The network is the foundation for everything a digital enterprise builds to drive its business forward. And as the business demands more agility, flexibility, reliability, and security than ever before, it has become clear that networking has been left behind in today’s world of automation, machine learning (ML), and artificial intelligence (AI).
“Networking missed out on the evolution to high-level programming,” says David Cheriton, founder of and chief scientist for Apstra. “We’re still programming networks like we did in the ‘60s.” Because the tools haven’t kept pace, network managers, in many cases, are still configuring devices manually and using outdated management tools to diagnose and fix problems. They’ve been so focused on keeping the lights on and fighting fires that they haven’t made the time to engage in more strategic endeavors.
That is now changing, as the networking industry is undergoing a sea change driven by the shift from hardware to software, the promise of programmable networks, and a new, potentially game-changing technology called intent-based networking.
Network visionaries and leading practitioners speaking at VMware’s second-annual future:net conference on August 30–31 in Las Vegas are clearly inspired by these new approaches to building and maintaining networks. “This is a very exciting time to be in the networking industry,” says Peter DeSantis, vice president of global infrastructure for the Amazon Web Services (AWS) cloud service.
Although programmable networking technologies such as software-defined networking (SDN) and the software-defined wide-area network (SD-WAN) have gained traction in recent years, intent-based networking is a relatively new concept. So, what is intent-based networking, and how does it relate to SDN? One way to look at it is to say that SDN operates at the control plane, while intent-based networking operates at a higher level. Enterprises can deploy either or both, but they don’t need SDN in place to use intent-based networking.
“Intent-based networking is the true automation of networking,” says Cheriton, whose company provides an operating system for intent-based networking. With this strategy, users tell the network what they want, and the network figures out how to achieve that goal.
As keynote speaker Ratul Mahajan, CEO of Intentionet, a networking startup, points out, there’s a huge gap today between the network manager’s policy intent and actual runtime behavior. Manual processes inevitably introduce bugs that result in outages, security breaches, and reduced agility.
One promise of intent-based networking is that it will create a closed loop; a network manager expresses intent, and the network performs formal validation to verify the intent was achieved and is being maintained. The benefits of this approach include increased network reliability and agility, reduced costs, and faster time to market for the business.
Although pieces of the intent-based networking puzzle are being delivered today by companies including Apstra, Intentionet, Veriflow, and Forward Networks, it’s still early days. Traditional Fortune 500 companies are unlikely to deploy intent-based networking until the technology matures. However, digital-native companies such as Google, Amazon, and Facebook have embraced network automation using (mostly homegrown) software for many years. They shared their insights with the 300 attendees at the invitation-only future:net event, as did an impressive lineup of speakers from Netflix, LinkedIn, Bloomberg, Electronic Arts, Oracle, and VMware.
The key themes at future:net included the profound shift from hardware to software, the rise of open source software as a platform for innovation, and the issue of build versus buy when it comes to a networking strategy.
Trendsetters: Netflix and Bloomberg
Netflix clearly demonstrates what a company can accomplish when IT focuses on the business rather than on infrastructure. For example, Netflix's control plane runs entirely on Amazon Web Services, so instead of worrying about the network, its IT resources are freed up to develop the thousands of micro-services that run in the background, including the ones that decide which movies to recommend to Netflix's 100 million customers.
Netflix has zero employees configuring routers for the control plane, because Netflix owns zero routers in AWS, says Manish Mehta, senior security software engineer at Netflix. "People don't think about networks anymore," he says. When it's Christmas Eve and demand for movies spikes, for example, the Netflix network automatically scales up with no human intervention and no late-night alerts for Mehta.
Bloomberg, the financial services technology company, is another example of a forward-thinking organization with a complex, mission-critical legacy network—including 15,000 customer-premises equipment (CPE) routers and its own global Internet Protocol (IP)/Multiprotocol Label Switching (MPLS) network that carries stock market data, video, voice, and screencasts.
Truman Boyes, Bloomberg’s head of network architecture, says his goals are to reduce complexity and to reuse and recycle where it makes sense to do so, instead of trying to manage everything in-house. “If we can get it off GitHub or partner, that’s better than the artisanal crafted configurations that we’ve grown up with.”
Boyes says his guiding principles are to automate everything in the data center, use open source in situations where the company wants to make changes, use virtualization and containers for all applications, and use the cloud to scale the business.
Shift from Hardware to Open Source Software
Innovation in networking historically has been driven by hardware. It was all about speeds and feeds, says Rajiv Ramaswami, VMware’s chief operating officer for products and cloud services. Now, it’s all about applications that can run anywhere from an on-premises data center to multiple public clouds. “The future is all about software,” he says.
Brenden Blanco, staff engineer at VMware, adds a personal touch to the discussion by describing his journey as a software developer. He recalls when he started out in 2006 as part of a team of 250 people; they cranked out two major release cycles a year and were trapped waiting for the next hardware release. There was no open source, the Amazon cloud was still in beta, and “everything was big, slow moving, and complicated.”
The advent of cloud computing put pressure on IT organizations to become more flexible and scalable. All eyes turned to application developers to help build the next generation of software to automate processes, move networking functionality into the cloud, and transition from a centralized to a distributed infrastructure.
To meet those requirements, an arsenal of open source tools emerged, such as Open vSwitch, which gave developers a plethora of choices. Today, software engineers like Blanco work in small teams and use new, agile methodologies with short life cycles to develop innovative applications.
Software developers are empowered today to write code and move it into production with few of the earlier roadblocks, says Frans Van Rooyen, infrastructure architect at Adobe. Deploying an application at scale used to be extremely difficult. Now, open source containerization technologies such as Docker and open source orchestration technologies like Kubernetes enable developers to wrap code in a container and scale it as needed.
Cloud Security Insights
Cloud security remains a core issue. This is true both for enterprises determining which workloads they will move to the cloud and for cloud service providers whose reputations depend on ensuring the safety of customer data. The multi-tenancy and shared control inherent in the cloud create potential security problems, says Pradeep Vincent, an architect for Oracle’s Infrastructure as a Service (IaaS) cloud. What if a packet gets sent to the wrong company? What if an attacker gains access to someone else’s virtual machine within the same physical server?
Oracle has deployed a three-tier system of “defense in depth,” which includes narrowing the interface to the virtualization layer, creating multiple points of routing decisions, and building multiple trust zones to isolate high-risk devices from internal systems.
On the enterprise side, Prajakta Joshi, product manager at Google, recommends that companies adopt a new way of looking at security when moving workloads to the cloud. Instead of perimeter security, enterprises need to deploy pervasive security, which means securing every aspect of the network.