In tech terms, a diff is a listing of changes or differences between documents, files, source code, etc. As a Unix command, it became a common method of distributing patches and source updates, or just comparing versions of text files. Diffs became so easy to do and use, and common to so many use cases, it’s always fun to imagine how you could apply them to more than just text files and documents.
What if you could diff yourself now to five years ago? Probably the changes would be too numerous and impractical to list (and, hopefully, most would be for the better!). Well, we probably don’t have the tools to fully diff a person quite yet. But, what if we could diff your entire network! Sure, diffs can compare two device config files side-by-side. But I’m talking about the entire network! Between any two points in time. As if you had running side-by-side two different versions of your network that you could watch end-to-end, analyzing all behaviors and activity, and could quickly note any differences in one intuitive dashboard. Yes, I’m saying let’s clone that enterprise data center from 6-months ago and run it side-by-side to today’s and see all the behaviors and policy changes in our network. Would that be helpful?
Imagine the possibilities! You think you could address some of the compliance team’s concerns a little quicker? What if rogue IT had installed a few extra devices or access points in the last few months and they stuck out like sore thumbs in the diffs dashboard? What if you started having intermittent network performance issues that you first noticed three weeks ago, and you wanted to roll-back or study all changes and their potential impact on network capabilities over the last, say, six weeks.
And I’m not just talking about diffing the text of the configuration files or packet captures. I’m talking about diffing the behavior of the network. Like if we diffed the behavior of my teenagers today and three years ago: they eat more, spend more money, and clean their room less. The network behavior diffs could be a very long list like: 1) these two subnets that were isolated are now reachable through a firewall, 2) there is now only one active path between a particular source and destination address where before there were redundant paths, 3) traffic that could be delivered from the internet to the web application server is now delivered via HTTPS and SSH, where only HTTPS was available before.
This is exactly what Forward Networks is able to achieve in our latest Forward Enterprise feature we call Behavior Diffs. Behavior Diffs provides network engineers with a powerful tool to compare network behavior and designs between any two points in time. Users can now compare network policies, behaviors and security posture to a prior state before any issues occurred to quickly determine where errors could have been introduced and how to remove them. This takes diagnostics and troubleshooting to a new level since users now have virtually unlimited documentation of prior network changes and their impact on network behavior to guide analysis and problem resolution, or just to prove historical compliance to key policy requirements.
As most followers of Forward Networks know, Forward Networks has developed a next-generation platform for analyzing network behavior and verifying network implementations. It is the first highly scalable, multi-vendor, layer 2-4 verification solution based on a behaviorally-accurate software model of the network. By analyzing the configurations and state information of the network’s devices, rather than real-time packet analysis, Forward Enterprise can identify if policy violations could occur under any scenario or set of conditions, what would trigger them, and how to proactively fix them before they happen.
And that’s exactly what we are doing with Behavior Diffs: comparing snapshots of two network points in time in our software model, running side-by-side, and highlighting the behavior and policy differences. We can resurrect that 6-month old data center snapshot and run it in all of its behavioral glory, long after you’ve been pulling cables and adding new devices. Want some examples? Let’s look at a screen shot of our behavior checks and see some policy changes we should probably know about.
In the above screen capture, we see a list of network behaviors or policy requirements that we are checking for and their passing/failing status in two different snapshots (“Before” and “After”). While we see two policies that are now passing in today’s model, our maintenance update has apparently broken one policy that was passing before. That policy essentially requires that all traffic from the Internet to our app servers only use HTTPS, and some other protocols are apparently now allowed through. In our analysis and remediation platform we can quickly drill down and analyze the source of that behavior to guide the repair.
Across the top of the above screenshot you can get a flavor for what other network attributes we get in our diff analysis. Such as changes in topology, devices additions, routing paths, VLANs, ACLs, and, yes, text of configuration files on all changed devices. We have some more good examples and screen shots on our Behavior Diff web page, and we have a brief demo overview video available here and on our YouTube channel.
Behavior Diffs is now available in our latest 2.18 release of Forward Enterprise. It is such a novel and powerful capability that we are excited to see the many different use cases and workflows that our customers will use it for. How do you think it could make your IT life a bit easier and more productive?