Data alone won’t improve a network. Network verification platforms are taking on the heavy lifting of collecting and organizing this myriad of information about network design details and forwarding rules. They’re also changing the way of how network operators analyze data quickly to provide meaningful insights to IT organizations.
Network operators have to deal with an inordinate amount of data and complexity when analyzing network behavior and issues. Diagnosing problems can be like searching for a needle in a haystack. Compounding the problem, network details are rarely organized in a central location. Information is spread across devices, management consoles, and vendor-specific tools.
There’s a tremendous amount of useful information deep inside the network infrastructure, but tapping into it is easier said than done. The holy grail has long been to have an accessible single source of truth for the network, but such a repository has been elusive. Drawing practical insights, once you centralize, organize, and leverage the data, is a separate issue entirely.
The end result of network verification is the elusive single source of truth in a structured, useful database format complemented with an intelligent analysis engine that mirrors the high-level insights of the most sophisticated network architects and engineers.
Making Network Analysis Less Painful
Analyzing network behavior is a time-intensive process; moreover, many enterprises don’t have the IT resources to ensure their networks are error-free or agile enough to address the pace of change modern enterprises now expect. Throw in the fact that different parts of the network may use different monitoring interfaces, and managing network data can be nearly impossible.
“IT teams need to move quickly to diagnose issues or verify network updates and changes. When you have thousands of devices from dozens of vendors, and with several thousands of lines of configuration and dynamic state on each of these devices, just the data collection is painful,” says Nikhil Handigol, co-founder of Forward Networks. “On top of it, retrieving the information of interest is even harder. This information is presented in very different ways across these device types. This has made network automation tasks in these areas really difficult.”
Network verification platforms, however, can take data from all points in the network and put it in one place, using a standardized format for the data presentation. This removes the need to understand and correlate vendor-specific formats that come with less-holistic approaches to network analysis.
Forward’s verification method, in particular, uses sophisticated path analysis technology to craft a highly-detailed report of end-to-end network behavior and can compare that to the intended security and connectivity requirements of the entire organization.
It essentially allows the network to be treated as a database. A user can query the network through a standardized interface while not having to worry about the process of collecting, storing, and normalizing the data.
“You can access this data directly and start doing stuff with it without having to do any additional parsing,” Handigol said. “This data appears the same way, regardless of the device vendor — whether it’s a Juniper device, whether it’s a Cisco device, whether it’s a Palo Alto Networks device. It appears as exactly the same format so that you can focus on the thing that you care about, which is validating the properties of your network without having to worry about the underlying scale or complexity.”
Why Network Verification?
It’s becoming more critical than ever for network operators to know their network’s capabilities, behavior, and limitations from end to end. With the complexities of a multi-vendor network, and the overwhelming amount of configuration data, it’s becoming increasingly harder to do so. If a recent update to the network has inadvertently introduced a policy violation or security vulnerability, it’s incredibly difficult to catch these issues in real-time, certainly before the issue surfaces in a real breach or outage.
Network verification enables operators to get a clear understanding of where those vulnerabilities are ahead of time. It gives a clear picture of a network’s problem areas, including any deviations from the network architect’s intent, taking the guesswork out of trying to pin down an issue in networks that are becoming increasingly complex.
“Our belief is that you need a safety net. You need a safeguard — and that’s what verification brings to the table,” Handigol said. “We’re seeing greater diversification of the underlying network infrastructure, especially with public clouds coming into the picture, as well as network virtualization and SD-WAN. Given this increasing diversity of the underlying infrastructure, network verification will underpin the future of network operations.”