It's time for the network infrastructure itself to add some smarts. After all, when it comes to intelligence, the real beauty of the network is that it touches everything.
"The network is the one common element across the infrastructure," says Rob Redford, vice president of marketing for Cisco Systems. "If it had more capability to look more deeply inside application traffic, it would give us a better idea of what is being transacted and what information is flowing where, and it could play a more active role in helping organizations meet their business objectives."
But what does network intelligence mean? According to Gartner research vice president Mark Fabbi, it's mostly about application awareness or what he calls "application fluency".
"An application-fluent network knows not only what application is running; it also has knowledge of the syntax and semantics of the "application and the elements of the transaction", Fabbi says. "And it knows who is connecting, how they're connecting, and with what device."
The network already provides some intelligence today, say the infrastructure vendors, but mostly it's on a piecemeal basis, with scores of specialized devices targeting local security, performance, and application issues. In the next five years, however, we may see a lot of these pieces come together, producing managed networks that are more intelligent from end to end.
"If you're consolidating lots of servers and applications, you really have to start optimizing the delivery of traffic back out," Fabbi says, adding that this is particularly true in an environment that favours browser-based applications. "These applications put a tremendous burden on the underlying network protocols and servers. Generic network design simply doesn't work."
It pays to think smart
"Throwing bandwidth at the problem doesn't solve the fundamental global network performance issue today, which is latency," says David Willis, a Gartner senior analyst. "In cross-continental WANs, round-trip time can be as high as 50ms to 75ms, compared to 10ms on a LAN, while in a global network it could reach more than 250ms. When you consider that a single Web page can require as many as 10 or 20 different requests and responses, and then multiply that by thousands of Web pages and users with different connections and devices, you get the picture."
Gartner estimates that in typical global networks running Web-based applications, WAN latency, not bandwidth, can be responsible for 50 to 95 percent of the total application delay. But performance isn't the whole story.
"On day zero of a new worm, software and IPSs that rely on signatures don't know anything about it," says Brice Clark, worldwide director of strategic planning for HP's ProCurve networking line. The network infrastructure can be a complementary layer of defence that detects traffic anomalies and halts malware propagation using rate limiting and connection delay.
Jason Needham, product manager at F5 Networks, says the network is also a good place for user authentication and authorization. "If I'm a financial institution, it's OK to do authorization at the application server. But wouldn't I rather block unauthorized users before they get to the door?"
The proliferation of XML and SOA promises to magnify performance and security issues. XML is verbose and inefficient, bringing new security issues. In fact, Cisco, HP, and vendors of network-based XML acceleration and security devices, will tell you that the network could offload a lot of XML processing, translation, and security from beleaguered servers. It could even take over some of the classic application and data-integration burden.
A new networking direction,/h2>
The move towards network intelligence is actually coming from two directions: leading the charge on one path are the established giants, while specialty vendors are marching up another front.
HP's Brice Clark describes his company's ProCurve Adaptive EDGE architecture as a two-pronged approach. "You start with intelligence at the edge, where it needs to be located to support mobility and next-generation applications. Command comes from the centre, configuring the network continuously on the fly based on the identity of the user, the application, the connection, and the device."
The ProCurve IDM (Identity Driven Manager) is unique to HP's line. It enables the application of security, access control, QoS, VLAN enrollment, and performance settings based on the authenticated user or group of users, including their locations, the time of day, and other factors. HP has also incorporated optional intelligent capabilities for its ProCurve 5300 series switches, including WLAN client authentication, WLAN access-point-to-access-point connection handoff, virus throttling, and encryption -- features that were formerly offered only in dedicated WLAN switches.
Clark says the next step will probably be deeper packet inspection to recognize applications and apply policies accordingly, even triggering packet-processing applications hosted in the switch, based on the user, device, or application.
"You can transcode a video stream for a PDA on the switch, rather than at the server or encrypt a financial transaction," Clark says. "The network is good at packet processing. Servers and operating systems aren't."
Cisco, on the other hand, has announced a three- to five-year plan for what it calls Application-Oriented Networking. Later this year, the company plans to provide AON blades for its Catalyst datacentre switches, as well as branch office routers that can actually read application-to-application messages (such as purchase orders) and route them intelligently according to predefined policies. So, for example, a $50 order could be routed to a different server or get a different quality of service than would a multimillion-dollar order.
AON blades will also be able to take on much of the integration and translation normally performed by application middleware, thanks to partnerships with integration players like Tibco Software and IBM, as well as integrated XML processing, translation, and security functions. Cisco's Redford also points out that the ability to inspect and route messages will lead to better visibility into transactions, resulting in improved security, compliance, and business-intelligence capabilities. AON will also offer load balancing, caching, and compression services. Although all these services could slow down network traffic to some extent, Redford claims that the benefits would include much improved application performance and significantly lower integration costs (because any integration changes would be made on the switch, rather than across all the various interacting systems).
Smaller vendors, specialized gear
The networking giants, however, aren't the only game in town. Smaller players in the load-balancing Layer 4-7 switch market, which include F5, FineGround, NetScaler, Radware, and Redline, offer products they call ADCs (application-delivery controllers) or WOCs (WAN Optimization Controllers). Many of these vendors have already been involved in application intelligence for several years and claim to have the corner on that kind of expertise.
ADC boxes sit in the data centre in front of banks of servers. Originally they provided application load balancing and health checking, but over time their capabilities have grown to include off-loading communications-specific tasks, which general-purpose operating systems don't do well, according to Joe Skorupa, research director at Gartner. Many ADCs off-load functions like SSL termination and acceleration and TCP setup and shutdown, and they provide transaction security, application firewalls, caching, and compression. Often, these devices can be fine tuned to optimize the performance of specific back office applications, such as SAP, and can monitor and troubleshoot individual transactions.
"F5's hardware has the ability to watch a request come in and, if the transaction fails, it can trap the error, send the message to the server administrator saying, 'This transaction failed to this client from this server at this time, and here's the code'," Skorupa says. "Then it replays the transaction with another server. The user never sees the error."
Vendors such as Allot Communications, Expand Networks, Packeteer, and Peribit Networks market WAN optimization controllers, which sit on the network at both the corporate headquarters and remote offices and use compression and TCP-acceleration tricks to overcome latency and other problems on the WAN. Skorupa says that the functions of these boxes will eventually be incorporated into ADCs and branch office routers.
Still another group of hardware and chip vendors are concentrating on the XML and Web-services space, working to incorporate the XML processing capabilities currently available in specialized XML processing appliances.
In fact, the range of product offerings from smaller vendors is compelling enough that the major networking vendors have launched a buying spree, with Cisco acquiring FineGround, Juniper engulfing Redline Networks and Peribit Networks, and Citrix scooping up NetScaler. But there's still plenty of room for innovation outside the traditional networking vendors.
Whether network intelligence will eventually rest in switches or as an overlay of specialized devices depends on to whom you talk. The appeal of incorporating these features into existing switches is obvious, but networking vendors have had trouble keeping up with the features offered by specialized appliance vendors in the past.
"Five years ago many people predicted that Packeteer would die because Cisco would take over much of its functionality," says Gartner's Willis. "But it is still very much around. Changes in applications are faster than Moore's Law and the specialized box companies are often better at keeping up."
Gartner's Skorupa agrees. "You can put a blade in a switch, but that alone is not compelling," he says. "You have to ask yourself whether buying an integrated product gives you more benefit than a stand-alone solution with more features." For now it makes sense to take a targeted approach that solves the specific problems you're trying to solve, with an eye on how initiatives like HP's Adaptive EDGE and Cisco's AON develop. Application-level standards are another piece missing from the puzzle. But despite the hurdles yet to overcome, the intelligent network train is definitely out of the station. It's just not clear what its final destination will be.
Priority planning pays off - Michael Crawford
Intelligent networks have the ability to prioritize both network and application traffic so workflow continues as normal under increased loads or during peak times of demand. Therefore an army of "intelligent" switches on a network will not only ease traffic flow, but enable an automated workflow for peak application delivery, tailored to end-user demand.
Building intelligent networks, or a network to take advantage of automated business events, closely mirrors the utility computing nirvana of using unspent memory or idle processor time to ease traffic and application flow around the network and like using unspent resources, intelligent switching, and application load balancing is something that has needs to happen in the background.
Frost & Sullivan senior analyst James Turner said the crux of intelligent switches today is the mathematical modelling within the switch itself. This tweaked modelling, according to Turner, is how switches are improving network usage and driving the "intelligent" network.
"The driver for intelligent networks for an enterprise is the capability to maintain daily operations in a timely environment and intelligent switching is just to aid in accessibility," Turner said.
"The mathematical modelling inside the switches used to be rules built into them but now those rules are adapting to the operating environment - the switches are now driving to lower costs and improving service delivery quality through the support and administration of applications.
"HP came out with this 'intelligent switching' idea a short time ago with the Pro-Curve line and failed because it was ahead of its time - the previously big load-balancing guys are now moving into application switching and doing it well."
Last September Griffith University rolled out six Big-IP 6400 Application Switches from F5 to manage traffic for between 50 and 100 servers. Griffith University has six campuses between the Gold Coast and Brisbane and sourced the switches specifically to load-balance, improve network performance and deliver core applications for administration and the online teaching and learning portal Learning@Griffith.
More than 14,000 students and staff use this portal daily with an average of 6000 users logged on at any one time during semester. In 2004 the university offered 5454 courses online - an increase of 400 percent on the previous year.
Thomas King, network services team leader at Griffith University, said it was essential that the university maintained a robust network that could support bandwidth-hungry applications and high-speed traffic without compromising the access of staff and students.
"We have been doing basic load-balancing for the past couple of years but the increasing complexity of applications on the network means that we now need more features and intelligence to manage our traffic," King said.
Project integrator John Graham, from Lanlink, said punters such as Griffith University are starting to see switches as a mature commodity that can aid in not just performing simple, effective load-balancing but making automated layer 7 switching and packet traffic inspection.
Graham said the issue with Griffith University was that it was concerned about student-specific applications sitting on myriad servers that were not performing ideally.
"The university was already using a different vendor's solution and was concerned it was just too rudimentary and just doing load-balancing without enough layer 7 decisions being made," Graham said.
"It is fair to say applications guys have more say in what their products do than they used to - that decision used to be made by the layer two to three guys; punters see switches now as a mature market.
"A few years ago Griffith University said intelligent networking sounded like vapourware - now it understands what intelligent switching can do."
F5 managing director Les Howarth said intelligent networking has more to do with how the business approaches tasks as opposed to what the network map looks like.
Howarth said the intelligence is about navigating resources and applications along the shortest and quickest route to promote network traffic flow.
"The great driver for traffic management three to four years ago was at the server level - now the network needs some level of intelligence about the applications themselves and we have been talking with vendors like BEA and Microsoft to create more fluid applications than they had before - F5 currently has three guys in Microsoft headquarters in the US to knit F5 code in its products so we can offer specific tasks for applications from Microsoft, and even SAP and Oracle," Howarth said.
"Fixed-level network intelligence knows routers, servers and storage as allocators based on fixed parameters and the switch has a level of intelligence above the network that is more dynamic.
"The level of intelligence involved is fixed and dynamic in terms of knowing what the network map looks like and what jobs are being done by that system today and allocates resources according to various response times. Where the intelligence gets misused is application providers often talk about applications being aware of the network - that claim is not all wrong but is a different form of intelligence."
Bernie Snoek, managing director of Turbosoft Networks, said if you can see the problem, you can fix it.
It's important to companies that they get the most out of their bandwidth, that they know at any moment what is flowing through the pipe and where it's going. "If there's suspect activity you can visualize the traffic in real time and - if necessary - find the PC, the user, and the application," Snoek said.
Too often when there are bandwidth slowdowns, the solution is to throw more bandwidth at it. But, Snoek said, before you can fix the problem you need to know what's causing it.
"We had one client which used a 128k pipe and was getting complaints from an executive about delays. When we checked the traffic, we found that one user was listening to BBC radio all day; further checks showed the user to be the exec who complained."
Turbosoft distributes NetPriva's family of network management and visualization solutions. Snoek said one of the problems facing network managers is traffic bursts of short-duration: one to 10 seconds. Because network traffic makeup has changed in the five-plus years since the bandwidth shaping solutions were first created few have the ability to see below one minute resolution, he said.
"Typically, IT managers are not fully conversant with what the shaping solutions actually do, and require the visualization of traffic at high-time resolution to see what is going on. Having seen the problem they can then see how shaping will overcome it.
"If a Citrix or voice connection is blocked by a large e-mail attachment or print job for two -10 seconds this is a big problem, and once Citrix is guaranteed its bandwidth these sorts of issues go away," Snoek said.
The NetPriva range covers Gateway, which sees all the packets and can prioritize the different traffic streams based on operator-set rules; Console which delivers a real-time view of traffic and enables rule-setting to break it up; Collector, which collects summary traffic information at one second resolution and allows historical views of traffic; Agent, a PC-based service that feeds the collector traffic information showing individual applications and users.