October 8, 2018

You Can Now Diff Your Entire Network in One Intuitive Platform

by Charlie Elliott

[vc_row][vc_column width="1/1"][vc_custom_heading heading_semantic="h1" text_size="h1"]You Can Now Diff Your Entire Network in One Intuitive Platform[/vc_custom_heading][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]In tech terms, a diff is a listing of changes or differences between documents, files, source code, etc. As a Unix command, it became a common method of distributing patches and source updates, or just comparing versions of text files. Diffs became so easy to do and use, and common to so many use cases, it’s always fun to imagine how you could apply them to more than just text files and documents.

Diff definition

What if you could diff yourself now to five years ago? Probably the changes would be too numerous and impractical to list (and, hopefully, most would be for the better!). Well, we probably don’t have the tools to fully diff a person quite yet. But, what if we could diff your entire network! Sure, diffs can compare two device config files side-by-side. But I’m talking about the entire network! Between any two points in time. As if you had running side-by-side two different versions of your network that you could watch end-to-end, analyzing all behaviors and activity, and could quickly note any differences in one intuitive dashboard. Yes, I’m saying let’s clone that enterprise data center from 6-months ago and run it side-by-side to today’s and see all the behaviors and policy changes in our network. Would that be helpful?

Imagine the possibilities! You think you could address some of the compliance team’s concerns a little quicker? What if rogue IT had installed a few extra devices or access points in the last few months and they stuck out like sore thumbs in the diffs dashboard? What if you started having intermittent network performance issues that you first noticed three weeks ago, and you wanted to roll-back or study all changes and their potential impact on network capabilities over the last, say, six weeks.

And I’m not just talking about diffing the text of the configuration files or packet captures. I’m talking about diffing the behavior of the network. Like if we diffed the behavior of my teenagers today and three years ago: they eat more, spend more money, and clean their room less. The network behavior diffs could be a very long list like: 1) these two subnets that were isolated are now reachable through a firewall, 2) there is now only one active path between a particular source and destination address where before there were redundant paths, 3) traffic that could be delivered from the internet to the web application server is now delivered via HTTPS and SSH, where only HTTPS was available before.

This is exactly what Forward Networks is able to achieve in our latest Forward Enterprise feature we call Behavior Diffs. Behavior Diffs provides network engineers with a powerful tool to compare network behavior and designs between any two points in time. Users can now compare network policies, behaviors and security posture to a prior state before any issues occurred to quickly determine where errors could have been introduced and how to remove them. This takes diagnostics and troubleshooting to a new level since users now have virtually unlimited documentation of prior network changes and their impact on network behavior to guide analysis and problem resolution, or just to prove historical compliance to key policy requirements.

As most followers of Forward Networks know, Forward Networks has developed a next-generation platform for analyzing network behavior and verifying network implementations. It is the first highly scalable, multi-vendor, layer 2-4 verification solution based on a behaviorally-accurate software model of the network. By analyzing the configurations and state information of the network’s devices, rather than real-time packet analysis, Forward Enterprise can identify if policy violations could occur under any scenario or set of conditions, what would trigger them, and how to proactively fix them before they happen.

And that’s exactly what we are doing with Behavior Diffs: comparing snapshots of two network points in time in our software model, running side-by-side, and highlighting the behavior and policy differences. We can resurrect that 6-month old data center snapshot and run it in all of its behavioral glory, long after you’ve been pulling cables and adding new devices. Want some examples? Let’s look at a screen shot of our behavior checks and see some policy changes we should probably know about.

[Click image for full-size resolution.]

Behavior Diffs Screen Capture

In the above screen capture, we see a list of network behaviors or policy requirements that we are checking for and their passing/failing status in two different snapshots (“Before” and “After”). While we see two policies that are now passing in today’s model, our maintenance update has apparently broken one policy that was passing before. That policy essentially requires that all traffic from the Internet to our app servers only use HTTPS, and some other protocols are apparently now allowed through. In our analysis and remediation platform we can quickly drill down and analyze the source of that behavior to guide the repair.

Across the top of the above screenshot you can get a flavor for what other network attributes we get in our diff analysis. Such as changes in topology, devices additions, routing paths, VLANs, ACLs, and, yes, text of configuration files on all changed devices. We have some more good examples and screen shots on our Behavior Diff web page, and we have a brief demo overview video available here and on our YouTube channel.

Behavior Diffs is now available in our latest 2.18 release of Forward Enterprise. It is such a novel and powerful capability that we are excited to see the many different use cases and workflows that our customers will use it for. How do you think it could make your IT life a bit easier and more productive?[/vc_column_text][/vc_column][/vc_row]

Subscribe to our blog!

September 20, 2022
When is a Digital Twin Entertaining?

When it’s ensuring that tens of thousands of visitors have the best experience possible every single day. Keeping people entertained is a 24/7 endeavor, even the smallest hiccup results in a social media firestorm. Keeping things running requires thousands of dedicated employees and a staggeringly complex network that sprawls the area of a major city […]

Read More
September 8, 2022
Bring a Healthy Dose of Skepticism ….. Please

We are asked to purchase something 4,000 times every day; that’s roughly once every 13 seconds during our waking hours. These “requests to purchase'' often come in the form of marketing messages that test the bounds of credibility. In the software industry, most of us have trained ourselves to question vendor promises vociferously. And vendors […]

Read More
August 8, 2022
Fortune and Great Place to Work® Name Forward Networks One of the 2022 Best Small Workplaces™, Ranking #20 Nationally

SANTA CLARA, Calif., Aug. 8, 2022 /PRNewswire/ -- Great Place to Work® and Fortune magazine have honored Forward Networks as one of the 2022 Best Small Workplaces. This is Forward Networks' first time being named to this prestigious list, this year coming in at 20th place nationally. Earning a spot means that Forward Networks is […]

Read More

Sign up for our newsletter

crossmenu linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram