Today’s networks are too complex for manual network management and updates.  With most enterprises composed of tens of thousands of devices spanning multiple geographical locations, on-premises hardware, Virtual environment, and multiple clouds – it’s virtually impossible to push updates manually.   Also – the sheer volume of vendors and coding languages can be overwhelming for a network operations engineer.  In most cases learning a new language or new platform takes eight weeks to achieve basic proficiency; its not realistic to expect human skills to scale at the pace of network innovation (aka network complexity)

Fig 1. Itential Automation Example

Which is why we decided to integrate the Forward Networks platform with the industry-leading network assurance platform, Itential.  Their low-code automation platform makes it easy for network operations teams to deploy and manage multi-domain infrastructures.  Itential’s cloud-native software as a service offering provides a low-code interface that seamlessly connects to any IT system, cloud, or network technology for end-to-end closed-loop network automation and orchestration. Forward Enterprise enables network operators to deploy automated changes with the assurance that they are in compliance with network policies and won’t have any unintended side effects.

Fig 2. Closing the Loop: Automation + Verification

Forward Enterprise helps network operations engineers avoid outages through its unique mathematical model. The platform creates a digital twin of the network (across on-premises devices, private and public cloud) enabling network operators to map all possible traffic flows, instantly troubleshoot, verify intent, predict network behavior, and reduce MTTR (mean time to resolution). Itential simplifies and accelerates the deployment and management of multi-domain network infrastructure. Both platforms support major network equipment vendors and AWS, Azure, and Google Cloud platforms.

Fig 3. Automate Service Provisioning with Forward Networks and Itential

The Closed Loop Automation process enabled by the integration of Forward Networks Platform and Itential Automation Platform (IAP) acts as a safeguard to prevent any issues from becoming pervasive following a change window.  Using the pre-built automations, templates, form builder, automation builder within Automation Studio makes it easy for network operations engineers to build an automation catalog that enables changes at scale.  By using the API integration with Forward Networks, they can verify routing, add intent checks, verify new service connectivity, check for side effects and send notifications and verifications via Slack, Microsoft Teams, Cisco WebEX, and email.  Integration with change management systems including ServiceNow and Jira ensure everyone is working from a single source of truth and expedites collaboration. In the event of an issue, the diff check functionality within the Forward Networks platform makes it easy to pinpoint which changes are causing any unplanned behavior.

For more detail on how the integration works, please view our ONUG Spring 2021 session.

As more enterprise-class cloud platforms have emerged over the last few years, organizations are looking to leverage these alternatives to take best advantage of each in a multi-cloud IT strategy. The advantages of a multi-cloud strategy can easily include resiliency, price-competitiveness, feature-alignment, and cross-silo visibility. 

But with all these advantages comes the complexity of dealing with inconsistencies between cloud providers, both from a policy compliance perspective, as well as a consolidated management view. To be successful, organizations need a common verification platform to ensure easy transition and flexibility between multi-cloud providers. 

SDxCentral outlined some of the key benefits of a multi-cloud strategy in this article:

Enterprises select a multi-cloud strategy due to the benefits. For starters, the multi-cloud is readily available. If one cloud is offline, then the enterprise may still work on the other clouds and achieve its goals. It’s also customizable and flexible in the sense that an enterprise may “select the ‘best’ of each cloud type to suit their particular business needs, economics, locations, and timing.”  Another significant draw for a multi-cloud adoption is that enterprises can escape vendor lock-in as its data is stored on various service providers’ clouds.

The multi-cloud strategy offers security precautions that a single cloud deployment does not. According to Citrix, the multi-cloud also hinders Shadow IT activity. The company describes Shadow IT as “technology used by individuals or groups within an organization that is not managed by the organization’s IT department. This problem tends to arise when policy-compliant IT does not fully meet the needs of the organization. A multi-cloud environment allows groups to comply with IT policy while benefiting from a specific cloud technology.” It also dodges the gravity of a distributed denial-of-service (DDoS) attack as the attack won’t affect all the clouds within a multi-cloud, leaving the enterprise still functional despite the attack.

But what are the differences and complexity between this and a traditional hybrid cloud strategy? In a hybrid cloud strategy, which includes a single primary cloud provider and the on-premises private cloud, there is no need to worry about inconsistencies between cloud infrastructures. If, for example, application deployments should be consistent from a myriad of policy requirements between two or more cloud providers, that has been a lot of work to ensure just from a security and application connectivity perspective. 

Similarly, should a multi-cloud strategy imply that traffic flows are not going between cloud providers and that each cloud provider is just a siloed hybrid cloud deployment? Hopefully, not, but how can network administrators visualize and manage network paths and topologies across multiple cloud vendors? Are destinations in each cloud provider reachable with the right application policies, with the optimal traffic patterns, across multiple providers and the on-premises hybrid cloud network? Who is providing this management view, tools, and verification checks?

Hybrid cloud platforms and management tools often have a difficult time showing end-to-end traffic flows and topologies across a single cloud provider and the on-premises network. But this is exactly what makes Forward Networks an ideal platform to ease the migration from a hybrid cloud approach to a multi-cloud strategy.

Within our multi-vendor, cloud-agnostic verification platform, we eliminate the seams between cloud vendors and the private cloud network. Not only can the entire topology of a multi-cloud environment be visualized in a single view, but we can ensure that implementations for various policy requirements are consistent between cloud providers. Organizations can eliminate most of the complexity and differences between various cloud platforms, or at least easily verify the impact of deployments as they are migrated from one provider to another. 

Distributing workloads to where they make the most sense financially and technically can finally be managed with greater flexibility and confidence. If an organization has experts on managing only a single hybrid cloud infrastructure, now everyone can take advantage of a common view and automated verification checks to quickly assess network-wide, multi-cloud policies, identify configuration errors between cloud platforms and quickly add more value to the organization. 

Today, Forward Networks supports AWS VPC cloud services, along with Microsoft Azure, and (coming soon) Google Cloud Platform (GCP). Building a multi-cloud environment between and across these vendors has never been easier or cost-effective, as you look to avoid cloud-provider lock-in. 

Network complexity has reached nearly unmanageable proportions for most organizations. With thousands of devices, millions of lines of code to configure networks, and constant updates, it has become nearly impossible to track network topology details, let alone network policies, behavior, and capabilities end-to-end. The result is a network infrastructure that is resistant to change and risk, which reduces the ability of the IT team to quickly address changing business needs and application requirements. Can Automated network mapping solutions stem the tide of complexity and tedious resource drain?

For many organizations, the state of the art for network maps and documentation is Visio diagrams or spreadsheets of device names and IP addresses. Even network management tools can not keep pace with the rapidly changing details of dynamic network environments. Organizations have to rely on senior network engineers to track network details, but such expertise is easily lost and learning curves are steep and expensive. 

Organizations need to automate the network mapping process, so that information is always up-to-date and accurate, while reducing overhead in documenting network details. Automated network mapping software can form a single-source-of-truth for network details, configurations, topology maps, and connections. The ideal automated network mapping solution can even turn the tens of millions of network details, security policies, connections and forwarding rules into a usable database where such information is readily accessible with simple queries to be used in troubleshooting, network analysis or compliance checks. 

The heart of an automated network mapping solution is the centralized process that can access each device and collect and organize the relevant data. With all of the right details, a current network topology diagram can be generated quickly to guide network management tasks and workflows. 

Automated network mapping is one of the key use cases and features of the Forward Enterprise platform. Forward Enterprise collects all network information, including forwarding tables and security rules, from each device in order to build an interactive map of the network topology. The information is organized into a database as well, with a simple query language to quickly identify configuration errors, outdated systems, or down links. 

Network collections, to update the automated network map, can be scheduled periodically or pulled on-demand, to make sure that IT managers always have access to current information. Information from the automated network map can then guide a wide range of network management workflows and processes. Automated network mapping can also ensure that all team members and IT silos have access to the information they need, no matter where they are on the learning curve of managing a complex enterprise network. 

The Forward Networks automated network mapping capability even includes cloud networks. Network maps can show flows throughout a multi-site on-premises data center over a WAN connection and to public cloud providers such as Amazon AWS and Microsoft Azure. Being able to visualize a contiguous network map across multiple vendors, sites and service providers is a powerful debugging and analysis tool that can quickly improve IT operations. 

As networks become more complex and require more frequent updates, organizations need to automate more of the management tasks. Automated network mapping should be a primary focus to ensure that an accurate, always-up-to-date view of the network topology and key management details are available to accelerate IT processes.

Last week, on February 8, 2019, Packet Pushers published our second podcast with them covering a range of customer use case updates and new features like our Network Query Engine (NQE), VMware NSX support, Cisco ACI announcement and more. We have always gotten great feedback on our shows with hosts Greg and Ethan, and find their audience to be one of the most savvy and technical groups out there.

Quite coincidently, we were surprised that Drew Conry-Murray from the Packet Pushers team also published a blog last week titled, “Intent-based Marketing Sucks”. Since many in the industry consider us one of the leaders in intent-based networking, we thought it was an odd prelude to our upcoming podcast release.

In reality, I pretty strongly agree with Drew, though, and I think we had a good chuckle about it over email. The two main points we agree on are that: 1) “intent based networking” has become one of those vaguely defined panaceas that every remotely-related vendor tries to tie into, and 2) Forward Networks actually does a really good job of not leading with “intent washing”, as so many people see it. Drew actually compliments us on our straight-forward, technical and value-based presentations.

To the point of Drew’s blog, “it appears that if you expose APIs and can auto-configure a network device, you are ‘Intent-Based’”. There are SD-WAN vendors, for example, pitching whatever link optimization feature they have as intent-based networking. That’s not really keeping with the full vision of how the industry defined “intent based networking”. We’ve seen the same thing in the past with “SDN washing”, “cloud washing”, etc.

Drew notes that customers don’t benefit from this kind of confusion and mislabeling. Instead, he says that customers want clarity and not jargon. Which is absolutely the approach that Forward Networks has taken while I’ve been doing product marketing. We rarely lead with “intent based networking” to define or position ourselves, precisely because it is still such an ill-defined technology. We educate customers first on what our product really does, and not refer solely to buzzwords.

For the most recent example, we presented at Tech Field Day in Barcelona on January 30 to a very seasoned panel of leading European networking bloggers and technologists, and they unanimously said that we were the best presentation of the week (via comments like this, this and this)! From clearly articulating how our product solves real problems, demonstrating use cases, and an in-depth walk-through of product features. No jargon, no buzzwords, no hype, no confusion. If you haven’t seen it, check it out here:

I think you’ll get the same impression from our Packet Pushers podcast where we cover a lot of the same material. We also have a number of short, helpful videos that quickly highlight actual product features and use cases rather than dumbing down the technology into a bunch of hyperbole.

The latest video we produced is on our Network Query Engine (NQE) feature, for example, which really opened people’s eyes at Cisco Live Europe. And the accompanying blog on NQE, which was jointly written by our CTO, lead engineer for the project and myself, is a very detailed technical tutorial implicitly devoid of any sales-speak. (It’s probably too long for a feature introduction, and maybe a bit dry, but we’ll be working on some more bite-sized presentations moving forward on NQE). Check them out and let us know what you think:

NQE Blog

NQE Video

New Video Showing VMware NSX and Amazon AWS VPC support

In the end, Drew assured us that he didn’t have Forward Networks in mind when he disparaged the industry’s intent-based marketing efforts. And we would agree with him that it has certainly become a confusing space, and that’s not going to help anyone. But, we’re finding quite the opposite with our customer efforts by focusing on real capabilities and solutions. You can find actual feedback from our customers on delivering real product value on Gartner’s peer insights website. And Dr. Jens-Henrik Soeldner, writing in one of Germany’s leading IT journals, thought we were the hottest, most interesting vendor at Cisco Live Europe last month (according to this).  The bottom line is that when you’ve got a great product that delivers real value you don’t need to fall back on buzzwords and jargon.

Forward Networks Adds Support for AWS

Benefits of Intent-based Network Verification Now Extend to Amazon Virtual Private Clouds

Palo Alto, CA. – November 29, 2018 – Forward Networks, the industry leader in network assurance and intent-based verification, has announced that their latest software release includes support for Amazon Web Services (AWS).

Forward Enterprise, the company's network verification platform, now delivers the benefits of intent-based networking to hybrid cloud environments, allowing IT organizations to view their AWS VPC networks as a seamless extension of their on-premises infrastructure, from a connectivity, security policy and compliance perspective.

David Erickson, CEO at Forward Networks, noted, "We've launched support for AWS in direct response to demand from our customers, who want to apply all of the advantages of our platform – reduced risk, reduced cost, and better operational efficiency – to their AWS cloud infrastructure."

Forward Networks has pioneered the ability to analyze the end-to-end behavior of networks and then verify the correctness of a network based on defined intent, security policies, and compliance requirements.

"Businesses shouldn’t have to sacrifice network visibility and control when they migrate to a cloud environment," said Alan Weckel, Founder and Technology Analyst at 650 Group. "Forward Networks has taken a huge leap in solving that problem."

Forward Networks' flagship platform, Forward Enterprise, Forward Networks' flagship product, delivers a software platform for network verification and automation designed for large, complex, multi-vendor network environments. By creating, in software, a mathematical model of the network, Forward Enterprise enables companies to quickly visualize and search large networks, debug problems, verify policy correctness at scale, and predict network behavior prior to making changes to production equipment. Network engineers can also diagnose issues in a fraction of the time and isolate potential errors before they cause network outages.

To learn more about the technical capabilities and use cases of Forward Enterprise for AWS, see the company’s blog post at: www.forwardnetworks.com/aws

About Forward Networks

Forward Networks provides a robust network assurance and verification platform to reduce business risk and improve network operations. By enabling network and applications teams to verify intent and predict network behavior, Forward's solution brings the benefits of intent-based networking to large enterprises: agility, predictability, and scalability.

Forward Networks was founded in 2013 by four Stanford Ph.D. graduates and is headquartered in Palo Alto, California. Investors include Andreessen Horowitz, DFJ, and A.Capital. For more information, visit www.forwardnetworks.com.

Top cross