Networking startup Veriflow has premiered four new features to improve its intent-based network capabilities. Drew...
Conry-Murray, writing in Packet Pushers, discussed the intent-based network features that include a tool it calls Automated Intent Inference, which flags conflicting rules. Veriflow CloudPredict (only operational on Amazon AWS), uses APIs to pull information about customer networks from Amazon Virtual Private Cloud to visualize traffic, while Preflight and Dynamic Diff allow users to test network changes against models and compare snapshots of network models. The new intent-based network capabilities stem from mathematical formal verification and data that Veriflow harvests from access control lists, forwarding tables, routers, switches, load balancers and firewalls.
Conry-Murray sees Veriflow taking a different approach to intent-based networking, allowing a user to ask the software to confirm whether the network is configured as imagined. "This modeling approach makes sense to me. ... It can provide a global view of a complex system and is geared toward generating actionable insight, not just reams of data that it's up to you to parse. I also like that it's built for brownfield networks. That is, it's designed to work with your network as it is, not as you might like it to be," Conry-Murray said. He added that the new Veriflow offering will need more testing to determine its best uses.
Read more of Conry-Murray's thoughts on Veriflow.
Boosting BGP convergence
Ivan Pepelnjak, blogging in IP Space, examined the rationale of boosting Border Gateway Protocol (BGP) convergence without altering BGP timers. Pepelnjak said reducing the timers might be a benefit -- especially with Cisco IOS, which he said he believes are too high already.
Among directly connected IP addresses, most BGP interfaces can detect the loss of a neighboring router almost immediately, as soon as the interface goes down. Pepelnjak recommends Bi-directional Forwarding Detection (BFD) as a lightweight protocol, preferable to routing protocol timers, to detect External BGP failures. He added that some platforms support BFD for directly connected Internal BGP neighbors, while others support all IBGP neighbors regardless of their connection type. "Speaking of IBGP, it doesn't really matter if you lose an IBGP session or two as long as the next hop (where you're supposed to send the traffic to) is reachable. Platforms that have BGP next hop tracking solve that problem quite nicely as they tie BGP route selection to (usually IGP-derived) next hop reachability in main IP routing table," Pepelnjak said.
Dig deeper into Pepelnjak's thoughts on BGP convergence.
Cybersecurity spending ROI
Jon Oltsik, an analyst at Enterprise Strategy Group in Milford, Mass., explored the (ROI) from cybersecurity spending. Data gathered in an ESG survey of 412 IT professionals indicated that 30% of respondents were hampered by total cost of ownership, while 33% said that spending on security operations will increase. According to Oltsik, the data indicates that CIOs are very willing to "throw money" at potential vulnerabilities, but demand that CISOs provide metrics that indicate that new security measures will be successful.
To improve cybersecurity metrics, Oltsik recommends creating a security operations and analytics integration plan, unifying security and IT teams, implementing process automation and bringing to bear advanced analytics. "As CISOs move forward with these initiatives, they should continuously determine how to measure and report incremental and ongoing advancement they achieve with risk management, security efficacy and operational efficiency," Oltsik said. "Successful CISOs will be the ones who can demonstrate and communicate real and honest progress anytime they are asked to do so," he added.
Explore more of Oltsik's thoughts on cybersecurity ROI.
Separating truth from hype with intent-based networking
Exploring return on security investment