The multi-cloud networking fabric built for teams who have outgrown tunnel VPNs but are not signing a six-figure enterprise contract to solve it. Lower your networking TCO, keep your packet content in your own infrastructure, and stop maintaining separate ops for every cloud.
The short version, up front. The architectural receipts come later on this page — scroll when you're ready.
Incumbent enterprise MCNF platforms were priced for the Fortune 500. Telaron isn't. You get the same multi-cloud fabric capability without the six-figure annual contract, the per-spoke gateway VM bill, or the CSP transit data-processing tax (TGW, Virtual WAN, NCC).
One control plane across every cloud you use. No Kubernetes required. No agents to roll out to every workload. Your team manages intent in Terraform, Pulumi, or the REST API; the fabric handles the plumbing — consistently, across AWS, GCP, Azure, and on-premises.
Your packet content stays in your infrastructure — this is an architectural property, not a policy promise. Microsegment by service or application, not just VPC boundary, using CSP-native tags discovered across AWS, Azure, and GCP. Every packet arrives at the LGW with full metadata context — so policy follows identity, not IP.
Unified eBGP routing. CSP-native spoke integration — GWLB endpoints, VPC peering, ILB next-hop. A new region or a new CSP is a config change, not a reorg. Your network stops being the reason a product launch slips.
Multi-cloud networking touches a lot of teams. Here is how the same fabric answers each of them.
their pain
Separate networking ops for every cloud, every region, every team.
our answer
One fabric, one control plane, one configuration story across AWS, GCP, Azure, and on-premises — Terraform, Pulumi, or the REST API, your call. Your platform team stops being a cross-cloud integration team.
their pain
Multi-cloud makes policy, inspection, and data residency harder to prove.
our answer
Microsegment by service or application — not just VPC — with eBPF plus CSP-native tag discovery across AWS, Azure, and GCP. Keep packet content in your own infrastructure by architecture. Give auditors a one-page story instead of a deposition.
their pain
Multi-cloud networking bills scale faster than the business does.
our answer
Replace a six-figure enterprise-networking contract with pricing calibrated to the mid-market. Predictable per-gateway cost. No sales call required to start.
their pain
IPSec ceilings, spoke VM sprawl, and Kubernetes-everything.
our answer
WireGuard throughput. eBPF policy. Familiar BGP primitives. Runs on VMs, containers, or bare metal — bring your own workloads, however they're packaged.
No console clicks. No ticket-driven network changes. Describe your fabric once — in the IaC tool your team already uses — and apply. Adding a cloud is adding a few lines.
terraform · pulumi · rest — same fabric, pick your tool
The outcomes above aren't adjectives — they're properties of how Telaron is built. If you want the receipts, here they are.
Multi-tunnel WireGuard with ChaCha20-Poly1305 and CPU affinity. Legacy IPSec-based MCNF fabrics typically top out around 1.25 Gbps per core on the same hardware. Same infrastructure, double the encrypted throughput — and none of the ESP MTU headaches.
Your workload spoke VPCs stay untouched — not an agent, not a VM, not a sidecar. The fabric runs in a separate SaaS-orchestrated edge tier (LGW per spoke group, TXGW for cross-cloud transit) deployed into your own central VPCs. Workload spokes attach via native CSP constructs — GWLB endpoints, VPC peering, ILB next-hop.
XDP and TC hooks deliver ~8.8× throughput over socket-based processing while keeping the kernel networking stack intact. No DPDK NIC takeover, no fragile userspace packet paths.
Infrastructure-grade, not pod-grade. VPC and subnet level with bare-metal-compatible gateways. Your workloads run however they run — VMs, containers, serverless, bare metal.
AWS: GWLBe + VPC peering. GCP: VPC peering with ILB next-hop via custom route export. Azure: Gateway LB chaining + VNet peering. Telaron complements the CSPs where it makes sense, and replaces their cross-charging transit layers (AWS TGW, Azure Virtual WAN, GCP NCC) where it makes sense — no per-GB transit tax.
First-class Terraform provider. Pulumi SDK (Go, TypeScript, Python). Full REST API for anything in between. GitOps reconciliation on every change. No ClickOps traps, no console-only configuration, no day-two manual-tweak debt.
The SaaS control plane handles configuration metadata and telemetry only — never customer packet content. An architectural property, not a policy promise. Documentable for compliance.
Eliminate per-spoke gateway VM compute, CSP transit data-processing fees (AWS TGW, Azure Virtual WAN, GCP NCC), and six-figure enterprise-networking licensing. Community tier is free. Pro and Enterprise tiers priced for the mid-market.
Three rows, three vendors. The rest is on the full matrix — receipts, not adjectives.
Community is free forever. Pro scales per-gateway. Enterprise unlocks single-tenant control and contractual data residency.
For startups and home labs finding their feet.
The mid-market multi-cloud fabric, no sales call needed.
SOC 2 path, dedicated SLA, architectural partnership.
all tiers include the apache-2.0 gateway data plane · switch or cancel anytime
The v1 platform ships now. These are the near-term and horizon deliveries building on it — directional, not date-bound. Detail-level feature lists live in the docs.
GitOps CI via OIDC workload identity
Native GitHub Actions & GitLab CI integration through our own OIDC IdP. Short-lived tokens minted per-run — no long-lived secrets in your pipeline.
Unified policy plane
Read policy from Cisco Multicloud Defense and Palo Alto Panorama into one normalised view. Keep your source of truth; let Telaron enforce it at the fabric edge.
SOC 2 Type II attestation
Closing out the attestation cycle. Report available under NDA for regulated customers on the Enterprise tier.
L7 deep packet inspection
Protocol-aware policy evaluated at the eBPF fast path. HTTP / gRPC / TLS SNI awareness without a proxy detour or userspace retransmit.
Policy federation — more sources
Expanding beyond Cisco MCD and Panorama. Prisma Cloud, Illumio, CrowdStrike Falcon. Wherever your policy of record lives, we will read it.
ML-assisted anomaly detection
Baseline flow patterns at the LGW, surface drift, stream to your SIEM. Detection-as-a-property of the fabric, not a bolted-on appliance.
roadmap is indicative · ships live at docs.telaron.io · no dates, directions
08 · start shipping
Spin up a Community cluster in minutes. Bring your IaC tool of choice, BYO clouds, keep your packet content on your own infrastructure.
no credit card required · community tier is free, forever
