Exclusives Featured

State of the Industry: Network Analytics

Welcome to the first State of the Industry post for Gestalt IT. This is a weekly series where our staff gets together, talks about what seems to be percolating within the enterprise IT space, and puts together a look at a few relevant stories. We consult with experts in the field to get their opinions, and bring it all you you in a concise post. Thanks for joining us!

State of the Industry: Network Analytics

It was a movie, get it!

Analyze This ][ Image Credit: Andrew Hart

After attending my first Networking Field Day last week, network analytics played heavily into the presentations. I saw a variety of approaches. Two companies exemplified the two ends of this increasingly important field: SolarWinds and Forward Networks.


SolarWinds represented what I would call the ground level approach to network analytics. I sat in on their presentation for Networking Field Day and saw them go over their NetPath tool. The UI looked a little spartan and with good reason, it has only been out of the lab for a few months, and is on a 1.0 release. What really grabbed me right away about NetPath was that I immediately understood it. That might sound weird right? But I’m not a networking guy, when the presenting Product Manager, Chris O’Brien said “NAT is dirty”, and there was a mild murmur of laughter, I was quickly Googling what that even meant. So when I saw their NetPath diagram of a network and I had some understanding of what was going on, that’s a major compliment to its intuitiveness.

Essentially NetPath is meant to offer the live path mapping for a network engineer. This is done with in-network probes being sent out over a Windows box on the network every ten minutes. I think there was some skepticism in the room about how effective this would be outside of an internal network without some kind of bilateral response, but it did offer a really complete view. This is all represented graphically with a simple wire model of the network, color coded to show where latency issues come into play in the familiar red, yellow, green scheme. It was quite effective. It seemed like all of the tools built into NetPath for diagnosing issues all led back to the network map, so even if I got lost in the weeds, it was always compared back to something I could see.

I spoke with one of the delegates, Jody Lemoine, after NFD was over to get his impressions. He seemed impressed about where the product was at this early in its development. His main problem with the implementation was concerns about scale, not on a technological level, but in terms of cost. By sticking with a Windows-based mechanism for the network probes, Jody sees their solution getting a fairly expensive with this model. We didn’t hear any mention if SolarWinds was looking into Windows IoT, which could really open up their model to more organizations. The other limitation he saw was being limited to TCP, as something as sensitive to latency and packet loss as UDP might make an ideal candidate for NetPath. Overall though, after playing around with a trial of NetPath, Jody and I were singing a pretty similar tune in liking what we saw.

The one thing that struck me about NetPath during the presentation was how it was framed by SolarWinds. In the typical product pitch scenario, they laid out what the traditional problems for network engineers are, and then proceeded to tell us why all the existing tools were inadequate. But in presenting NetPath, they couched it as a kind of a perfection of existing tools. It was doing what you always wanted traceroute to do. This isn’t a bad approach to analytics. Those tools, with all their flaws and limitations persist because there is at least some baseline utility. But I also saw a very different way to view network analysis that put this is stark relief.

Forward Networks

Forward Networks is trying a very different implementation from SolarWinds. I don’t even think it’s fair to call it a top-down approach, it’s rather an Idealized view of the network. If you haven’t heard of Forward Networks, don’t worry, they’ve been out of stealth for all of two weeks, and coverage about what they are offering is just starting to roll out.

Forward Networks doesn’t care about the active traffic going through your network, at least for analysis. To them it misses the greater opportunity. Instead of looking at what’s actually happening in any given moment, they’d rather already know how a given packet is going to behave. What they propose is extremely ambitious: mathematical verification of your network. So what does that mean in practice? They map out the topography of a given network, looking at all the devices on it, and map every possible location a packet can go. This is being constantly updated as the network changes.

This network path depends on a few things. Forward Networks needs to keep an updated profile for each network device, every router, firewall, and other appliance, to be able to do this accurately. While the differences between interactions of vendor products is fairly minimal (according to Forward), it’s still incredibly ambitious to stay on top of this! If they ever fall behind on this, the utility of their solution would be dubious.

Forward is not exactly humble in how they view their product. In fact, they compared the impact to what Google did for search. They want to remove the human guess work from analyzing your network. All of the language is pretty lofty and honestly sounds impressive. I asked David Varnum if this was hype or legitimately impressive. He told me that this isn’t going to be Google search. In fact, while their approach might be completely out of left field, the end result is actually not too far off from other analysis tools out there. But he said they are wrapping all of this together in an intuitive and comprehensive interface. That struck me immediately too. Similar to SolarWinds, their visualization made the network analysis at least seem approachable to me. I can imagine this being a huge boon simply as a communication tool for network engineers.

Once they know where every packet can go, Forward has some unique policy-based tools to help you do something with that information. Tom Hollingsworth pointed out to me just how useful this can be. Imagine you’ve got data that falls under HIPAA protections, and you need to make sure it’s not hitting certain servers. Forward Networks policy tools can instantly alert you if a change in configuration to the network would even allow a packet to flow to forbidden locations. I think what struck a lot of people with Forward Networks’ solution is how this allows for proactive analysis instead of waiting for problems.

That being said, David Varnum did raise some questions. As far as we know they haven’t debuted any POCs in an enterprise yet. David also had serious questions about cost and the ability to model code releases for network devices in software. That’s why for me its an Idealized network analysis tool, we’ll have to wait to see how it deploys in a real world scenario.

Going Forward on SolarWinds

It’s clear that network analysis is only going to get more important over time. As evidenced by our meeting with Forward Networks at the Andreessen Horowitz offices, there’s a lot of VC money being poured into the space. Based not these two approaches, I’m not sure which is going to come out on top. To simplify it a bit, SolarWinds seems to want to perfect versions of tools network engineers are already comfortable using. Forward Networks wants to offer a tool no one had ever thought was possible. Ultimately, whether one is “better” or not will probably come down to which people prefer to use. Clearly we’re moving to greater abstraction, obscuring raw data with easier visual digestibility. Maybe the truly successful solution will be the one that most easily allows users to move through the spectrum of abstraction the smoothest, giving a useful visual overview, while being able to drill down into the hard data quickly. I think 2017 is going to give us plenty of options to chose from.

About the author

Rich Stroffolino

Rich has been a tech enthusiast since he first used the speech simulator on a Magnavox Odyssey². Current areas of interest include ZFS, the false hopes of memristors, and the oral history of Transmeta.

1 Comment

Leave a Comment