The network, once seen as little more than plumbing in the datacenter, is at the center of distributed IT operations. Ensuring network operations and protecting them from cyberattacks has become paramount to modern enterprises.
“You can almost imagine that networks would be on par with power and water and electricity and that kind of stuff,” Nikhil Handigol, co-founder of Forward Networks, tells The Next Platform. “You cannot imagine a modern business functioning without its network functioning. On one hand, networks were super critical for big businesses and are becoming increasingly critical. On the other hand, they’re becoming more and more complex and more and more fragile, both from a connectivity perspective and from a security perspective. From a connectivity perspective, they were so fragile that one misconfiguration could take the entire network down. It’s still the case.”
Forward Networks is among the vendors in the rapidly evolving networking space that is using digital twin technology to help enterprises automate their infrastructure both in the cloud, across clouds and on-premises to improve visibility, performance and security. It was launched in 2013 by Handigol and three others – David Erickson (now the CEO), Brandon Heller (CTO) and Peyman Kazemian – who were all part of the group at Stanford University almost two decades ago that helped develop and launch software-defined networking (SDN).
The company has raised more than $62 million over three funding rounds between 2014 and 2019 and now has more than 70 employees, Handigol says.
In launching Forward, the four saw an opportunity to leverage mathematical model that would form the basis for its digital twin technology. The overall digital twin space is booming, with Fortune Business Insights predicting the global market will grow from $8.88 billion this year to almost $96.5 billion in 2029. The idea behind them is to create real-time virtual representations of complex and dynamic physical objects or processes – think cars or factories – that is fed data from those systems and then is able to run simulations to make improvements or improve performance.
“A digital twin network allows network operators to design network optimization solutions, perform troubleshooting, what-if analysis, or plan network upgrades taking into account the network’s expected user growth,” researchers from such organizations as the Barcelona Neural Networking Center, Telefonica Research, and Huawei wrote in a paper released in January. “Since the interaction with the DTN does not require access to the real network, the aforementioned processes can be carried out in real-time, without jeopardizing the physical network.”
Modeling such highly complex systems has been made possible by advances in machine learning, the wrote.
Many networking vendors to varying degrees are adopting digital twins to varying degrees, from Cisco DNA, Juniper with its Mist AI capabilities and Extreme Networks to cloud providers like Amazon Web Services, Microsoft Azure and Google Cloud in their network management services.
Forward’s founders were driven by the fragility they saw in modern networks born out of their increasing size – tens of thousands of network devices like switches, routers, and load balancers – the diverse nature of those devices from multiple vendors and the configuration of the devices, Handigol says.
“This is a of system with complexity increasing in these three very different dimensions,” he says. “What that means is they have reached a stage where it the complexity has outgrown human capacity. It is very common to see this happen. [In June] there was a major Cloudflare outage. It was just one networking configuration that made a whole bunch of datacenters go down. All the businesses that were dependent on Cloudflare went down along with it. That’s just one bad change that took down a whole bunch of companies and all kinds of services. It’s that fragile because it’s all connected.”
Most other fields in IT, from software to databases to distributed systems, have evolved over the years in ways that networking hasn’t. They need fundamentally new capabilities to tame the complexity, Handigol says.
Forward’s platform is a digital twin of an enterprise’s network. The vendor uses Google Maps as an analogy, saying that Google Maps is essentially a digital twin of the transportation system, with updated information about road traffic, construction and other factors feeding data to map and display all possible paths between destinations and recommend the best one. Likewise, Forward’s digital network twin shows all possible paths for packets based on current conditions rather than the more static diagrams in Visio.
“We not only understand every single element that is there, but what is there and how it’s connected,” he says. “That’s the basis. But more importantly, Forward understands every possible way in which any traffic can flow through the network. Not just what’s going on right now, but what is possible given the current configuration and the state of the network. That’s the kind of behavior that Forward analyzes, computes and makes accessible to the network and security teams.”
At its core is the mathematical model the company has developed. A key analysis Forward does as part of the digital twin is pre-compute, index and make searchable all possible traffic paths through the network, which Handigol says is an extremely powerful capability for the network, security and cloud teams and a “massive differentiator” for the company. Kazemian outlined the mathematical model in his 2013 PhD thesis.
“Performing such an analysis is not trivial,” he says. “If you naively enumerate each packet and trace it through the network, the problem becomes intractable. This is where mathematics comes in. Instead of looking at each individual packet, Forward models classes of packets that are treated equivalently in the network as ‘header spaces’ – hypercubes in an N-dimensional space – and the behavior of each device in the network as ‘transfer functions’ that transform these header spaces. … It involves a lot of cool algebra and set theory. It is this mathematical basis that makes a product like Forward possible and scalable to networks with tens to hundreds of thousands of devices.”
Forward’s platform enables enterprises to search entire networks for any devices and connections to run path analyses both on-prem and in the cloud, verify that the network is configured correctly and behaving as intended, customize network policies, and predict network behavior. Network administrators also can compare configurations at different points in time.
It also plays a role security, identifying compromised hosts and devices, continuously monitoring for issues and detecting connectivity problems. There’s incident management – what Forward calls “blast radius analysis.”
Recent partnerships have been a focus on security. Forward last month hooked up with Arista Networks, integrating the company’s CloudVision cloud-based portal with Forward’s Enterprise platform to enhance monitoring, change control and configuration management and ensure pre- and post-change verification. A month earlier, Forward said it was integrating Rapid7 InsightVM vulnerability management tools into its platform, enabling broad visibility for enterprises into their security posture.
“The network forms a core piece of this infrastructure because it’s a network that interconnects every system that’s supporting the enterprise,” Handigol says. “It’s the behavior of that network that interconnects all these key pieces – your applications, your databases, your users and the rest of the world – and it’s the core piece of infrastructure that needs to be understood. end-to-end, to be able to secure an environment internally. If you’ve got an insecure work, if you can’t see what the network is doing, how it’s behaving, you can’t possibly secure that environment.”