The big news from the 5G world was when new generation operator Dish chose AWS as its cloud partner. Dish is building a fully cloud-based standalone 5G Open RAN into a public cloud using AWS Local Zones and Outposts. Almost everything other than antennas and cables moves to the cloud. AWS will customize the platform for this purpose and edge platforms allow the service to be distributed close to users with delays of less than 10 ms. The AWS network is used as the backbone network between edge and data center. The cloud’s APIs and range of services facilitate service development, and it is hoped to attract business customers to Dish’s network.
This is a bold move and the first significant step towards a cloud-native operator since the pioneering work done by Rakuten. Dish spent 18 months comparing different options before ending up in AWS. AWS is involved in joint development, which means all parties have something new to learn and develop. The final network parameters will take shape over cooperation and time. Dish wants to keep the number of partners small and the architecture simple. Through AWS, Dish benefits from AWS’s other telco partners and expert services. In the background, however, there is a palette of former suppliers and technology choices. What happens to Vmware, Mavenir or x86 platforms, for example?
The benefit generated by AWS is also reflected in unit costs. Analyst says Dish’s network unit cost should be 25% of Verizon’s equivalent and should be able to win a significant number of customers. The target group is undoubtedly enterprises. The network building will begin this year from Las Vegas and 20% population coverage will be achieved by 2022. Later, 70% of population coverage is targeted.
The case is an interesting new world example of the modern operator. Dish jumps deep into the unknown. On the other hand, it has been testing or evaluating solutions for a long time. AWS is probably fully committed because it also has a big future in its hands. The cooperation pattern is interesting because there are no ready-made solutions and the service is formed along the way through practice. This is a modern iterative development. Both sides need to be flexible and compromise, but the result is probably good.
Recalling history, Dish still has 9 million CDMA subscribers, which network operator T-Mobile threatens to throw out when it shuts down its CDMA network by the end of this year.
What does a 5G network cost? The U.S. government has commissioned a report on mobile network pricing components and the FCC has released a detailed pricing report produced by Widelity. The price list contains hundreds of components and describes well the relationship between hardware and installation work. For example, a 50,000 subscriber 5G non-standalone EPC will cost $ 0.25-1.2M installed, depending on the manufacturer. The comparison is hampered by the fact that large buyers have their own discount prices and there are price differences between manufacturers. Also interesting is Nokia’s comment that the Open RAN solution is priced the same as the traditional manufacturer’s integrated solution. This has also been observed in fixed networks in whitebox and disaggregation models. Price is not necessarily the most significant competitive factor, but benefits must be sought from features and operating models, for example. The price can always be pushed down with large purchase quantities, regardless of the solution.
Now that masts have been largely outsourced to different ownership, the ownership model of network equipment may also change in the future. The mast operator can acquire network equipment and lease it on to network operators. The split investment and pay-off model are attractive. Perhaps this will further strengthen the division of infrastructure and service operators. In all IT, there seems to be the trend that infrastructure concentrates on few focused actors anyway.
What is the difference between 5G private networks and network slicing? A private network is a more independent and static campus network with its own authentication and authorization services managed by the company itself. The private network is usually limited regionally, for example to a factory campus where wifi has traditionally been used. The price is expensive, but the security is good.
Network slicing is a more operator-controlled entity that shares a virtual dynamic slice of the network for customer use. The network slice is defined by the IETF as an end-to-end logical topology with a service level objective. However, Slice also has its own management layer through which the customer can operate their own slice. Network slicing requires 5G standalone core, which so far are rare. The network supports a “handful” of slices that are limited by physical capacity. However, resources and features can be allocated dynamically according to usage. What it is then remains to be seen. The network roams throughout the public network area of the operator network, providing a comprehensive WAN dimension. The price is cheaper than in a private network. Network slicing and NaaS is 5G’s future monetizing model, expected to be a reality in a year and a half.
In Finland, the joint network of DNA and Telia will expand from the northeast to the Raahe-Loviisa line, covering more than half of Finland’s area in the future. Population coverage will double during the three-year construction project. At the same time, Huawei will be replaced by Nokia.
Elisa has stopped selling 10M and 30M VDSL subscriptions to small properties and the subscriptions in the rental network have been terminated. 50M and 100M subscriptions will continue to be sold when technically possible, meaning that the DSLAM is a few hundred meters from the property. ADSL has been down for a couple of years. A mobile network is offered as a replacement technology.
Fixed mobile broadband is an interesting service. Fiber has been assumed to be future proof, but in terms of price and availability, the market has begun to turn to mobile broadband. This is partly due to the heavy advertising of mobile operators, but consumers are also interested. Of course, the fiber has a different level of properties than mobile, but mobile is well enough for the basic consumer. Experience with 5G broadband shows a speed sailing between top speed and a tenth of it, but response times are good. Both the geographical location and the location of the antennas matter. It remains to be seen how the growing number of users affects the quality of service.
In the US, the experience with T-Mobile’s fixed wireless access FWA is similar. Underlying questions are about whether the network has enough capacity and will it meet the demand? T-Mobile says it will only sell existing capacity. The goal is to cover 70% of customers. In any case, the fixed broadband’s return is poor compared to a mobile subscription where T-Mobile makes 40 times the profit per gigabyte.
Uplink capacity is a major concern, especially now during telecommuting. The current downlink-uplink ratio of 10:1 does not meet the need that has shifted to a 5:1 ratio in a few years. According to a Comscope study, uplink capacity upgrades have been forgotten for the past ten years. The uplink capacity is so limited that there is not much room for bursting or growing. Last year, the downlink/uplink ratio peaked at 15:1 and has fallen slightly to 12:1.
Even Verizon says fixed mobile broadband is not a fiber-like service, but it is well enough for users. As good self-criticism, Verizon is proposing an improvement in advertising that misrepresents the speed and reliability of the mobile network. Fiber operators, on the other hand, emphasize the benefits of fiber, like capacity symmetry and reliability. Lumen’s strategy is to target fiber to urban areas where coverage peaks are already at 40% level. In reality, the way broadband is implemented depends on the region and its characteristics. Fiber and mobile will certainly work in parallel, offering slightly different connections depending on need and availability. Satellite does not actually compete with these but offers an alternative in more remote areas.
In a cable network, speeds increase to multi-gigabit speeds. The DOCSIS3.1 technology has obtained 2.2Gbps and the DOCSIS4.0 Full Duplex technology has achieved symmetrical 4Gbps in field tests.
Then a little price and speed data for subscriptions: What does 1GB of mobile data cost in 230 different countries? And what is the price of broadband in Europe compared to income? The Ookla Speedtest index for Finland shows that mobile data is relatively homogeneous and there are actually larger differences in the fixed networks. On average, the fastest fixed was Telia and the fastest mobile DNA. An OpenVault broadband study highlighted how upstream capacity utilization has increased by 63% last year. The pandemic and teleworking probably changed the use of capacity permanently and now frequency-based transmission methods are in distress when capacity needs to be reallocated from scarce frequency reserves.
In other network technology, Verizon is building a high-precision positioning system for one hundred major cities in the United States. Hyper Precise Location HPL improves the current 3-9 meter positioning accuracy to the centimeter level and also supports the vertical dimension. Precise positioning prepares for autonomous vehicles and drones as well as automatic operations, for example.
The US ATSC 3.0 TV standard includes support for IP traffic and multicast. Synthesis Cloud is planning a nationwide broadcast network and CDN on top of it, which would reduce the amount of unicast traffic on the networks. The problem is the high cost of building a separate network. More likely, 5G broadcasting will break through in the coming years and TV broadcasting can be transmitted over the same existing 5G infrastructure.
Cloud and SASE
There are new AWS releases for Macsec support in 10G / 100G Direct Connect. VPC Reachability Analyzer automates connectivity checks and problem detection between two devices within a VPC. Route 53 Resolver DNS FW adds firewall into the DNS service. The availability of Transit GW Connect is expanding in Europe. According to experiences, AWS Transit GW will be up and running in 1.5 minutes, while it will take 15 minutes to install from Azure’s corresponding Virtual Hub. Similarly, setting up a VNET / VPC connection in AWS takes less than a minute, while in Azure it takes 3-15 minutes.
A common design tip is to know the weak points of the cloud. Everything breaks down sometimes, so you should understand the single points of failure and avoid them. The problem is that whenever you remove a failure point, it adds complexity and cost. In other words, the goal would be to seek a suitable tolerable risk in which the business is running at a sufficient level. It is not IT’s own complete house of cards that is being built, but rather you should accept certain shortcomings and be satisfied with a good enough solution.
In the U.S., a man was planning to blow up the Internet by installing a bomb in an AWS Virginia data center. However, the FBI caught the man when he tried to buy explosives from a cover agent. The man received 20 years in prison. There is a persistent myth in the media that 70% of Internet traffic passes through Northern Virginia. This cannot be true. Although there is a lot of cloud capacity in the area, the amount is about 30-40% of everything. Only 9% of North American data centers are in Northern Virginia and only 23% of the world’s Internet capacity is even connected to the US.
With cloud services, the term “middle mile” has entered the market. What is it? It is a new segment that connects the company to the cloud but differs from the traditional operator WAN. The segment includes all operators and services that provide cloud connections directly or indirectly. SD-WAN is one part of this segment, but so is the IXP, private connections, or other connections of service providers. Greg Ferro describes well how the corporate network has evolved into a complex tangle with distributed cloud services and workforce and what kind of things companies need to ponder.
How do colo providers position themselves in this world of hybrid cloud? Equinix operates more than 200 data centers around the world and defines itself as an integrator that provides services to help customers use cloud services. Ouch, the hybrid cloud and the edge are full of terrible jargon that doesn’t reveal much concrete. Equinix can provide centralized already available connections to cloud services and bring the cloud services closer to the customer through its regional data centers. Equinix relies heavily on partner services to which it integrates its own technology.
Snarky statements have been extracted from the Linux Foundation’s State of the Edge report. If operators invest in a telco-edge, they need to be shown money and offered low-hanging fruits in six months. What even is the edge? The scale is wild, there can be a 9 magnitude difference between the smallest and largest implementation. Hardware is edge’s nasty thing. The best space, electricity, and connectivity are in data centers, but data centers generally do not provide cloud-level services. Much of the data produced by edge don’t even end up in the cloud. A good point is also that edge is also very much about operating a new kind of environment and providing a service.
When services are in the cloud, the network should also be able to cooperate with cloud-native applications. Cisco has initiated a software project to build a cloud-based SD-WAN (CN-WAN). Today, the SD-WAN is a separate component that sails in the dark without realizing anything about the applications. The goal is to make a reference implementation of how Kubernetes application metadata could control and optimize network traffic.
Oracle will sign up late to the SASE game, as it did with the public cloud. But it will still be one of the first public cloud SASE providers. The tactic is to use partners and invest heavily in the SASE portion in particular. In addition to previous partners Zscaler and Paloalto, Checkpoint’s Quantum Edge firewall feature has now been added. Oracle’s Talari SD-WAN can take advantage of Checkpoint’s firewall software. The OCI cloud already has SWG, CASB, and ZTNA features, complemented by a partner firewall feature. The distinguishing factor is how OCI can integrate session-level protocols such as SBC and SIP into SASE. The question then is who uses these protocols in the cloud or at all? Oracle seems to be a quite conservative platform itself or has its own genre of conservative clients to serve.
Vmware also packages remote tools into Anywhere Workspace. Versa Titan positions itself as a lightweight SASE product for small businesses which can be on-demand. 600 students have graduated from the Cato SASE certification and the certification can be completed free on the web.
The White House officially named the Russians the perpetrators of the Solarwinds attack. The Chinese took advantage of Pulse Secure’s critical zero-day vulnerability. The target was the partners of the US Defense Administration, but also Finnish government ICT centre Valtori. The attacks began as early as August 2020 and were found by FireEye earlier this year. Pulse vulnerability exposure can be checked with a published tool. The vulnerability can be temporarily blocked and a fix has now been released.
Another big attack happened in January to the Codecov software testing company but was discovered not until April. Codecov itself is a small 35-person company, but it has 29,000 customers with large and significant application vendors. Hashicorp, known for its infrastructure code tools, has recently registered among the victims. Malicious code may have been entered into Hashicorp’s programs, but no indications have been found. In this case, too, Codecov has heard its credit for poor security practices. The Bash Uploader uses the Bash script and Curl to upload the user’s CI environment variables, that is, all IDs, keys, and tokens, unencrypted to the Codecov service, and in this case also to the attacker’s server. Initially, the attacker entered Codecov’s service, apparently using leaked credentials during the Docker image creation process.
The Cisco Small Office Router RV series has a critical vulnerability, but it is no longer being fixed as equipment has dropped out of support and users are encouraged to upgrade to newer models. Cisco SD-WAN vManage also has a critical vulnerability that needs to be fixed. Users of FortiOS servers are warned of attacks by state actors. The Cring ransomware strikes industrial companies using a vulnerability in FortiVPN. There are several vulnerabilities in Aruba’s Clearpass Policy Manager that have been patched.
Namewreck vulnerabilities have been identified in the DNS implementation of the FreeBSD TCP/IP protocol stack and affect a wide range of millions of IoT and IT/OT devices. The study found that many manufacturers have difficulty interpreting DNS standards and the same error was present in most of their products. This raises the question of why the standard is written so poorly and vaguely that half of the implementations are faulty.
The world’s most dangerous botnet Emotet removal from contaminated machines was activated on April 25 as a result of international cooperation between authorities. According to Cloudflare Q1 statistics, the highest number of DDoS attacks were targeted to service providers. The rising trend was the use of the QUIC protocol per Jenkins and Teamspeak3 servers. There are few large attacks and 97% of cases are smaller than 1 Mpps or less than 500 Mbps. The duration of attacks was also less than an hour in 90% of cases. Akamai talks about a fairly unknown attack using the DCCP protocol, which in practice is rather rare because the protocol is not commonly used. There are an estimated 20 million routing loops on the Internet in almost one in three AS domains. It’s just because the packet bounces between two routers when routes point in opposite directions. However, depending on the TTL of the packet, they can act as more or less amplifying DDoS attacks. By using 6 Mbps of UDP base traffic, the 10G link can be filled up and 60 Mbps is enough to fill the 100G link. Routing errors should be corrected by each operator and there are also free tools for detection.
According to the Verizon Mobile Security Index, businesses continue to fail in the basics. These include changing the default password, encrypting data, restricting access, and regular security testing. According to a SANS study, the concerns about accidental cloud misconfiguration increase, but in reality, less than half of those concerned have actually made a mistake. The number is still large and reflects the impact of agile changes in complex environments.
Equipping a smart factory with sensors and controls exposes it to threats. According to a study by Trend Micro, 61% have suffered from security problems in smart factories and 43% have suffered downtime due to attacks for several days. Development is ongoing and joint guidance and cooperation would be the most effective way to raise standards and prevent risks.
Microsoft has released the open-source cyber-attack simulator CyberBattleSim, which it uses to illustrate how AI can analyze and prevent attacks.
All devices connected to the Internet are exposed to threats and therefore devices usually need to be hardened in some way. The protection of Mikrotik RouterOS and the hardening of the devices are thoroughly covered in the video and presentation. Linux runs in the background of many devices and hardening it is complex and hard work. In the disaggregation model and open-source environments, hardening usually has to be done by yourself. The user can outsource the hardening work to a vendor, who will handle the it in their own way. However, it does not remove the user’s responsibility for the vulnerability of the infrastructure. While the work is outsourced to the manufacturer, some features are abandoned. This tradeoff is good to keep in mind.
Do low latency switches really matter? I have never understood what it means to shave nanoseconds in the world of High Frequency Trading. In HFT, everything from applications to the operating system and infrastructure is certainly optimized, but really, what ten or a hundred nanoseconds can affect in the whole system? At least for us mortals, it is irrelevant, because there is always far more delay in the infra-application layers than in the network switching. The transmission delay over long distances still matters.
Low latency switches are advertised for storage traffic use, but losslessness is also important for disk protocols, so even large buffer switches are profiled for storage switching. Fast switching and buffering are opposite, and in general, buffering is considered worse in TCP traffic than quickly dropping packets. Let the protocol handle retransmission quickly. It can now be officially said that FCoE is dead. No one is marketing it anymore and the user experience turned out to be bad.
Rumors say AWS is designing its own switch ASIC and is also expected to happen. AWS, like many others, has a commercial difficulty with Broadcom and the pressure for another solution is strong. Old Broadcom introduced merchant silicon to the market and committed customers to the products. According to speculation, the “New Broadcom” brought by Avago wants to price products more aggressively and benefit from the bottomless wallet of hyperscalers. Something about the scale tells the fact that a typical cloud data center has 100,000 servers that require about 4,000-6,000 switch ASICs. In total, AWS could have 480,000-720,000 switch ASICs on its own network. With this scale, you can easily justify more cost-effective solutions and own product development. AWS makes its own network operating system and can port it to any platform. However, designing ASICs is a very special job and AWS also needs outside help. Speculation is to use the people of Annapurna Labs acquired in 2015 or buy Xsight Labs or Innovium.
Cisco has many different network operating systems, a little too many. Here’s an explanation of them all using the cows.
Openflow wasn’t a real success, but it led us to new kinds of things. Centralized management and APIs were the main contributions to the subsequent development. The development of Openflow started with the control plane, but it also resulted in the programmability of the data plane and later a common P4 language. There was also pressure to make the configuration interface programmable and it resulted in gNMI, which replaces the traditional CLI. Nevertheless, Openflow created SDN and good interfaces opened new possibilities of fully software-based networks.
New concepts have been introduced to building networking lab. Containerlab is a platform for container-based network devices where you can quickly set up a virtual network. The platform can also boot traditional virtual machines. Netsim-tools is a virtual lab setup code based on Ivan Pepelnjak’s work on Vagrant, Libvirt and Ansible. It can be used to quickly create your own topology based on the descriptive YAML files. Support for routing protocols and manufacturers is quite comprehensive.
Once again, x86 hardware has got grand performance numbers using VPP: 1 Tbps and a billion packets per second on the server. VPP is an open-source version of Cisco’s Vector Packet Processing technology that can run high-performance packet forwarding on x86 hardware. So what do you do with this? VPP can be used to build powerful software-based network and security functions such as firewall, VPN tunneling, SD-WAN, or SASE.
According to statistics, 100G is now the most popular speed in data centers. The number of 100G ports shipped exceeded the number of 10G ports. Arista grabs nearly 40% of the cumulative branded switch shipments and Cisco takes 40% of the profits, respectively.
Interesting information from Japanese operators says that cosmic rays cause 30,000 to 40,000 network failures a year in Japan. The failure occurs when cosmic rays meet atmospheric oxygen and nitrogen, releasing neutrons that collide with electronics, corrupting them. Many of these soft failures are corrected on their own after a while with protective devices, but in more serious cases, the devices also might get crash and can cause bigger problems. The number of problems, of course, increases as the number of electronics and dependence on it increases. Finding the causes of the problems and inventing the means of resistance is difficult because the disturbances are not reproducible.
Telia Carrier’s podcast series has a lot of good topics and guests that give you an idea of where the networking industry is going and how the world is changing. In Episode 11, the guest is Tom Hollinsworth discussing about everything related to networking.
In protocol development, Microsoft has improved the QUIC protocol and got its speed more than quadrupled to 8 Gbps. What is the usage of HTTP/3 and QUIC and are they really faster? Daniel Stenberg gives some answers to slightly obscure questions on his blog. At the same time, this Curl developer got his code on Mars with a Nasa helicopter. Before that, there was a stupid episode when the developer had to prove Nasa where and how the open-source program was developed.
A good Twitter thread on MTU issues will find out what’s involved in this complex matter.
Companies and products
Arista is looking for a broader market position with a holistic view. The campus was the first opening to a wider market, Cloudvision management sought to automate networks, the capabilities of switches were expanded to meet routing needs, and now security features enhance the use and usefulness of products. Although Arista is a software company, its products are based on powerful hardware. Arista is not going to join the fashionable subscription-based licensing model. The aim is to expand the customer base and thereby reduce dependence on Microsoft and Facebook.
Better visibility has been added to Cloudvision management through analytics extracted from telemetry data. Artificial intelligence seeks to learn anomalies and perform automatic corrections. The management model based on wifi has been extended to the entire network. The Studios feature brings workspaces that create workflows for different purposes. The workflow abstracts configuration changes using a data model, which helps to manage larger changes and improves the quality of changes and user experience. Cloudvision has expanded from data center use to a network-wide tool and is now available in both on-premises and SaaS versions.
Arista’s danger is to combine all possible functions and different applications into one product. Cloudvision can get lost to its own complexity. One all-encompassing management product may operate in the SMB sector, but small businesses are not Arista’s target group. For larger ones, it has often been proven that the customer wants to choose good and suitable components for network, management and security separately.
Arista also introduces the seven-level ACE certification program. The lowest levels require five days of training and only the top two levels can be obtained by simply passing a practical test. The training tries to emphasize good solution practices instead of just knob information. The program also attempts to match certification levels to different job roles.
Juniper surprised with the good performance of the operator business, but the Mist AI enterprise solutions have also sold well. The share of the software sell has been significant and Juniper now has software to offer for all product families. The acquisitions of 128T, Apstra and Netrounds have been good and Juniper is in the best position in terms of credible technology and automation strategy. The problem, however, is that Juniper doesn’t know how to execute and bring out this good story better. Compared to Cisco sales and marketing, Juniper’s story is lukewarm coffee.
Cisco has worked hard to move from hardware to software and solutions, and it has worked. Cisco’s strategy is to bring all products as SaaS model for purchase under the Cisco Plus concept. The first one is Cisco Plus Hybrid Cloud service which includes servers and storage with on-demand billing, support services and flexible design and installation services. The first NaaS service will be Cisco Plus Umbrella, or SASE service later this year.
Cisco has also teamed up with Appdynamics and Thousaneyes to combine application and network visibility. Appdynamics’ SaaS service is now more widely available from the AWS cloud.
Prosimo, the new company of Viptela’s founders, focuses on integrating the infrastructure into multi-cloud applications. The new category is called Application Experience Infrastructure AXI. The product optimizes application and user communication and combines infrastructure management, SLA and security into one entity. Sounds very similar to what multi-cloud applications do in general.
The paths between Dell and Vmware will finally differ when Dell sells its most profitable part Vmware, which it bought in 2016. So now one of the largest technology acquisitions of all time is being canceled. The strategic partnership remains, but Vmware can better execute its own vision. Dell will pay off its debts. Outside the change is hardly visible.
The difficulty of getting chips is now beginning to show in reality. The delivery time for Qualcom’s wifi6 chips is said to be 40-64 weeks. Broadband operators have router availability problems and they are running out of stock of devices. Getting new equipment is starting to delay deliveries and network building.
In addition, the graphics processors used to mine cryptocurrency consume capacity from component fabrication and delivery. Even custom-built chips are already being made for mining. Prices are rising and in Finland, local resellers Telia and Gigantti have already canceled graphics card orders.
The common view of the manufacturers is that the component shortage could last until 2023. Intel’s investment in the Arizona plants will not help much. Anyway, capacity building is slow and there is no quick fix. Nvidia has a slightly brighter view already next year.
The updated NIST RPKI Monitor provides statistics on the situation of RPKI usage on the Internet. There are a few risks associated with the use of RPKI, which can be addressed also.
The appearance of millions of Pentagon IP addresses on Internet routing just after Trump step down was widely surprised. It turned out that the addresses had been given to an outside company, Global Resource Systems, which, vaguely expressed, that they pilot the development of cybersecurity. AS80003 advertised 175 million addresses, making it the second-largest AS in the world after China Telecom.
RIPE Labs is once again investigating whether the internet is routing around the failure. The case was the LINX outage in London. Coincidentally, breaks in large IXPs appear to occur every three years. In any case, after the fault, the routing is confused for a while but quickly moves to alternate routes that use mainly mutual peerings. The RIPE stat monitoring service turned 10 years old. It is a handy tool for tracking internet routing.
Internet BGP routes can also get stuck when the router for some reason misses a route withdraw. BGP zombies are being shown in the study more than one day in a sample of 27 prefixes. In some BGP implementations, the interaction between the hold timer and the TCP window becomes a problem. The proposal is to add a second timer to the BGP that could notify the neighbor that the peering should be shut down.
Major projects are underway in submarine cables. For Europe, EllaLink from Portugal to Brazil and CrossChannel Fiber from Paris to London under the English Channel are significant. Content providers are big cable owners and builders. They make them for themselves, but also sell to others or are partners in the cables of others. Here is a list of all submarine cables from content providers (Amazon, Facebook, Google and Microsoft). The Australian Bureau of Meteorology would like to have a submarine cable to Antarctica because satellite capacity is causing problems for research activities. The problem with the cable, however, is the icebergs.
IoT craze can be read in the Reddit discussion, where it was found that the LG dryer generates more than 1 GB of traffic per day to AWS. There seemed to be no clear reason for the traffic.
Awesome Network Automation is a collection of information about network automation. Version 1.0 of the Nautobot SoT and automation platform has been released. Ansible modules and documentation are also available. Here is one good example of using the open-source Batfish verification program to analyze network configurations. Batfish was able to dig up and combine vlans, prefixes, sites, and device hostnames from the network for entry into the Netbox.
Single Pane of Glass SPoG products have evoked emotions in the community. Manufacturers began to ease the complexity of management by bringing single-view products that would be easy to manage and monitor the network at a glance. But networks, environments, and operations are becoming more and more complex, and the usability of a single pane is starting to be poor. Therefore, it must be accepted that we have more point tools that are good for a particular need. The overall solution can be the integration of different products or views, which in turn requires manufacturers’ support for the integration interfaces, as well as the user’s own integration expertise and work. Here is a good wish list for a suitable tool that manufacturers should read carefully so that the product does not become SPiN (Single Pain in Network).
Management products move toward abstraction, where the actual configuration is faded into the background and the user defines the target state (intent). Abstraction can be used to better support a variety of devices and manufacturers, as well as to define workflows and orchestration more broadly. But at the same time, it requires standardization and a better definition of network functions and features.
Coordination of project work is also an important issue that requires development because the organizational work already takes more time than development itself. Software code and applications are playing an increasingly important role, and at the same time, the number of both code and developers are expanding enormously. Especially in open-source development, the effort has to be put into how to organize development work efficiently so that the products are of high quality and reliable to use.
The gaming company Roblox has built an impressive probe monitoring into its own network to detect packet losses and latency. Now, 100 million measurements per minute are made on the network, and agents can be used to find very accurately breaks lasting under one second and packet loss for one path at the level of one in 6,000 packets per minute.
MLB has opened its automation and monitoring tools and practices of the media network used in its baseball stadium productions. MLB has traditional SNMP monitoring but also a new Kentik flow analysis platform running in the cloud. In addition to the network, the environment includes a multi-cloud environment which connectivity can be tracked too. Data collected from different sources and through different methods are combined into a common modern observation platform, where the information is enriched and business-specific metadata is added to it. A good point is the importance of business as a unifying driver between different IT functions. One team is responsible for the entire IT stack and the most important is the top-down commitment to aligned business goals. This needs also the change of mindset and collaboration skills. Good tools make it easier to practice at work. Jeremy Schulman’s advice on building your own tools is to think of yourself as an expense. Buy a commercial product when it’s available, only do it yourself when you absolutely must.
Cisco Live was held online, and as a result of signing up, I found myself reluctantly joined a mailing list of at least ten partners. Here is the Cisco Live aggregate provided by SDxCentral:
- Cisco Live Champions Simpler, More Accessible Future
- Cisco Tackles Cybersecurity’s Biggest Challenge
- Acacia Plays Starring Role in Cisco’s Flattened Infrastructure
- Cisco: Spectrum Auctions a Deterrent to 5G Deployments
- Cisco Duo Debuts Passwordless Security
- Cisco Melds ThousandEyes, AppDynamics for Full-Stack Observability
- Cisco Webex Updates Put People Over Productivity
- Cisco Eyes Full Stack Connectivity
- Cisco Jumps Into NaaS Arena
NSDI ’21 technical sessions have a lot of research information and relevant issues to think about in network design and implementation.
The Technical Exploration Forum of the Ethernet Alliance has discussed the development of Ethernet. Next, the look is on the 800G and 1.6T specs, but the power and cooling limits come up. Faster 224/448G lane speeds require co-packaged optics, which in turn means adding optical circuits to the devices and the arrival of new smaller cables and connectors. 400G took 4 years to develop and the new speeds still require a lot of development and testing and might be still 5-6 years away. Due to communication bottlenecks, the distributed network again seems to be collapsing back into fewer layers and boxes. The next few years will see more use of co-packaged optics (CoPO) in switches.
IBM named its spin-off infrastructure company Newco as Kyndryl and redeemed its place in the list of worst-named companies. The name is pronounced “Kindril”, which doesn’t sound as bad as written and pronounced in Finnish with y. The name is based on the words kinship and tendrils. Quite descriptive things for an IT service company, right? The letter Y is associated with real partnership and growth, which better matches the company’s mission. Kyndryl is also known as a Warcraft hunter character.