Welcome!

SDN Journal Authors: Elizabeth White, Yeshim Deniz, Liz McMillan, Pat Romanski, TJ Randall

Related Topics: SDN Journal, Containers Expo Blog, @CloudExpo, @DXWorldExpo, @ThingsExpo, @DevOpsSummit

SDN Journal: Article

Overcoming Network Limitations | @CloudExpo #DataCenter #SDN #Storage

More is being required today of network infrastructure than ever before, due in part to the changing latency & bandwidth needs

More is being required today of network infrastructure than ever before, due in part to the changing latency and bandwidth needs of modern applications. Wide area networks ("WANs") are feeling the pressure, especially those that use many technologies from different services providers, are geographically diverse and are stretched to the limit by increased video and cloud app usage.

In view of these challenges, hybrid WAN architectures with advanced application-level traffic routing are of particular interest. They combine the reliability of private lines for critical business applications with the cost-effectiveness of broadband/Internet connectivity for non-critical traffic.

Architectures like this can be difficult to scale over the existing network; most of today's network management tools can't manage it. Most of them still apply blocks of configuration data to network devices to enable features that in turn enable an overall network policy. To allow adjustment of configuration data to address differences in hardware and OS/firmware levels, those scripts are using "wildcards" replacing certain configuration data. These scripts are heavily tested, carefully curated and subject to stringent change management procedures. The tiniest mistake can bring a network down, resulting in potentially disastrous business losses.

As application-specific routing and hybrid WAN architectures are deployed, network operations teams are experiencing the limits to this approach. Even if the existing hardware already supports all the functionality required, existing network configurations that reflect past user requirements are rarely well understood. As each business unit is asking for specific requirements to ensure that their applications run optimally on the network, networks need to be continuously updated and optimized. Such tasks range from a simple adjustment of the configuration parameters to more complex changes of the underlying network architecture, such as removing and installing upgraded circuits, replacing hardware or even deploying new network architectures.

At this point, it's time to call in the big guns - senior network architects - who will need to put in significant time to determine potential risk of unintentional consequences on the existing network, but waiting for the next change maintenance window may no longer be an acceptable option. Businesses are not concerned with the details; they want the networks to simply "work."

Crafting a New Approach
Clearly, something needs to be done - but what? Standard network management tools are mature and well understood. Network architects and implementation teams are familiar with them, including all of the limitations and difficulties, and any potential change of these tools is immediately vetted against the additional learning curve required vis-à-vis potential benefits in managing the network.

In a best case scenario, implementation and operational concerns do not factor in when defining network policies. The process starts with mapping of the required functionality into a logical model, assembling these models into one overall network policy, verifying interdependencies and inconsistencies, and deploying and maintaining them consistently throughout the network life cycle.

The industry is in the beginning stages of improving network management, but these initiatives are still maturing. For example, YANG is a data modeling language for the NETCONF network configuration protocol. OpenStack Networking (Neutron) is providing an extensible framework to manage networks and IP addresses within the larger realm of cloud computing, focusing on network services such as intrusion detection systems (IDS), load balancing, firewalls and virtual private networks (VPN) to enable multi-tenancy and massive scalability.

However, neither approach can proactively detect interdependencies or inconsistencies and both require network engineers to dive into programming, for example, to manage data entry and storage. As a result, some vendors are offering fully integrated solutions, built on appliances managed through a proprietary network management tool. This model allows businesses to deploy solutions quickly, at the cost of additional training, limited capability for customization and new hardware purchases.

For industry transformation to occur, the focus needs to shift to assembling complete network policies from individual device-specific features, detecting inconsistencies and dependencies, and allowing deployment and ongoing network management. Simply updating wildcards in custom configuration templates and deploying them onto devices is no longer sufficient.

Managing the changes at scale, like network architectures or routing protocols, on live production networks will be difficult or even infeasible. This is especially true in large organizations where any change will always have to be validated by e.g. security. This creates unacceptable delays for implementation.

A Comprehensive New Approach
Organizations will need to carefully consider how to develop an end-to-end approach that creates complete network policies from abstract device-based network features, including interdependency checking, deployment and secure lifecycle management. Network features and related policies can be mapped using these four constructs:

  • Globals - These configuration settings apply throughout the network and are the same for every device in the network. A good example is NTP (network time protocol) where the central architecture team is defining the only NTP servers permissible for the network.
  • Domains - Consistently applied configuration settings across multiple devices. A good example is a QoS configuration which may be different by business units, hence, different QoS domains would allow network engineers to assign QoS policies across all devices associated with specific business units in each region.
  • Features - Configuration settings that are provided for a single device at a time, enabling functionality that the device can provide by itself. A good example is the configuration of a device-specific routing table where the device should forward incoming traffic.
  • Custom - It may not be practical to model everything in a general feature or domain concept, especially specific exceptions to single devices only - for example, a specific set of Access Control Lists (ACLs) needed on a single device. For these cases where no other dependencies with other features exists, just applying configuration data to a device may be acceptable.

Organizations can build any network policy by combining these constructs. Inherent interdependencies can be flagged by network engineers early, so that a network management system can deploy them in the correct sequential order, optimally applying these features to individual devices as well as across the network to create the target policy. Abstracting network functionality into these types of models allows network engineers to re-focus on the actual network architecture and focus less on the mechanics of the management of configuration data. These lead to a number of benefits:

  • Test, validate, deploy: The implementation and maintenance (DevOps) function is logically separated from network architecture and design (NetOps). For example, architects can define the features, domains and global settings needed for a given network infrastructure, assemble them into logical groups and resolve any interdependencies. They can then be tested and validated by, for example, the security team. The assembled features, domains and globals are handed over to the operational team, who will deploy them onto the network and manage them over their lifecycle.
  • Device anonymity: Device configuration is now a result of the functionality of how this device should perform, by itself or in concert with other devices. As a result, the actual hardware itself, its specific OS/firmware or even the manufacturer no longer matters, as long as the device is capable of performing the desired functionality.
  • Network engineering communities: Network modeling via the logical constructs allows for a wide exchange of best-practice reference designs based on common user requirements. Different teams of architects can exchange information about the models they use for specific network functionalities without having to revert to low-level configuration settings. This opens the possibility of creating network engineering communities that exchange specific models based on their desired use cases with clearly defined interdependencies and conflict resolution against other models.

Network Control and Automation
Developing a network management tool for today's demands will require the development of a sophisticated network-aware orchestration engine that is able to detect any interdependencies, resolve them and deploy network policies automatically over the network.

For this to happen, consider the following three non-technical challenges:

  • Users should be confident and willing to accept that the logical network model will, in fact, result in the correct configuration of all devices in the network. Many network engineers are still most comfortable with command line interface (CLI) created from scripts and templates.
  • The primary focus of network engineers is on proper device configurations and ensuring the device is performing as intended - not programming. Any next-generation tools have been designed with a network engineering focus in mind, allowing network engineers to use the system with a much shorter learning curve and minimal programming expertise.
  • Buy-in from NetOps and DevOps teams is vital, as they may be skeptical to trust device configuration to a new management tool.

Multiple technical considerations regarding next-generation management tools include:

  • Management for the high degree of customization needed.
  • Zero-touch provisioning to make the onboarding of new devices into the system as fluid as possible, allowing generalist IT staff to install routers and trigger device provisioning automatically.
  • Functionality that limits or flags unauthorized manual device configuration changes with automatic remediation when needed.
  • Configuration preview, allowing dry runs of new configurations to understand all changes that may have to be performed, even on other network devices when needed.
  • Step-by-step verification of device provisioning actions with automatic revert on errors.

Realizing the Dream
Enterprises can truly transform their networks with tools that provide complete abstraction of network functions while providing deeply integrated model interdependency verification, deployment previews and layer-by-layer provisioning. For example, replacing an existing device with a newer model, even if it's from a different vendor, can be detected and automatically provisioned. Such solutions that can resolve any potential conflicts and interdependencies, even across vendors, are becoming increasingly important as network devices are virtualized on common platforms and the individual strength of vendor-specific solutions are combined into one multi-vendor solution.

A framework like this will improve workflow among architecture and implementation teams, which will bring multiple benefits: higher reliability, elimination of configuration errors, quicker implementation of business requirements, and faster identification and recovery from network outages. The dream of reliability and cost effectiveness can be realized.

More Stories By Stefan Dietrich

Dr. Stefan Dietrich brings to Glue Networks more than 20 years of experience defining innovative strategies and delivering complex technology solutions. Before joining Glue Networks, he was Managing Director of Technology Strategy at AXA Technology Services, introducing advanced new technologies to AXA globally, and held senior IT management positions at Reuters and Deutsche Bank.

Stefan received a Ph.D. in Aerospace Engineering and Computer Science from the University of Stuttgart and served as a Postdoctoral Fellow and faculty member at Cornell University.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
Founded in 2000, Chetu Inc. is a global provider of customized software development solutions and IT staff augmentation services for software technology providers. By providing clients with unparalleled niche technology expertise and industry experience, Chetu has become the premiere long-term, back-end software development partner for start-ups, SMBs, and Fortune 500 companies. Chetu is headquartered in Plantation, Florida, with thirteen offices throughout the U.S. and abroad.
Dion Hinchcliffe is an internationally recognized digital expert, bestselling book author, frequent keynote speaker, analyst, futurist, and transformation expert based in Washington, DC. He is currently Chief Strategy Officer at the industry-leading digital strategy and online community solutions firm, 7Summits.
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data Practice. As the CTO for the Big Data Practice, he is responsible for working with organizations to help them identify where and how to start their big data journeys. He's written several white papers, is an avid blogge...
DXWorldEXPO LLC announced today that All in Mobile, a mobile app development company from Poland, will exhibit at the 22nd International CloudEXPO | DXWorldEXPO. All In Mobile is a mobile app development company from Poland. Since 2014, they maintain passion for developing mobile applications for enterprises and startups worldwide.
DXWorldEXPO LLC announced today that Dez Blanchfield joined the faculty of CloudEXPO's "10-Year Anniversary Event" which will take place on November 11-13, 2018 in New York City. Dez is a strategic leader in business and digital transformation with 25 years of experience in the IT and telecommunications industries developing strategies and implementing business initiatives. He has a breadth of expertise spanning technologies such as cloud computing, big data and analytics, cognitive computing, m...
In his session at 21st Cloud Expo, James Henry, Co-CEO/CTO of Calgary Scientific Inc., introduced you to the challenges, solutions and benefits of training AI systems to solve visual problems with an emphasis on improving AIs with continuous training in the field. He explored applications in several industries and discussed technologies that allow the deployment of advanced visualization solutions to the cloud.
We all know that end users experience the Internet primarily with mobile devices. From an app development perspective, we know that successfully responding to the needs of mobile customers depends on rapid DevOps – failing fast, in short, until the right solution evolves in your customers' relationship to your business. Whether you’re decomposing an SOA monolith, or developing a new application cloud natively, it’s not a question of using microservices – not doing so will be a path to eventual b...
I think DevOps is now a rambunctious teenager - it's starting to get a mind of its own, wanting to get its own things but it still needs some adult supervision," explained Thomas Hooker, VP of marketing at CollabNet, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Enterprises are moving to the cloud faster than most of us in security expected. CIOs are going from 0 to 100 in cloud adoption and leaving security teams in the dust. Once cloud is part of an enterprise stack, it’s unclear who has responsibility for the protection of applications, services, and data. When cloud breaches occur, whether active compromise or a publicly accessible database, the blame must fall on both service providers and users. In his session at 21st Cloud Expo, Ben Johnson, C...
In this presentation, you will learn first hand what works and what doesn't while architecting and deploying OpenStack. Some of the topics will include:- best practices for creating repeatable deployments of OpenStack- multi-site considerations- how to customize OpenStack to integrate with your existing systems and security best practices.
"MobiDev is a software development company and we do complex, custom software development for everybody from entrepreneurs to large enterprises," explained Alan Winters, U.S. Head of Business Development at MobiDev, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Agile has finally jumped the technology shark, expanding outside the software world. Enterprises are now increasingly adopting Agile practices across their organizations in order to successfully navigate the disruptive waters that threaten to drown them. In our quest for establishing change as a core competency in our organizations, this business-centric notion of Agile is an essential component of Agile Digital Transformation. In the years since the publication of the Agile Manifesto, the conn...
"We work around really protecting the confidentiality of information, and by doing so we've developed implementations of encryption through a patented process that is known as superencipherment," explained Richard Blech, CEO of Secure Channels Inc., in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Major trends and emerging technologies – from virtual reality and IoT, to Big Data and algorithms – are helping organizations innovate in the digital era. However, to create real business value, IT must think beyond the ‘what’ of digital transformation to the ‘how’ to harness emerging trends, innovation and disruption. Architecture is the key that underpins and ties all these efforts together. In the digital age, it’s important to invest in architecture, extend the enterprise footprint to the cl...
Leading companies, from the Global Fortune 500 to the smallest companies, are adopting hybrid cloud as the path to business advantage. Hybrid cloud depends on cloud services and on-premises infrastructure working in unison. Successful implementations require new levels of data mobility, enabled by an automated and seamless flow across on-premises and cloud resources. In his general session at 21st Cloud Expo, Greg Tevis, an IBM Storage Software Technical Strategist and Customer Solution Architec...
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, discussed the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
"We were founded in 2003 and the way we were founded was about good backup and good disaster recovery for our clients, and for the last 20 years we've been pretty consistent with that," noted Marc Malafronte, Territory Manager at StorageCraft, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Effectively SMBs and government programs must address compounded regulatory compliance requirements. The most recent are Controlled Unclassified Information and the EU's GDPR have Board Level implications. Managing sensitive data protection will likely result in acquisition criteria, demonstration requests and new requirements. Developers, as part of the pre-planning process and the associated supply chain, could benefit from updating their code libraries and design by incorporating changes. In...
Andi Mann, Chief Technology Advocate at Splunk, is an accomplished digital business executive with extensive global expertise as a strategist, technologist, innovator, marketer, and communicator. For over 30 years across five continents, he has built success with Fortune 500 corporations, vendors, governments, and as a leading research analyst and consultant.
No hype cycles or predictions of zillions of things here. IoT is big. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, Associate Partner at M&S Consulting, presented a step-by-step plan to develop your technology implementation strategy. He discussed the evaluation of communication standards and IoT messaging protocols, data analytics considerations, edge-to-cloud tec...
Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like “How is my application doing” but no id...