Latest Stories
M1 Max MacBook Pro and External Display: When Productivity Becomes Frustration Social Media Limbo kamshin.com on hiatus Some thoughts on the new MacBook Pro Opportunities And Challenges With Personal Health Data – Looking at Garmin Data

kamshin

  • Home
  • All Posts
  • Categories
    • General
    • Tech Field Day
    • Storage
    • Nutanix
    • Certifications
    • Conferences
    • Worth reading
    • Design
    • Rants
    • Active Directory
  • Media & Press
  • Podcast
  • About me
    • About me
    • Where is Max?
    • Disclosure & Policies

Forward Networks: Bringing Sanity To A Network Near You

February 6, 2019

FacebookTwitter

Networking isn’t exactly my cup of ristretto. When I’m invited to events such as Cisco Live, I’m usually the quiet guy (unless it comes to storage or cloud) in the room trying to understand what the heck is being discussed. But once in a while, there’s a presentation outside of my comfort zone that will make me go “Wow!“.

At Cisco Live Europe 2019, everybody among the Tech Field Day delegates will agree that Forward Networks had the best presentation in the event. It’s not a small feat to awake my interest in a topic I’m estranged with, especially in “adverse” conditions (cold-stricken, lack of sleep, early morning…).

Forward Networks

Forward Networks was founded in July 2013 and is headquartered in the Silicon Valley. It was founded by four Stanford Ph.D. graduates with “an extensive background in networking architecture who had done pioneering research in SDN” (quoting their website).

From a funding perspective, Forward Networks is currently in Early B Series. The company received a B round funding of 16 million USD in August 2017 by DFJ (including Andreessen Horowitz and A.Capital Ventures). The total funding is 27 million USD according to research done on past PR releases.

The Idea

Forward Networks launched their initial product, Forward, in November 2016 when they went out of stealth. To oversimplify things, Forward Networks scans the infrastructure by reading configurations on devices, which allows it to understand not only the network topology, but also traffic rules and any access control lists / firewall rules.

This helps Forward Networks establish a clear understanding of “how the network functions”, or rather how it was designed / intended to be. That’s a very important thing because there can sometimes be a bias between the intent (how things should work) and the reality (here’s how it’s actually working because of X, Y and Z design decisions).

In this context, existing heterogeneous network infrastructures (made of many products & brands) are uniformized into a vendor agnostic abstraction layer that classifies these devices as standardized objects (switches, routers, load balancers, firewalls etc.).

Once the abstraction has been created, a “mathematical model” is applied via Header Space Analysis – a static method to check network in the context of reachability, traffic isolation, leakage problems and forwarding loops (I didn’t have the time to read it all, but bookmarked this as an interesting reference on HSA). Then, a “data model” of the environment is created by using normalized configuration descriptions, via an openconfig based schema.

Once this level of abstraction is in place, the environment is in a state that is understood by Forward Network and the product features (described below) can be used to take action if and when needed.

The Product

There are currently two editions available: Forward Essentials and Forward Enterprise.

The Essentials edition is free and delivers automated network mapping, device inventory tracking and reporting, network-wide search, and change management tracking. In essence, Forward scans the network estate in a non-intrusive fashion (using read-only access) and establishes a map of the existing environment that is updated on a regular basis. Each “refresh” of the existing environment is captured as a point-in-time snapshot, which can be helpful to identify any changes in case of troubleshooting.

Because it scans the entire infrastructure, it is also able to maintain an inventory of the network infrastructure that is searchable – and that goes to the next feature: configuration files can be searched across the estate.

The paid Enterprise edition brings the feature set to the next level. One could say that the Essentials version helps figuring out better how one’s environment looks like, while the Enterprise version really helps on a day to day basis.

The Enterprise version augments the Essentials version with four features:

  • Verification
  • Prediction
  • Comparison
  • Automation

Verification allows to set, check and customize policies across the network. You may for example use certain network zones for traffic segmentation, and want to make sure that no traffic between these zones is allowed. Creating the adequate policy will allow Forward Networks to verify if this policy is enforced, or if there is any change made to the traffic rules that causes the policy to be violated (for example, someone decides to put an ANY:ANY rule in the middle for whatever reason).

Prediction is a sort of “what-if” analysis tool. It simulates how network configuration changes impact the network if they were to be implemented, but allows to do so in a non-intrusive fashion which is extremely useful to model traffic flow as well as any potential connectivity issues.

Prediction also has the possibility to “ignore ACLs”, which is great to identify any firewalls along the way that could block a certain type of traffic. By ignoring ACLs, we can see if our traffic from source to destination would work properly if there were no firewalls along the route. If it turns out that traffic would flow properly, we can then start troubleshooting ACL entries.

Comparison : think of it as a diff across network configurations. All configuration files across devices can be compared at any point in time for changes. The product includes a lot of filters and search options which makes the network team’s life way easier.

Integration : last but not least, Forward Networks is API driven and supports REST and HTTP methods, which is helpful for advanced network engineers who automate their network and write apps.

Why it matters

Network troubleshooting can be a very tiresome and complex activity (especially for non-arcane people). In today’s complex hybrid cloud environments, we’re so often almost one hop away from a disaster happening.

Complex, sedimented firewall rules and a lack of consistency across environments are just what it takes for troubles to happen. I’ve seen that from the other side (the virtualization world) and no matter how things are abstracted, at some point we’ll hit a forgotten Access Control List (ACL) somewhere that is impeding traffic to flow.

The advised reader should know that I am not a networking expert and that I am oversimplifying things for my non-network oriented audience. I recommend to watch the Tech Field Day video that was recorded during the presentation to understand better what Forward Networks is doing.

Max’s Opinion

First a word on the presentation. Forward Networks did an awesome job to captivate the audience. I suppose that the Tech Field Day crew goes to great lengths to brief their presenting companies (their customers) to make such appearances a success for all parties: helping presenting companies deliver their message in the best way and to the broadest audience; engage delegates and make them think (and write) about what they saw; and finally make these appearances a customer success that generates more opportunities for Tech Field Day. If executed properly, this can be a virtuous cycle generating wins/wins. In that case, Forward Networks have demonstrated prowess in mastering the Tech Field Day concepts.

On the product itself, my post should speak on its own. Networking is not my field of discipline, I find it to be some kind of “nasty elvish sorcery” (paraphrasing good old Gollum) that goes far beyond my comprehension. Even if it is “sorcery”, Forward Networks puts some order into it.

Forward Networks brings an understanding of the network as it is today: right now, and not in the 5 or 10 year old Visio file that nobody looks at anymore. Or in the Excel file that references all ACLs worldwide (because Excel is the state of the art data management tool, right?!).

Personally, I enjoyed Forward Networks presentation and found the capabilities it provides to be amazing. I say that not to incense the company, but talking out of my experience in the trenches with support cases bouncing back and forth about “server communication issues”. The question remains about how a company can strive on a single product, but the fact is that doing one thing well is better than doing 2 things and not focusing adequately on any of these.

Disclosure

This post is a part of my TFD Extra at Cisco Live Europe 2019 post series. I am invited to the event by Gestalt IT. Gestalt IT will cover expenses related to the events travel, accommodation and food during the event duration. I will not receive any compensation for participation in this event, and I am also not obliged to blog or produce any kind of content. Any tweets, blog articles or any other form of content I may produce are the exclusive product of my interest in technology and my will to share information with my peers. I will commit to share only my own point of view and analysis of the products and technologies I will be seeing/listening about during this event.

 

Share this:

  • Click to share on Facebook (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Reddit (Opens in new window)

Related

A note to our readers

kamshin.com has a strict no advertisement policy. If you enjoy this website, please consider making a donation to one of these non-profit organizations that I personally support:


People in Need - Czech Republic

A Czech-based non-governmental, non-profit organization founded on the ideals of humanism, freedom, equality and solidarity, helping people in the Czech Republic and in the entire world.

People In Need Logo

Greenpeace

Hopefully this one doesn't requires any explanation. Act for our planet. Act now.

Greenpeace Logo

826 National

US-based charity. An international proof point for writing as a tool for young people to ignite and channel their creativity, explore identity, advocate for themselves and their community, and achieve academic and professional success.

826 National Logo

 


Electronic Frontier Foundation

The leading nonprofit defending digital privacy, free speech, and innovation.

EFF Logo

 


Thank you!

RSS Latest Podcast Episodes

  • EP 30 -Rose Ross Chief Tech Trailblazer on the Tech Trailblazer awards
  • EP29 – Imagine the possibilities to manage your data with Data Dynamics StorageX – with Piyush Mehta
  • EP28 – Introducing Clumio, A Cloud-Based Data Platform Launching With Data Protection As A Service – with Poojan Kumar
  • EP27 – VAST Data – A Revolutionary Storage Platform For The Next Decade – with Howard Marks

Categories

  • Active Directory (5)
  • Certifications (8)
  • Conferences (22)
  • Design (1)
  • Featured (1)
  • General (89)
  • Nutanix (4)
  • Rants (2)
  • Storage (38)
  • Tech Field Day (44)
  • Worth reading (4)

Latest Tweets

My Tweets

Popular posts this week

  • Using Virtual Machine custom attributes with PowerCLI for snapshotting
  • My move from Gmail to ProtonMail: a comprehensive report on gaining back my privacy
  • Is the 16-Inch MacBook Pro Crippled By Thermal Issues?

Categories

  • Active Directory
  • Certifications
  • Conferences
  • Design
  • Featured
  • General
  • Nutanix
  • Rants
  • Storage
  • Tech Field Day
  • Worth reading

Pages

  • Blog
  • Disclosure & Policies
  • Home
  • Media & Press
  • VCAP5-DCD Resources
  • VCP5 Certification Resources
  • About me

Archives

Copyright ©2016 kamshin