itestro - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Veriflow premieres intent-based network verification tool

Bloggers look into Veriflow's new intent-based network capabilities, BGP convergence without timer changes and the success of security spending.

Networking startup Veriflow has premiered four new features to improve its intent-based network capabilities. Drew Conry-Murray, writing in Packet Pushers, discussed the intent-based network features that include a tool it calls Automated Intent Inference, which flags conflicting rules. Veriflow CloudPredict (only operational on Amazon AWS), uses APIs to pull information about customer networks from Amazon Virtual Private Cloud to visualize traffic, while Preflight and Dynamic Diff allow users to test network changes against models and compare snapshots of network models. The new intent-based network capabilities stem from mathematical formal verification and data that Veriflow harvests from access control lists, forwarding tables, routers, switches, load balancers and firewalls.

Conry-Murray sees Veriflow taking a different approach to intent-based networking, allowing a user to ask the software to confirm whether the network is configured as imagined. "This modeling approach makes sense to me. ... It can provide a global view of a complex system and is geared toward generating actionable insight, not just reams of data that it's up to you to parse. I also like that it's built for brownfield networks. That is, it's designed to work with your network as it is, not as you might like it to be," Conry-Murray said. He added that the new Veriflow offering will need more testing to determine its best uses.

Read more of Conry-Murray's thoughts on Veriflow.

Boosting BGP convergence

Ivan Pepelnjak, blogging in IP Space, examined the rationale of boosting Border Gateway Protocol (BGP) convergence without altering BGP timers. Pepelnjak said reducing the timers might be a benefit -- especially with Cisco IOS, which he said he believes are too high already.

Among directly connected IP addresses, most BGP interfaces can detect the loss of a neighboring router almost immediately, as soon as the interface goes down. Pepelnjak recommends Bi-directional Forwarding Detection (BFD) as a lightweight protocol, preferable to routing protocol timers, to detect External BGP failures. He added that some platforms support BFD for directly connected Internal BGP neighbors, while others support all IBGP neighbors regardless of their connection type. "Speaking of IBGP, it doesn't really matter if you lose an IBGP session or two as long as the next hop (where you're supposed to send the traffic to) is reachable. Platforms that have BGP next hop tracking solve that problem quite nicely as they tie BGP route selection to (usually IGP-derived) next hop reachability in main IP routing table," Pepelnjak said.

Dig deeper into Pepelnjak's thoughts on BGP convergence.

Cybersecurity spending ROI

Jon Oltsik, an analyst at Enterprise Strategy Group in Milford, Mass., explored the (ROI) from cybersecurity spending. Data gathered in an ESG survey of 412 IT professionals indicated that 30% of respondents were hampered by total cost of ownership, while 33% said that spending on security operations will increase. According to Oltsik, the data indicates that CIOs are very willing to "throw money" at potential vulnerabilities, but demand that CISOs provide metrics that indicate that new security measures will be successful.

To improve cybersecurity metrics, Oltsik recommends creating a security operations and analytics integration plan, unifying security and IT teams, implementing process automation and bringing to bear advanced analytics. "As CISOs move forward with these initiatives, they should continuously determine how to measure and report incremental and ongoing advancement they achieve with risk management, security efficacy and operational efficiency," Oltsik said. "Successful CISOs will be the ones who can demonstrate and communicate real and honest progress anytime they are asked to do so," he added.

Explore more of Oltsik's thoughts on cybersecurity ROI.

Next Steps

Separating truth from hype with intent-based networking

Understanding BGP

Exploring return on security investment

Dig Deeper on Network automation and intent-based networking

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Are you using network verification tools at your organization?
Cancel

-ADS BY GOOGLE

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchITChannel

Close