What if the number of work-at-home employees in your organization grew from 5,000 to 66,000 in the span of a week? What if VPN usage spiked by a factor of 1,000 and the use of collaborative work tools increased by 1600 percent over this same period? For the government of Ontario, these numbers are not ‘what if’ speculation, they are data points that document something of the networking challenge faced by the IT department as it worked to support the government’s response to the COVID-19 pandemic. As Sham Satrohan, senior manager, Enterprise Hosting and Data Protection Management for the Ontario Ministry of Government and Consumer Services, explained, the government’s decision to require most employees to work from home in order to maintain social distance involved massive effort to create the bandwidth and secure the connections needed to enable a distributed workforce.
While startling for its magnitude and the speed of change, the Ontario government’s experience with rapid shift to remote work is not unique in this time of COVID crisis. As the pandemic has expanded its reach, governments, businesses and individuals around the world have felt the impact, and at the technology level, IT experts have had to work hard to address a pressing need to scale new capabilities quickly, to ensure the safety and security of tools aimed at delivering unprecedented levels of collaboration, and to deliver the quality of experience expected by a new cadre of home workers. As one commentator put it, it’s like collapsing years of planning around digital transformation into a couple of weeks.
Going forward, the rapid IT response called for in the current crisis is not likely to be a singular event. Public health specialists agree that a second, or third wave – or a whole new virus altogether – will likely occur. And with acceptance of this prospect, government and business leadership are coming to understand that new tools, new approaches, and new IT capacity will be needed to support the ongoing digitization of collaboration and other business processes that can help us check viral spread. Fortunately, technology innovation is not a single event either; measured by the biannual doubling of transistors on a chip, or the number of FLOPS per second carried out by supercomputers, growth in IT capability has been exponential, a pattern that Gordon Moore first observed in 1975, which has only accelerates with the advance of digitization.
The trouble with networking
For the most part, innovation in IT infrastructure has focused on computing and storage, as evidenced in measures of advance such as Moore’s Law. But as Mike Anderson, VP marketing, Stateless Inc. has noted, “there are three legs to the stool that is driving the information age.” And if “networking hasn’t been holding up its end of the bargain,” there is now “a lot of opportunity for innovation in this space.”
Anderson calls the lack of progress in networking – industry failure to apply modern software development to networking – “the innovation gap.” He is not alone in this view. The traditional network service model has been measured by it’s potential to ease procurement, provide visibility into infrastructure, and to scale – primary attributes of cloud computing – and found wanting. And while ‘bigger pipes’ have been advanced as a solution to networking challenges that arise in efforts to support traffic for multiple VMs on the same physical Ethernet connection (as with a standalone server), improved data transfer rates, network bandwidth, and WAN acceleration for the cloud, have not always delivered the performance, latency, throughput and scale attributes demanded by increasingly large, and sophisticated cloud computing applications. The problem lies in complexity. In VM migration, for example, live migration with open TCP connections may not necessarily create downtime; however, IP and TCP packets would need to be resolved to a different address (or the same address connected to a different physical switch in the network).[1] Analysing this complexity, researchers into cloud networking have identified key issues with traditional networks as: performance when the application is moved to the cloud; deployment flexibility for security appliances and associated issues with policy enforcement; overly complex, multi-layer networking architectures (TOR layer connecting rack servers, aggregate layer and core layer needed to connect out to the Internet edge); the need to readdress IP packets in applications and network failover devices; and location dependency that occurs when network appliances are tied to a statically configured physical network.[2]
Over the past decade, a succession of network virtualization technologies and protocols have been introduced with promise to deliver the automation that would enable networking to ‘catch up’ with computing. Based on separation of the network control and forwarding planes, Software Defined Networking (SDN) empowers network engineers to create programs allowing them to more easily configure, manage and optimize network resources. With intelligence centralized in software-based controllers, SDN offers a global view of the network, which appears as a single, logical switch. Fans of SDN point to its programmability and its agility – the administrator’s ability to dynamically adjust traffic flow to address changing needs. Detractors have noted issues with scale, and with the northbound interface in SDN (protocol-supported communication between the controller and applications or higher layer control programs), that might impact management solutions for automation and orchestration, as well as the inherent limitations of an overlay solution.
For Anderson, SDN and its companion, SDN WAN, are “just repackaging of existing technology”: in his view, “Networking does not have to catch up; it needs to be reinvented.”
The Stateless approach
Stateless Inc., founded in 2016 and headquartered in Boulder, Colorado, claims to have achieved this reinvention with a new, microservices-based networking function platform that takes the ‘state’ out of the traditional networking process and stores it in a high speed distributed database to speed access, scale and performance. Here’s how it works.
According to Anderson, in traditional networking, different states are defined through packet transmission. When a network packet moves through routing, for example, or through the firewall filter, this process is dependent on managing the ‘state’ of the packet, or state information, such as a routing table. But this information is highly dynamic, as in the case of a firewall where every live connection is tracked, which poses management challenges. “One of the foundational problems with the way networking devices are built today,” Anderson explained, “is that management of state information is built right into the core of networking software, so any time you want to add something new to a router or a firewall, you are reading out of this common state table, for all the processes that are inside the devices. This becomes a ‘monster’.” The first router had 6,000 lines of code, he added; today, routers have over 36 million lines of code that are needed to manage state information, which is tightly coupled with the network process itself, in order to maintain performance.
The Stateless approach is different. Luxon, the company’s ‘software defined interconnect network platform’ is a microservice network function (MNF) system that treats state like a service. With Luxon, very small applications – small pieces of code dedicated to doing one single thing – communicate with all the other network functions using a common API, and an orchestration layer enables these services to work together. But even more critical, is the separation of state information from the core networking process software – and its storage in a high-speed distributed database, where multiple copies on different servers ensure that the state information is always available. According to Stateless, this “separation of state” has two key advantages:
- Network functions can be very small and tight, with code dedicated to one thing, such as TTP routing, IPsec encryption, or packet filtering, enabling rapid scale.
- Redundant boxes not necessary. In traditional networking, routing is carried out in a box, and redundancy entails another box. But with Luxon, state information is stored outside the box, it is already copied in multiple locations. If a microfunction were to fail, or a server that the microfunction is running on were to fail, the orchestration layer would simply access the microfunction on another server, at a speed that ensures no data loss.
Stateless microservices network function vs. network function virtualization
Go to market
If necessity is the mother of invention, tech invention has its issues. As the Technology Adoption Lifecycle, as described in Geoffrey Moore’s book Crossing the Chasm, illustrates, in addition to solving a technology problem in a unique way, innovators must have well defined strategy to quickly push users through the early adopter stage – or risk falling into the ‘chasm’.
Stateless is addressing this challenge in three distinct ways. The Luxon platform consists of a distributed data base, orchestration layer, and microfunctions (which feed on state information) that are unique to each user network. Anticipating inertia around custom creation of microservices, the company’s strategy has been to build the baseline of microservices that people need. For example, in the data centre space, the company’s key target market, Stateless provides basic services for packet filtering, BGP, NAT, and IPsec, and intends to add more functions a year out from now. Going forward, Stateless also hopes to publish an SDK that would allow third parties to develop on top of the platform.
Most data centres today operate heterogenous environments. Recognizing that few operators will be prepared to forklift existing infrastructure to run new microservice functions, Stateless is focused on a few specific use cases that are critical today that may help to introduce the platform. Encryption everywhere, for example, where companies want to do IPsec at scale by encrypting data coming into the environment and data within the data centre, is an expensive proposition in traditional networking as it would require many firewalls. With the Stateless platform, on the other hand, each encryption session is just another micro network function, which can be introduced into existing infrastructure through a ‘hairpin’ traffic approach (take a port off a core layer 2 or MPLS switch and run this into Stateless platform, and another port to run it back out to the switch). Using the hairpin, anything can be encrypted and send it right back to existing infrastructure.
For data centre operators, managed service providers, or colo tenants looking to develop zero trust networks, the Luxon platform is designed to change the economics around encryption. When an enterprise is establishing IPsec tunnels to port data over the Internet to a cloud provider, or when a provider wants to offer cloud onramps as a service, full encryption can be daunting. Today, companies typically build networks with security zones that have layers of encryption within them, using a switch, or access control network in the middle, that is a dedicated box. With Stateless, its possible to route traffic that needs to go into a security zone through the cluster and encrypt it, as well as all other traffic. In the figure below, Stateless outlines a cost comparison between the Luxon platform and the firewall approach that the company completed to illustrate potential savings.
Ultimately, the success of a technology innovation depends on the creator’s ability to align technology capability with broad industry trends. Using IoT as an example, Anderson noted that this communications revolution essentially comes down to the ability to manage scale, to dynamically and elastically manage changing needs. And he argued that the platform is unique in the way that it manages connectivity: “it’s not a physical box. It’s not a server that you have to install each time; it’s a software application that you will start.” Furthermore, unlike other providers, Stateless charges per server that the platform runs on, instead of per network function that you run, a model that is more financially manageable. Anderson believes this benefit is essential in IoT, or 5G scenarios where device scale makes network monetization is problematic. Rather than “unique”, dynamic management, new business service models, and increased programmability sound remarkably like cloud value propositions. Is this ‘catch up’ or something more? Stateless is envisioning application aware networking as well as network aware applications – apps that will be able to dynamically stand up connectivity as needed, a level of automation this not feasible in traditional networking paradigms.
[1] Siamak Azodolmolky, Philipp Wieder, Ramin Yahyapour. Cloud Computing Networking: Challenges and Opportunities for Innovations. GWDG. https://www.researchgate.net/profile/Siamak_Azodolmolky/publication/249325475_Cloud_Computing_Networking_Challenges_and_Opportunities_for_Innovations/links/0c960530b2901bf4c2000000.pdf
[2] Ibid.
