Welcome to Agility City! Let me set the scene.
In the castle, the Wonderful Wizard orchestrates networks in beautiful and powerful ways. Point-to-point tunnel connections are heralded as “architectural wonders,” which decades ago were called bridges with disdain.
Meanwhile, The Wicked Witch of the West brews a primordial potion of complexity that is hidden behind curtains of automated provisioning. Packets of information are heavily laden with unnecessary information and double encryption.
It almost makes you want Dorothy Gale to appear and click her ruby slippers – “There’s no place like home. There’s no place like home.” If only we start talking about true networking and not orchestration of bridges.
I spent some time watching AWS re:Invent 2017 Networking sessions on YouTube and felt like a house was just dropped on top of me. AWS has solved many problems with their new releases and added new kinds of connectivity inside the AWS world.
However, connecting corporate networks to theirs is still a tunnel-fest. If you are very careful, stay within the limits defined, avoid overlapping addresses and provision all your routes correctly, it will allow any-where-to-any-where communication. Just don’t expect to go over 50 connections per VPC, or 1.25 GigaBits per IPSec tunnel. Even Toto would bark at that!
Bridges were replaced with routed links when networking was created. But IPSec tunnels are newfangled bridges that are the new connector of choice. The tunnels are being designed into public cloud networking schemes and are at the center of most SD-WAN solutions. The Wizard cannot change the fundamental nature of the networking world by handing out brains, hearts and medals for bravery. Even winged monkeys can’t hide in the mess of point-to-point connections that are state full network-to-network bridges.
Instead, determine the following variables: A = How many current VPC’s will you eventually use. B = How many locations need to access your VPC’s. Simply multiply AxBx2 to get the count of bridges that need to be provisioned, monitored and controlled. One company I recently spoke with had data centers on five continents, over 100 large office locations and more than 1,300 VPC’s at AWS alone. No amount of wizardry can hide this mess.
Software, especially open source software, is the key to innovation. Cookies are placed in packets to solve authentication and session management problems. Applications overcome NATs and network induced problems and the developers ignore any and all information from the network.
To increase performance, software developers use the network in parallel fashion and cache contents. Application guys develop improvements at a rapid pace, including standards such as QUIC, and TLS1.3. Innovation in the networking industry recently has focused on creating curtains to go over top of or hide the ugly and inefficient architecture. Orchestration of layers of networking complexity is not the answer.
Instead of letting AWS at re:Invent tell you how to connect to them, our industry needs to agree on how we want networks to operate. We need to do what AWS, Azure and Google do – use software to innovate networking. Concepts like embedded cookies that can traverse NAT boundaries to communicate network information are possible. Routing that traverses private/public boundaries is possible. IPv4 and IPv6 borders no longer have to be barriers to routing protocols. Semantic-based routing definitions are likely.
We have the power to innovate. We know the requirements. Let’s get back to networking basics. Eliminate the layers of encapsulation and double encryption. Throw water on the piles of tunnels and bridges to melt them away. Click your heels together and dream of a future network that can interconnect networks intelligently without bridges or tunnels.
Toto, let’s go home!
Patrick MeLampy is the Co-Founder and Chief Operating Officer at 128 Technology.
The original post can be found here.