What's next for the network?
We’ve come a long way in just 40 years since the first ethernet network was created. That same year, the first mobile calls were made, ushering in the era of mobile data. But what’s happening today and what’s next?
Back in 1973, Bob Metcalfe looked at the office he was working in at Xerox PARC in Palo Alto and saw a problem. There were a number of computers and other devices in close proximity but there was no way to transfer data between them. Connecting a computer to a printer was not a trivial exercise. So the original design of ethernet was born.
Today, connecting devices is only a small part of what networks are all about. Our needs are far more complex. Networks are required to connect the people and systems that come together as part of complex business processes that often span continents.
So are the networks of today equipped to deal with our increasing thirst for connectivity? Is there something that has to change? Is it just about better speeds and feeds or do we need to rethink our definition of how networks are designed, deployed and managed in order to quench our needs for the next decade?
We will no longer measure our network’s performance by the ability to connect or by simple response times. The critical measures will be associated with application availability and performance. So boasting that the network is rated at 1 Gbps won’t be adequate. The measures will be around execution of business processes and application performance in increasingly fragmented networks where users shift between fixed connections, wireless and carrier networks.
Dinesh Divakar of Alcatel Lucent said: “People are accessing applications with unpredictable bandwidth requirements. We’ve gone from looking at simple email to social media, video - people are posting to YouTube. The network needs to be ready.”
This is a significant change for IT decision-makers. In the past, network traffic was predictable. Applications were designed with fixed connections that assumed they would execute within a network that offered constant connectivity. And we are no longer thinking about connecting devices - the focus has shifted to bringing together people and services.
“If you look at today’s world, the applications are not sitting on the network. They’re sitting in a data centre or they could be in the cloud,” Divakar added.
The CIOs of today see the network in a very different way to their predecessors. Michael Schipp of A10 Networks said, “Companies are expecting higher value for their money - less CAPEX and OPEX - with higher flexibility.”
That desire for new levels of flexibility is causing a profound impact on how networks are even conceived.
“What we’re talking about with our clients is their hybrid, multilayered strategy in their enterprise. It’s how they can handle their current and their future requirements,” said Paul Tyrer from Schneider Electric.
The network will move beyond the office walls. CIOs will need to create a seamless experience as users move from the office to the outside networks. “We are moving from a multilayer network into a virtualised network,” said Divakar.
Over the last year or so, it’s become clear that software-defined networks (SDN) are making the move from theory to practice. Although the transition from today’s world is not simple, we’re observing a shift in the market. As Schipp put it, “SDN is shaping up to be a technology that changes networking industry discussions from ‘let’s move packets’ to ‘let’s control a conversation’.”
“Software-defined networks are the ultimate, where people are making sure the networks are application-aware for optimised delivery and performance,” added Divakar.
Unlike quality of service (QoS), where traffic through specific ports is prioritised, SDN allows traffic to be managed at the application level. This gives businesses the opportunity to optimise service delivery in a far more granular way. It’s all about making the network more intelligent. That’s an important distinction and one that has far-reaching consequences, not just for network traffic management but for security.
Layer 7, or the application layer of the network, is now the new threat surface. Whereas in the past, miscreants would launch attacks by pummelling the firewall or other network interfaces with traffic, they are now targeting applications.
Robert Pizzari from F5 Networks said, “The challenge now, if you look at it from the threats and the types of attacks we’re seeing now, firewalls are missing Layer 7 attacks.” These are things like SQL injection attacks that don’t attack through the network directly but work by exploiting vulnerabilities in applications that are otherwise trusted on the network.
Gartner research suggests that about 15% of DDoS attacks will be at the application layer over the next year.
“With application DDoS, a request comes in that’s a valid request, or appears to be valid but it’s incomplete. The server holds the session open and the attacker continues to send incomplete responses before the server discards the previous requests, causing a drain on system resources that impacts application performance or availability,” said Jan Poczobutt from Barracuda Networks.
BYOD (bring your own devices) is a significant element of the network security discussion.
Schipp said, “Any BYOD device is always a security concern due to the unknown security posture of the device, coupled with the complexity of performing end-to-end security with NAC/802.1x and with multiple vendors. The same is true with mobile devices - end users want to use their handhelds of choice, which can differ from what the company may typically offer. Security at this point then needs to be deployed in a place that sits between the end devices and the networks, and that can process huge amounts of traffic in the quickest possible time.”
Greg Tompkins of Ipswitch Networks said, “BYOD is a driver for change as companies believe they can save money by letting their employees bring their own laptops to work and give them to access applications from smarter mobile devices that are becoming more and more convenient and intelligent.”
Incredibly, if we look at some of the security challenges and issues, it’s really a combination of attacks that have been around for 10 years that are still extremely popular and still being used. For example, SQL injection attacks on applications have been significant for almost a decade, and application DDoS attacks are also significant.
“If an organisation hasn’t figured out that it’s their application that connects to customers, their application that connects to partners - the availability of the application environment has to be designed around that,” said Pizzari. It’s no longer about infrastructure availability - it’s about service availability.
BYOD also means managing dual personas as users have a single device that accesses both their personal and business applications. “iPhones and iPads share common resources, they access rogue Wi-Fi access points in the wireless airspace, and while in personal use they can present a security vulnerability as they are more likely to be exposed to malware and compromised,” said Tompkins.
Another challenge is the sheer number of connected devices. In many homes there are in excess of 30 devices connected to the local network. And many of those devices aren’t computers, tablets or smartphones. Household appliances such as TVs, Blu-ray players, fridges, air conditioners and other ‘smart’ devices are contributing to the ‘internet of things’ - where devices that collect and send data are part of the network fabric.
This presents new challenges for network architects and managers.
“Everyone talked abut moving from analog to digital as a big technology change. The real benefit was the efficiency of getting content through. But the move from circuit-based to packet-based communications was far bigger. It has enabled to any-to-any connectivity,” said Andrew Findlay from Vertel.
Perhaps the most significant change to the network has been the proliferation of wireless technologies. Over the last 15 years, cellular communications have made the jump from GSM data to GPRS and then to 3G and now to 4G/LTE. And, in parallel, the local network has been revolutionised by Wi-Fi.
Findlay said, “Wi-Fi has been a very convenient way to hook up some printers and people who are mobile in the office. But if you look at what is happening with the development of the 802.11u standard, the heterogeneous networks concept that blurs the line between having a fixed network and a Wi-Fi network, this will change the types of services you’ll have for staff and guests. And how do you make that secure?”
Network devices, be they wireless access points, routers, switches or any other appliances, are now simply portals that connect users to the services they need. The idea that the wireless network and the wired network are different is no longer valid. Connectivity is critical.
“There is a fundamental shift in what we can do with that connectivity,” Findlay added.
The challenge of cellular connections, even over newer LTE/4G networks, is their inherent unpredictability.
Alex Caro from Akamai said, “You might be getting the full promise of LTE if you’ve got line of sight to the tower; the reality is that for the most part your connectivity varies quite drastically depending on your actual position. So you have to make sure that you can adapt to the connectivity that your device is seeing right now.”
That means enterprise applications need to be able to handle transactions where connectivity back to the central systems may disappear while data is being exchanged. This has resulted in a change in priorities for IT departments.
“KPIs about network reliability, which are sometimes the bread and butter of IT departments, are a lot less meaningful than ensuring an application is accessible and acceptable,” said Tompkins.
All of this is happening in an environment where IT departments are trying to develop and deliver “an architecture that is a hybrid of the traditional data centre that they own and manage, and applications that they run out of the cloud. What they’re looking for is a consistency in performance,” according to Caro.
All of this leads us to one essential truth - the days of designing applications with the assumption of a consistent network experience and that users will be connected over known interfaces are behind us.
“Most IT organisations have come to recognise that the network is the critical delivery platform for all kinds of IT services. By focusing on the performance and availability of the applications and IT services instead of each piece of the infrastructure, IT is better able to support users and business priorities,” said Tompkins.
The decision to dump 21st-century fibre and cobble the nbn together using old copper wires and...
NBN Co has announced a new engagement model for the corporate sector, agreeing to calls from the...
If we don't start fixing the nbn now, it may never become financially viable and the taxpayer...