It’s interesting how casually we accept exponential-growth concepts like mobile, social, and ultimately IoT. The impending differentials in size of the device universe – from billions to trillions – doesn’t phase us at first. That is, until we begin to think about how network designs could possibly support such a creative explosion. Despite 20 years of IP experience, the answers just won’t come.
Our limitation is not technology, it’s us. Humans are prone to something cognitive psychologists call “anchoring,” where our answers to new thought challenges cling to old frames of reference. We don’t swing far enough away from that anchor in order to discover where the real answers lie.
To unleash the design creativity necessary for New IP networks that can support the exponential growth of devices and traffic, we have to reach deep into our architectural souls to find the fundamental assumptions to which we are clinging. We need to shine a light on them and challenge those aggressively. It’s time to re-think.
Re-Thinking the Network Edge
It doesn’t matter how far-flung a network design may be, when we visualize it there is always a firm end we know as the network edge. Connectivity begins and ends with access. For corporate uses, CPE (customer premise equipment) embodies that finite edge. We know that the software within CPE performs the required network services, playing pitcher/catcher with upstream provider equipment. However, within this traditional worldview hides multiple assumptions:
Fixed Physical Location. The cloud taught us that we don’t have to next to a device in order to derive its benefits. A wide range of network services can actually be performed remotely, from a provider’s data center. A simple tunnel from the premise to the cloud is all that is needed; routing, firewalling, VPN termination, and other services can be remote. Where did the network edge go?
Function-Specific Devices. We know virtual data centers or clouds are shared-hardware environments, but we assume CPE is single-function and physically managed. New virtual CPE (vCPE) system architectures are changing that. Network services can stack up within a modern hardware design, and new services can be launched with a remotely-delivered software load. Physical constraints of logistics and inventory become a thing of the past.
Singular Network Attachment. We know CPE is an endpoint to a provider’s network, a single point of ingress/egress to an MPLS walled garden. This network edge is effectively the end of the road. But a new split personality is coming to CPE, trading off traffic between the expensive proprietary network and a cost-effective internet link. With this SD-WAN behavior, the network edge is no longer an end point; it’s become a jumping-off point to another universe.
The new network edge is becoming an ephemeral concept. It is moving, morphing and multi-moding.
Traffic aggregation is a mainstay of IP network designs. It’s a massive unstated assumption; we visualize aggregation points in the network and never challenge the concept. Aggregation is a “scale up” technique that can be a key impediment to effectively “scaling out” a network design. Making changes or addressing maintenance requires long planning cycles, not to mention the difficulty in cost-effectively forecasting and delivering capacity requirements for growth.
NFV changes this worldview dramatically. We can realize better network designs with 1:1 relationships instead of communal ones. Terminating VPNs in lightweight virtual routers, or giving every application its own virtual ADC are examples of how service scale-out can be effectively delivered in a way that puts an end to the limitations of aggregation.
There have always been active adversaries intentionally trying to break into systems. In the past, it was hard for the bad guys to get enough information to succeed since each component in the system was proprietary, vendor-specific and had little to no commonality with its surrounding components. Today’s adversaries are far more active, primarily because information about how components are designed and work is more widely available. This information is accelerating the tools at their disposal and is rapidly expanding the universe of knowledge about attack surfaces and vectors. It has become asymmetric warfare.
Vendors and network operators both must move beyond static approaches to security design. Dynamic models that focus on network behavior rather than user identity are required for remediation, observation, and estimation. Machine learning, SDN control and automation are rapidly becoming the new normal against more sophisticated adversaries.
When SDN burst onto the public stage in 2011 it began with a very limited dialogue around basic L2 switching. Much of that perception has held, despite the fact that the broader challenge is programmatic control over every type of network element, whether physical or virtual, including those sourced from a heterogeneous mix of vendors.
To achieve new network designs we must change this worldview. Control must assume it applies to the whole network. From that assumption network managers must turn their focus to specific applications that run on the control layer. There will not be a single SDN killer app; a wide range of apps will come into existence. Controllers without applications are as limited in use as controllers with limited southbound options.
Far too large a percentage of network budgets are utilized simply for network maintenance. As the network transforms through overlays, NFV-based services and SDN control, we need to stop thinking about automating our interface to network devices and focus on automating networking. To get there, we must shift our thinking to “workflows.”
Workflows start and end outside the network, triggered by applications, subscribers, tenants, etc. Because they cross resource boundaries and teams, the majority of a workflow’s elapsed time occurs in passing tickets, scheduling change reviews, standardizing activities, and so on. Automating these handoffs removes the inherent delays as requests are volleyed between teams. Focusing on workflows is where the real benefits of network automation will pay off. The leverage from automation will allow re-allocation of resource from maintenance to innovation capacity.
In total, the challenges facing networking are massive and non-linear. Success will be found in agile, open and dynamic designs that are free of long-held, outdated conceptual anchors.