Deterministic network architectures built on open standards. No proprietary control planes.
Gratice designs and operates deterministic network architectures built on open standards.
For environments up to approximately 1,000 nodes, we employ a control-plane–driven overlay approach using Headscale, enabling rapid deployment, device-level identity, and flexible access control.
Beyond this scale, we transition to a routing-native architecture. Encrypted connectivity is provided by WireGuard, while all path decisions are governed by BGP.
In this model, networks are not flattened into a single overlay. Instead, each site operates as an independent routing domain, advertising summarized prefixes into a controlled, encrypted WAN.
All outbound traffic is centrally governed. No inbound exposure exists at the site level. External access is strictly limited to designated boundary systems.
Unlike vendor-driven SD-WAN solutions, this architecture does not rely on proprietary control systems or opaque policy engines. It is fully inspectable, reproducible, and built entirely on open, verifiable components.
Gratice does not sell products. We construct networks.