monthly recap of the Internet's most popular insights!

Refer to Cloudflare's Privacy Policy to learn how we collect and process your personal data.

Copy article link

What is network-as-a-service (NaaS)?

Network-as-a-service (NaaS) is a cloud service model in which customers rent networking services from cloud providers. NaaS allows customers to operate their own networks without maintaining their own networking infrastructure.

Like other cloud services, NaaS vendors run networking functions using software, essentially allowing companies to set up their own networks entirely without hardware. All they need is Internet connectivity.

NaaS can replace virtual private networks (VPNs), multiprotocol label switching (MPLS) connections, or other legacy network configurations. It can also replace on-premise networking hardware such as firewall appliances and load balancers. A newer model for routing traffic and applying security policies, NaaS has had a major impact on enterprise networking architecture.

Network-as-a-service NaaS connects multiple types of infrastructure

How did NaaS develop?

When most enterprises were configuring their network infrastructure, the Internet itself was not considered a trusted place to conduct business. So they built their own internal private versions of the Internet and connected facilities to one another with rented links. They needed to configure their own wide area networks (WANs), and each office location needed its own hardware for firewalls, DDoS protection, load balancing, and so on. Enterprises also needed to set up dedicated connections between each location using a method such as MPLS.

When employees connected to the Internet instead of the internal network, their traffic had to first go through the corporate networking infrastructure via a VPN before it could go out to the Internet. For instance, if a company's headquarters were in Austin, Texas and a company employee in a branch office in New Orleans, Louisiana needed to load a website, their HTTP request for the website would travel through the corporate VPN, across an MPLS link to the headquarters in Austin (about 800 kilometers away), and then out to the wider Internet.

This model quickly became inefficient as some business activities began moving into the cloud. For instance, imagine the New Orleans employee frequently used a SaaS application, meaning they needed to load content over the Internet constantly. Their requests, and the requests of other employees, would become bottlenecked in the Austin data center, slowing down network service.

In addition, more capabilities have become available through the cloud as cloud computing becomes more efficient. Today, DDoS mitigation, firewalls, load balancing, and other important networking functions can all run in the cloud, eliminating the need for internal IT teams to build and maintain these services.

For these reasons, NaaS is a more efficient option than relying on internally maintained WANs that require constant maintenance and often create bottlenecks for network traffic. With NaaS, company employees can connect to their cloud services directly through a virtual network that an external vendor manages and secures, instead of internal IT teams attempting to keep up with the demand for network services.

If our example company switches to a NaaS model, the New Orleans-based employee no longer has to wait for their web traffic to travel through all the internal corporate infrastructure. Instead, they simply connect to the Internet and sign in through a browser, and they can access all the cloud services they need. Meanwhile, the NaaS provider secures their browsing activity, protects their data, and routes their web traffic wherever it needs to go, as efficiently as possible.

In many ways, NaaS is the logical result of several decades of business processes migrating to the cloud. Today the whole network can be offered as a service, instead of just software, infrastructure, or platforms.

What are the challenges of NaaS?

Compatibility: The NaaS vendor's infrastructure may not be compatible with legacy systems that are still in place — older hardware, on-premise-based applications, etc.

Legacy data centers: In many enterprises, important applications and processes still run in on-premise data centers, not the cloud. This makes migration to a NaaS model slightly more challenging (although services such as Cloudflare Network Interconnect can help overcome this challenge).

Vendor lock-in: Moving to a cloud service always introduces the risk that an enterprise may become too reliant on that particular service provider. If the service provider's infrastructure fails or if they raise their prices, vendor lock-in can have major repercussions.

What are the advantages of NaaS?

Flexibility: Cloud services offer more flexibility and greater customization. Changes are made to the network via software, not hardware. IT teams are often able to reconfigure their corporate networks on demand.

Scalability: Cloud services like NaaS are naturally more scalable than traditional, hardware-based services. Enterprise NaaS customers can simply purchase more capacity from a vendor instead of purchasing, plugging in, and turning on more hardware.

Access from anywhere: Depending on how a cloud-based network is configured, users may be able to access it from anywhere — and on any device — without using a VPN, although this introduces the need for strong access control. Ideally, all a user needs is an Internet connection and login credentials.

No maintenance: The cloud provider maintains the network, managing software and hardware upgrades.

Bundled with security: NaaS makes it possible for a single provider to offer both networking services and security services like firewalls. This results in tighter integration between the network and network security.

Cost savings: This advantage depends on the vendor. However, purchasing cloud services instead of building one's own services often results in cost savings: cloud customers do not need to purchase and maintain hardware, and the vendor already has the servers they need to provide the service.

How does NaaS relate to SASE?

Secure access service edge (SASE) combines software-defined networking with network security functions, all offered via a single service provider. As with NaaS, SASE hosts networking functions in the cloud and combines them with security functions. In many ways NaaS and SASE are similar models for how more and more enterprises are operating today.

What is Cloudflare Magic WAN?

Cloudflare Magic WAN is an enterprise NaaS solution that is designed to be secure, fast, and reliable. It is a network security solution built to replace hardware appliances and WAN technologies with a single network. Learn more about enterprise networking with Magic WAN.