Modern networks have grown over time, often being formed from a mix of vendors and technologies, cloud, SDN and virtualization across a variety of vendors. The outcome of this evolutionary process can result in chaotic or “messy” networks, leading to outages, vulnerabilities and other network disruptions.
As an example of the problems faced by enterprise networks Square recently experienced a widespread service outage that impacted users’ ability to take electronic payments for a several hours. This was caused by a change it made to one of its back-end systems, resulting in a host of “capacity issues.” Add to this catastrophic network failures seen during 2017 that were attributed to human error at Amazon, AT&T, and Southwest Air, these underscore that any size of business is not immune to crippling network chaos.
The company Veriflow has a solution, through the use of formal verification technology, the company can identify existing messy “brownfields” networks and let engineers identify and troubleshoot potential network failures before they occur. To find out more Digital Journal spoke with Dr. Brighten Godfrey, the co-founder and CTO of Veriflow.
Digital Journal: What are the main weaknesses with current enterprise networks?
Godfrey: “Enterprise networks have grown much more complex, with scale and diversity and layers of technology, but at the same time, we’re expecting more out of them. The network is an enabler for the rest of the business, so you want the network to be able to move quickly so the business can take advantage of opportunities. That means having the agility to deploy new services, add technology like cloud computing, acquire other firms and integrate their networks, and so on. The weakness is that the way we build and change networks across time is surprisingly manual. If you try to apply manual operation to a complex system, and move quickly, things will break. That means outages and also security vulnerabilities.”
DJ: How are seemingly well-designed systems prone to human error?
Godfrey: “You only have to look to a typo taking down a large fraction of Amazon’s infrastructure earlier this year, or the outages at a few airlines over the last year, or the regular drumbeat accidental leaks of sensitive data. Well-designed networks do have a plan. But with thousands upon thousands of lines of configuration files, dozens of types of vendor devices, and layers of protocols and virtualized infrastructure all interacting with each other, it’s very difficult to confidently predict the outcome of a seemingly small change. Now on top of that, the plan is never perfect – most large organizations typically don’t even know what all the devices in the network are – and organizations may need to make hundreds or thousands of changes to the network infrastructure per month. All this is not the fault of engineers; we need better technology to empower engineers towards automation and in particular automated understanding of whether the end-to-end business goal is being met.”
DJ: How does the Veriflow technology work?
Godfrey: “The idea is basically to predict the future – to predict everything that could happen, before it does. That is the idea of an area of technology called formal verification, which analyzes a system’s design to mathematically prove whether it achieves desired properties. Formal verification has been applied in other domains, like computer microprocessor design and NASA’s Mars rover software. We have developed new algorithms and systems to apply this technology to networking.”
DJ: How does Veriflow help to address the problems?
Godfrey: “Usually, network and security engineers have to resort to monitoring ongoing traffic – which means they’re only seeing outages after they’re happening, or vulnerabilities after they’re already being exploited. Veriflow empowers engineers to become more proactive. By building a predictive model of the network, you can now gain confidence that the network is secure and resilient, without just crossing your fingers and waiting to see what happens. For example, an engineer can use Veriflow to assure that all critical services in the data center are available to remote hospitals; or that a segment of the network containing sensitive data is fully isolated.”
“We’ve also found that many network engineering teams just don’t have the full picture of their network, because there’s been staff turnover or just because the data centers have grown organically over years or decades. Gaining network-wide visibility and the ability to interactively ask questions is a really powerful baseline.”
DJ: How can Veriflow help companies to make improvements to their networks?
Godfrey: “I think operating a large network is becoming more like software, so let’s take a look at software engineering for a moment. A dev team working on a complex software project may use a “DevOps” approach to integrate small changes into the codebase frequently with automated validation and automated deployment into the infrastructure in a closed loop. These automated processes help ensure the software meets its goals, and if it continuously meets those goals, the team can make improvements more quickly.”
“Today, building and operating a large, modern network is a lot like developing a distributed software application in complexity, but historically networking teams have lacked the technology to match that complexity. Veriflow essentially allows network teams to extend the benefits of the DevOps software development methodology into the network. Because Veriflow understands the high-level business intent – that is, the end-to-end purpose of the network – it can provide assurance continuously as the network is changed over time.”
DJ: Who is using Veriflow technology? What types of companies are these in terms of their sectors?
Godfrey: “We work with a broad range of organizations – financial, media, health care, and manufacturing firms, service providers, government agencies, and more. We’re seeing similar challenges across all these sectors, especially for mid- to large-scale organizations. They use Veriflow to ensure the network infrastructure is resilient, to find security vulnerabilities in network segmentation, to automate mapping and compliance, and – when incidents do occur – to rapidly understand the network.”
DJ: How do you see your company and its services growing over the next five years?
Godfrey: “We recently announced the new version of Veriflow’s Continuous Network Verification platform, including new capabilities we’re quite excited about – among them, CloudPredict which provides verification and visibility for public cloud and hybrid cloud; Automated Intent Inference, which intelligently figures out what business goals to verify; and Preflight, which lets organizations test changes before deployment to the live infrastructure. We expect to continue to develop these technology directions in the coming years.”
“Ultimately, we think Continuous Network Verification technology will protect every device in every organization. That train is already rolling – we’ve seen this technology grow from research lab projects to the point that today, most hyperscale cloud providers have deployed network verification specialized for internal use, while we provide verification technology that’s widely applicable. So as you can imagine, we think the next few years will be quite exciting as verification is adopted broadly.”
For those thinking of entering the digital solutions sector, we ask Dr. Godfrey about his background.
DJ: Dr. Godfrey, please can you explain your background and how came to found Veriflow.
Godfrey: “Well, that goes all the way back to Math Club in high school! I’ve always loved mathematical and algorithmic thinking, and wanted to apply it in a practical way. That led me to a Ph.D. in computer science at Berkeley, where I specialized in theoretical techniques for computer networking. Fast forward a few years and as a professor at the University of Illinois at Urbana-Champaign, I worked with Ahmed Khurshid and Matthew Caesar to develop new techniques to algorithmically analyze networks to rigorously determine if they are correct and secure. We pioneered research in this area and realized it could have big impact, and the three of us founded Veriflow a couple years later.”
Looking to forthcoming disruption in the sector, we also asked Dr. Godfrey what the future holds for his company and businesses in general.
DJ: What other projects are you working on?
Godfrey: “While serving as CTO of Veriflow, I’m also a professor in the computer science department at Illinois. One of our projects, called Performance-oriented Congestion Control (PCC), uses online learning theory to improve the performance of data transfer across the Internet, such as for movies. We’re also exploring another slightly radical idea: what would it take to build a speed-of-light Internet? Today, if you visit a web page, the server with the data you want might be perhaps 10 milliseconds away when traveling at the speed of light in a vacuum, but it can easily take 30 or 100 times that long just to send a small request, like retrieving the text of a page, and get a reply. We’re trying to see what it takes to reduce that time as close as possible to the speed of light. This would change the experience of using the Internet and might even open the door to exciting new applications like collaborative virtual reality.”
DJ: What other challenges do digital businesses face?
Godfrey: “Technology is changing rapidly, from software-defined networks to cloud computing to intent-based networks to machine learning. We all have to be thinking creatively about what that means for our business and for the humans with whom our technology interacts, but that also means it’s a very exciting time to be working in computing.”
Formal verification is important for businesses, from small concerns to the critical infrastructure of high-tech corporations. A company like Veriflow helps businesses address potentially damaging vulnerabilities and outages.
