Since making our platform available, many of the world’s largest banks, telcos, and IT companies have come to rely on Forward Networks to keep their networks healthy and operated efficiently. From the CTO to a junior engineer, people quickly grasp the value of what the Forward Platform can deliver, like turning a common 4-hour task into a 4-second query, or discovering a hidden device misconfiguration before it turns into a costly outage.
But exactly how are these organizations using the Forward Platform? Furthermore, how are they translating the platform’s usage into business value? Allow me to explain in detail, with real customer examples.
To start, a primary area where the Forward Platform delivers value is in its ability to reduce operating costs by eliminating the most painful and manually intensive activities of network management. Typically, when a network engineer needs to verify a config, debug an issue, or answer any basic question about network operation, he or she must undertake a manual and lengthy CLI-driven process — going line-by-line, rule-by-rule, and box-by-box — using ancient tools like ping, traceroute, SNMP, and netflow.
With the Forward Platform, customers gain the ability to quickly view, analyze, and act, using simple searches that can instantly find any device, its connections, and traffic paths. This approach significantly reduces the man-hours typically required for network troubleshooting and root-cause analysis which, in turn, lowers mean time to repair.
One of the largest telcos in the world chose the Forward Platform to maximize the speed and cost efficiency of its network operations workflow. Prior to using Forward Networks, this telco’s network teams were over-burdened with labor-intensive debugging and maintenance activities associated with its 100,000 network devices. Engineers would troubleshoot network issues by logging into devices on a box-by-box basis in an attempt to infer behavior and divine the root cause of problems. Such a manual approach was not only time-consuming and fraught with error, but inherently reactive. This put the telco’s network engineers and operators on the defensive, where they were constantly working from behind in a continual fire-fight.
By adopting the Forward Platform, this telco customer is now able to search network behaviors and potential traffic flows quickly and at scale. Using the Forward Search capability, these queries show not just where the traffic can go, but also show all the relevant configuration and state details that explain how that traffic gets handled. This has eliminated time-consuming network discovery and troubleshooting efforts, allowing them to get ahead of problems before they become business-impacting. Anecdotally, the telco calculated that where it once took 4 man-hours to audit the configuration correctness of a single core switch or router, this effort is now completed in a matter of seconds with the Forward Platform.
A second area where the Forward Platform delivers customer value is its ability to substantially mitigate the risk of human-induced network outages. Even the most skilled network engineer can mistype a filter list, fat-finger an IP address, or misconfigure a trunk interface, or forget to update a network diagram with newly added devices. These errors can have a cascading effect on the behavior of hundreds or thousands of devices. In our experience, no network is completely free of this type of error.
Our customers are using the Forward Platform as a network assurance solution to detect these problems before they manifest into some business-impacting incidents. Furthermore, the platform can be used to pre-validate that device configuration changes are not just policy-adherent, but safe to make before they are rolled into production.
One of the world’s largest financial institutions is using the Forward Platform to continually audit the configuration correctness of their networks. They had experienced a series of major outages that were due to latent network device misconfiguration. As a notable example, one of their engineers incorrectly set the Maximum Transmission Unit (MTU) on a router which was critical to keeping their retail branch network up and running. This MTU mismatch was never noticed and had no immediate impact on the branch network. However, six months after the engineer originally made the error, traffic with large packets caused a cascading failure, resulting in a 6-hour outage spanning 200 branch sites.
With the Forward Verify capability, this bank is now able to continually audit the configurations of its network devices to proactively identify any new or latent errors, ranging from configuration issues like VLAN and MTU inconsistencies, duplex mismatches, IP address duplications, and routing loops, to more sophisticated ACL policy errors or traffic reachability issues. This capability has enabled their network teams to isolate and remediate these problems before they disrupt any service.
Furthermore, using the Forward Predict feature, the platform enables their network teams to test that new configuration changes do not violate network policy or intended behavior prior to them being rolled to production. Specifically, whenever the bank is making access control list changes on their firewalls, they are able to pre-test these changes to ensure perimeter security compliance policies are always enforced before any change is committed to production. Taken together, these capabilities have helped the bank increase the resiliency and reliability of their networks by eliminating device misconfigurations and change-induced errors.
In any large organization, network chaos knows no boundaries. But how do our customers get started in their journey to tame this chaos with Forward Networks? To start, we offer every prospective customer free access to the Forward Platform to run an audit of their network. In this effort, our customers can deploy the platform to model and verify the configuration correctness of a subset of their network. Invariably, the Forward Platform will identify a variety of issues, ranging from outage-inducing device misconfigurations to higher-level traffic or security policy violations. Customers then typically file tickets to repair these issues in the production equipment. As a one-time audit of a portion of their production network, our customers are able to experience the value of the Forward Platform first-hand and free-of-charge.
Get in touch with us and let us show you how we can do the same for your network: Request a Demo
The network lies at the heart of a modern enterprise’s ability to perform its daily business and operations. When a network outage occurs, due to a policy misconfiguration or a device failure, business grinds to a halt. Almost every week, it seems, we read a new headline where a Fortune 500 company suffered the catastrophic consequences of a network outage. These incidents are costly, causing revenue loss and impacting corporate reputation and customer loyalty. In the most extreme cases, outages have triggered both a company bankruptcy and a CEO’s dismissal.
Yet, despite the costs and frequency of outages, operating a network remains a manual, error-prone process. In an oft-cited study by Gartner analysts Ronni Colville and George Spafford, the authors note that “80 percent of network outages are caused by people and process issues, with more than 50 percent of those outages caused by change configuration issues.” The reality is that a company’s network team may be one or two changes away from causing a severe outage, even when the network has hardware redundancy. Hiring more people won’t solve the problem either.
A primary reason for this fragility is that networks are inherently hard to test. In the world of software development, an abundance of testing frameworks and continuous integration servers help to ensure that code is correct, while an abundance of troubleshooting and debugging tools help to resolve problems when they appear. In networking, there simply isn’t a modern and comprehensive toolset for testing the correctness of multi-vendor device configurations and policies.
To start, the scale and complexity of today’s modern networks is simply daunting. Not counting servers, the network of a Fortune 500 company is typically comprised of thousands, if not tens of thousands of hardware devices (i.e. switches, routers, load balancers, and firewalls). Add virtual switches inside virtualized servers or for containers, and this number can grow radically larger. Each device can have thousands of rules determining how to forward and process packets. The emergent interactions of this enormous amount of distributed state defines network behavior yielding a degree of complexity that no human can grasp, let alone test and troubleshoot. Furthermore, this complexity has historically exceeded what silicon-based systems can handle.
So today, when an outage occurs, network teams turn to simple tools like ping, traceroute, or netflow in an attempt to map the symptoms back to the actual root cause. The most common approach is to log into devices, box-by-box, inspect via the CLI, attempt to infer behavior, and then mentally join it all together to divine the root cause of the problem. Such a manual approach is not only time-consuming, but infeasible as networks grow in size and complexity. Most importantly, such a method of troubleshooting is inherently reactive. The operator can know of a problem to fix only after the symptoms appear, by which time the customer is already experiencing the damage.
It is true that SDN in its purest form can bring some order to the chaos by providing a single logically centralized source of policy and configuration. It can also provide a clear abstraction and standardized representation of network configuration and state. However, instead of humans making changes at human timescales, SDN and network automation enable changes to occur at software speeds.
With potentially thousands of changes every hour, what happens when the network goes down? How do operators troubleshoot problems or outages in a constantly evolving network where they’re not triggering most changes? In a modern stack with multiple new vendors, which specific component is at fault? Did the network even make the mistake, or did it receive the wrong input from the operator?
With SDN and automation, the need to make sense of complexity has not gone away. The ability to make more frequent changes simply amplifies the need for new tools and approaches to provide visibility and help with troubleshooting.
The problem of network assurance is business-critical for legacy as well as SDN environments. Forward Networks has taken on the monumentally ambitious challenge of making networks as testable as software. After years of work, the Forward Platform was recently unveiled to transform the way organizations test, debug, and troubleshoot their networks.
As part of Forward Networks’ public launch, we had the privilege of presenting to a lively delegation at Networking Field Day 13 on November 17th, 2016. The event took place at Andreessen Horowitz’ campus in Menlo Park, CA and constituted our first public unveiling of the Forward Platform. The idea behind Networking Field Day is to bring together a group of independent bloggers, speakers, freelance writers, and IT thought leaders to preview and discuss exciting new networking technologies. The 13 invited delegates included Carl Fugate from Capgemini, Tim Miller of Quantlab Financial, David Varnum from Beall's Department Stores, and Ethan Banks of Packet Pushers. The delegation’s collective reaction to the Forward Platform speaks for itself: David Erickson, our CEO & Co-founder, kicked off the two-hour presentation with an overview of the current state of network operations. He introduced the Forward Platform as a means of reducing the sheer complexity of operating networks while eliminating the misconfiguration and policy violations that lead to costly outages.
Forward Platform demo
In the second section of our presentation, Brandon Heller, our CTO Co-founder, gave a full demo of our platform to introduce the 3 main capabilities - Forward Search, Forward Verify, Forward Predict - using a large, realistic data center network topology.
Use Case – Outage Diagnosis & Resolution
For the third section, I ran a live demo to show how the Forward Platform is used to prevent network outages. Using a real world example of the effect of a fiber cut on a network, I illustrated how engineers and operators would quickly diagnose and resolve this incident utilizing the Forward Platform.
Use Case – Network Auditing
In the final section, I demonstrated how the Forward Platform offers audit functions to discover, report, and debug latent misconfigurations or policy violations in a network. With next to no effort, a network engineer can verify basic misconfigurations are not hiding in a network, reducing the chances of unexpected issues when making changes or during an update.Forward Networks’ mission is to radically improve the efficiency and resiliency of networks at scale. We were thrilled to participate in Networking Field Day 13 as part of our company’s launch. Stay tuned for more from Forward Networks. You’ll be hearing a lot from us.
Sign up for a Free Demo to learn how we can deliver substantial value to your network operations workflow.
Networks today are integral to many if not all aspects of our lives. A multitude of data packets whizz by on wired or wireless networks enabling us to carry out both our personal and business lives in the digital world. It is therefore easy to understand the chaos that is caused when these networks become disrupted in any way. For you and me, a temporary loss of network connectivity may mean a slight downtime in our daily agenda, but for businesses, every second that goes by when the network is down means not only a loss in productivity but also a substantial hit to company revenue. A recent study showed that network outages in an average North American mid-to-large company cost one million dollars, and the total cost is a whopping $700 billion annually!
Today, I am excited to share with you what the team at Forward Networks has been working on as an answer to the problem that the networking industry has been facing since its inception. Our game changing Network Assurance platform attacks the issue head on, and delivers a solution that will make surprise network outages a thing of the past.
Throughout my career, when interacting with customers, the recurring theme that I heard was how difficult it is to operate networks at scale, and to keep them current in terms of policy, configuration, and inventory. Irrespective of how many network operation personnel were on staff or how many tools were at the operators’ disposal, keeping the network up and running was always a herculean task. The reason for this is rooted mainly in the diversity, scale and brittleness of today’s networks. This is also why no vendor (software or hardware) to date has successfully delivered a solution eliminating these challenges. David, CEO and Co-founder of Forward Networks, eloquently describes the problem statement as, “the network can be one mistaken change away from a major business impacting outage”.
Our Network Assurance platform fills the void in the market and finally provides solutions, also allowing for seamless delivery of enhanced platform functionality in the future. Here’s a deep dive into the platform.
At the core of the Forward Platform sits a mathematical model that computes an accurate representation of the current and all possible behaviors of your network. We are able to do this after collecting configurations and state from all devices on your network. This formal verification method sets us far apart (and beyond) from what any other existing change management, network security management, network simulation and network application monitoring tools provide. Once we have a network modeled, our ability to search, analyze, control and predict transforms the way network operations teams manage their networks.
Here are the key capabilities of the Forward Platform:
is a “Google-like” search capability of the modeled network that provides instant access to the whole end-to-end network behavior and topology. As an example, let’s imagine a network operator wants to verify if there is connectivity between two hosts for a given application (HTTP traffic in the example depicted in Figure 1). Upon issuing a very simple and intuitive query, the Forward Platform offers instant access to all the possible paths between the hosts for the desired application. The Platform also displays the critical data quickly and efficiently. Along the path, Forward Search highlights the forwarding behavior (L2 information, next hop, IP addresses, etc.) at each node, thereby making it really easy to debug complex environments with a handful of keystrokes and within seconds. Remember the pain of logging into each individual device, identifying the right configuration lines and trying to understand the lengthy and intricate forwarding tables? With Forward Search, this pain is no longer there.
complements Forward Search by providing the capability to ensure the correctness of network policies and security posture. It allows network operators to rapidly identify any policy violations or unexpected behavior. Forward Verify brings the traditional unit testing paradigm of software development to networking, by continuously verifying that the network, as currently configured and behaving, does not diverge from your connectivity and/or security policies. This is critical for the ongoing health of the network because one of the most common reasons for network downtime is accidental misconfiguration hand-coded by a network operator.. In the Forward Platform, policies are defined as checks that can be customized by end users or pre-defined within the platform (as illustrated in Figure 2).
allows network operators to test “what-if” scenarios in sandbox environments. These scenarios can involve connectivity, protocols or security policy changes before they get implemented in a live network. This revolutionary capability is light-years ahead when compared to how network changes are tested today. Once a change is identified, the Forward Platform can instantaneously “test” it in a mathematically and behaviorally accurate software copy of the network, to make sure policies are kept in compliance. Figure 3 shows the status of the policy checks before and after simulating the changes.
Together Forward Search, Verify, and Predict will allow network teams to finally operate at a level that gives them speed, control and accuracy they’ve always dreamed of. If you’re interested in learning more, we’ve also put together a data sheet that provides more in-depth details on our platform.
As you may imagine, we’re really excited to finally bring this capability to market. And we’re not done yet! Stay tuned for more to come soon. Follow us on social media or drop us a line to see how we can help network downtime a thing of the past for your network.