Networks Generation

Maintaining Your Borders

Steve Broadhead
Steve Broadhead
Broadband Testing

It seems like every other – and that’s being conservative – conversation I have in my day job, every other post on the likes of LinkedIn and even on the BBC website is talking about how AI is taking jobs from 3D humans, especially in the technology space.

Yet, at the same time, I get involved in relentless conversations about skill shortages, how few tech engineer types there seem to be now on the planet and how the “younger generation” just want to be DevOps guys and not get their hands dirty by actually making an IT infrastructure work, 24×7.

It was therefore both refreshing – and reassuring – in a recent conversation with Patrick Bohannon, SVP of Infrastructure and Product Operations at Netskope, to start with the topic of learning the hard way, understanding the relationship between network design decisions and the actual operations/deployment needs and how there is simply no replacement for experience. In other words, if you haven’t been there and done it, how can you understand – as a fresh from university DevOps guy say – the impact of spinning up yet another instance on a cloud-based VM, prototyping code in unsecured environments, the bandwidth requirements of sending and receiving terabytes of AI “stuff” etc.?

Moreover, there seems to be an increasing ignorance of what actually underpins the Internet that these guys live by and just how long-established the underlying – and still essential – architectural elements have been with us. Yes, I’m talking BGP or Border Gateway Protocol, the technology that has been fundamental in defining the best routes across the network and t’Interweb since 1989. And the first word that then sprang to mind was “interoperability”. Patrick talked about how, in the world of network engineering, it is all too easy to take a vendor-specific, almost religious approach to building networks and focus on a single vendor – yet, BGP provides the perfect, agnostic antidote, in that it can underpin the biggest, most complex networks in the world and, equally, you can run it on low-budget commodity hardware. It’s the same engine, just different body sizes.

Patrick noted how that worked in Netskope’s favour during the COVID lockdown periods, when everyone had supply chain challenges: “We were fortunate because we had built our network around open standards early, using YANG models and NETCONF tooling, which meant we could integrate gear from any vendor. Arista, Juniper, Cisco, even commodity routers acting as route servers. And because we used BGP in a vendor-neutral way, we stayed largely immune to the supply chain disruptions that impacted so many others.”

What is means is that, still today, we can have a half-million-dollar network chassis in a Data Centre, talking directly with a forty-dollar home router – they both speak BGP. Again, as Patrick observed: “BGP is as foundational to the Internet as DNS, which is an interesting parallel because if we’re careless it has some of the global risk given it’s so fundamental to how the Internet operates”.

So, it’s sort of a network of promises, but it delivers on those promises. Not that all BGP implementations are the same. As Patrick noted, some are implemented slightly differently, some cost more than others and some are faster than others, but it delivers – literally.

“BGP has staying power because of its path-vector design. It shows you the full route your traffic takes, including the organizations it crosses, and makes alternative paths visible. Instead of relying on an opaque or complex ‘best path’ calculation, BGP gives us the ability to define what ‘best’ means, whether that’s based on speed, cost, reliability, or business needs. While BGP does give us access to many attributes to fine-tune those decisions, at its core it’s provides clear, deterministic control over how you move from point A to point B.”

I referenced the similarity to using couriers  delivering parcels – you have to read the small print in order to understand what is being offered, even if all the different options will eventually deliver that parcel.

“That’s relevant today, because I can decide which way I’d like to send that traffic and so now we can take into consideration other things like cost optimization. I can look at a BGP path and say, you know what, even though there’s two extra hops that’s a cheaper route. Or I can optimise further by looking at cost plus performance. That’s a shorter path but it is really slow at delivering the mail right? Like your postal analogy, Steve,  it might promise to deliver my traffic to you, it’s going to take a week longer than if I go through two other people. And so you can’t easily do that with non-path vector protocols, right.” He noted that Netskope’s business benefits of BGP not only allow for the selection of the most efficient and cost-effective routes to reach the company’s security customers – as well as the web, cloud or SaaS destinations they want to reach – but also optimise for performance at all times.

I noted that, as ever, it all boils down to the “v” word – visibility, probably the most important thing to network operators after performance and low latency. That plus expectation levels which, from a performance delivery perspective, have gone through the roof compared to the early days of the Internet, when simply successfully sending and receiving traffic was generally sufficient – outside  of trading and similar environments – to satisfy the requirement. Patrick agreed, noting: “And so yes, the eventual delivery of a packet might have been the goal a long time ago and now the eventual delivery of a packet is much more nuanced, and again, BGP allows us to protect that nuance. And in some cases this could  relate to data sovereignty issues related to the path that packet takes over international boundaries.”

That led us to cover a particularly timely topic of how customers are more sensitive than ever with regard to  geopolitical concerns – the geopolitical impact of where their traffic lands and doesn’t land, or what networks in what countries that packet is routed through. Patrick noted how concerned Netskope customers now are about being able to guarantee the data paths being used and how the company doesn’t exclusively need to rely on Tier 1 and Tier 2 ISPs to define their traffic paths – in other words, it can guarantee data provenance, but taking more direct control over the routing, which, again as Patrick noted, is a unique characteristic of Netskope’s private cloud – NewEdge.

“So we have these major events like fibre cuts in the Suez Canal, or route hijacks that happen in Malaysia. Some customers may simply not want their data to transit a particular provider or country. If it weren’t again for the elegant use of BGP then we couldn’t protect our customers from these types of events”, Patrick concluded.

Obviously, given the current world events, the geopolitical landscape discussion is set to be an even more major talking point, as is security and the newer kids on the block protocols, such as RPKI (Resource Public Key Infrastructure) which is designed to secure BGP – and how quickly they are adopted – but we’ll save those nuggets of gold for another conversation day.

Meantime, it is reassuring that the fundamentals of the IT world are generally not based on the latest, greatest “shiny” protocols and encryption methodologies, but – in some cases – on a 36-year-old battle-tested routing protocol. I really can’t see AI taking all of our jobs in the near future, but if and when it does, I imagine BGP will still be with us, underpinning the Internet. There endeth the lesson…