This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach.
The collection of public and private wireline and wireless networks that make up the Internet represents 400 billion dollars of infrastructure and is responsible for 13 trillion dollars in commerce – but it faces some real challenges. It’s too complex, insecure and difficult to bring services to bear. When it comes to routing technology, the foundation of the Internet’s infrastructure, there has been no innovation in the past 20 years.
Early networks simply sent packets within private networks, and when private networks needed to be inter-connected, routers came along – creating the Internet as we know it today. And while speeds and feeds have improved with time, the only routing innovations since have focused on layering technology on top of or underneath the existing routing layer.
Nearly all of those innovations have session state embedded in them. At a high level, a session is “a temporary connection between two endpoints for the purposes of communicating information.” But ask five people what that means, and you’ll get five different answers. HTTP sessions, SIP sessions, virtual circuits, and more – the notion of a session exists up and down the network stack.
Regardless of protocol, though, all sessions do have some common characteristics – they all require some sort of signal to be established (and in most cases, ended), there is a two-way exchange of information, and each session is singularly unique. In the network layer, sessions have “biflow” (meaning two related unidirectional flows in opposite directions), directionality (reflecting which endpoint initiated the session), and state (sessions have a recognizable start and end along with other parameters specific to that session). These characteristics make it possible to associate packets and flows with a unique session, and manage that session.
Network elements that require session state include firewalls, carrier grade NATs, load balancers (ADCs), session border controllers, DPI devices, and many others, which together are often called “middle boxes” because they are located in the middle of a network. As a result, an entire industry has emerged around routers to deliver bolt-on middle box functionality that increases complexity and cost.
The answer to this predicament is session-based routing. By infusing technology developed for middle boxes into established routing technology, a new simpler paradigm emerges that can route sessions instead of packets. This session-oriented approach is designed to build context-aware networks that can easily, dynamically and securely stretch across network boundaries. Session-oriented routers make dynamic routing decisions based on fully distributed knowledge of services topology and policy frameworks. The result is much a more simple, secure and agile network.
Although much has been said about the benefits of Software-Defined Networking (SDN), Network Function Virtualization (NFV) and Software-Defined Wide Area Networks (SD-WAN) as potential solutions to network complexity, they simply magnified existing complexities. By over-relying on middle boxes, albeit virtually, along with existing tunneling and overlay techniques, these solutions add to complexity.
With session-oriented routing, advanced network functions can be performed natively – without the need for additional boxes. Session-oriented routing can also operate on in-band signaling techniques to provide security and reliability, thereby removing the need for overlay approached. The routers can understand and enforce policies (security or otherwise) and ultimately provide smart, dynamic path selection.
Session-oriented routers enable a much tighter alignment between the network and the applications it supports. And, because session-oriented routers are based on software, advanced, secure networking can be put anywhere and everywhere. Session-oriented routers also work with existing network infrastructure, so network operators do not need to rip and replace existing technology, saving time and money while delivering a network that is fundamentally simpler and smarter than ever before.
That brings up the question: Why are session-aware routers necessary to support the networks of tomorrow? The megatrends of cloud, user mobility, and Internet of Things (IoT) are changing networking in fundamental ways. The clients and servers are now in different networks. Even the concepts of a LAN and WAN are melting into a hodgepodge of private networks that require secure interconnections. Point-to-point tunnels (often called virtual networking) are proliferating to create these interconnections, but these are creating new layers of complexity, new middle boxes, and new layers of inefficiency. Bandwidth driven by video is continuing to increase steadily. The lack of IPv4 addresses and steady rollout of IPv6 means that the Internet really is two networks to manage. Connecting all these networks requires session state and innovative policies that function across all of these networks.
Why don’t more routers have session awareness today? The answer is part technological and part religious. Until recently, specialized hardware was the only game in town for router data planes, and the focus was on forwarding as many packets as possible, as fast as possible. Plus, the practical limitations of hardware product cycles and custom chip design made it far more onerous (and distracting) to incorporate advanced network functions into routers. It was just easier to build standalone network appliances and put them around/behind/in front of the router. With the advent of powerful x86-based hardware and software-based networking, the game has changed.
With trends like collaboration, increased use of video, virtual reality and IoT increasing the traffic volume, now is the time to focus on sessions instead of packets or flows. Session-aware, software-based routers drastically simplify the network, while improving security and reliability. With this type of technology, network operators will be able to create borderless networks with greater security, agility, insight and performance, without relying on legacy middle boxes or complicated tunneling and overlays – and without having to rip and replace existing technology. It’s evident that today’s flow-based networks are no longer cutting it and the migration to a secure session-based routing system will create simpler, more intelligent networks that are much more efficient.