SD-WAN to the Future
“Tunnels? Where we’re going, we don’t need tunnels.”
Making your network tunnel-free with Session Smart leads to better user experiences, simpler operations, and more robust security, while reducing infrastructure costs and bandwidth consumption. In this webinar, Andy Ory and Patrick MeLampy explain how cloud and mobility have left tunnels in the past, how Session Smart Routing makes next-generation SD-WAN possible, and why conventional IP routing is no longer the solution of choice.
You’ll learn
How cloud and mobility have left tunnels in the past
How Session Smart Routing makes next-gen SD-WAN possible
Why conventional IP routing is no longer the way to go
Who is this for?
Host
Guest speakers
Transcript
00:01 [Music]
00:27 [Music]
00:36 doc you won't believe this but in 2028
00:39 there were no more tunnels used in
00:40 networking how in the world did they get
00:42 the packets to go where they wanted them
00:44 to go well see doc starting in 2022
00:47 companies and governments were so
00:49 frustrated that none of their
00:50 orchestrated tunnel solutions could talk
00:52 to each other we went from having a
00:54 truly useful internet to a mess of
00:56 proprietary overlays
00:58 the standards process was effective the
01:00 ietf realized that the only remaining
01:02 purpose of a tunnel was to get a packet
01:04 to go where it wouldn't go otherwise by
01:07 instead identifying the destination as
01:09 of a packet as a word and not as an
01:12 address that gets rewritten or reused
01:14 they solved all of their problems
01:17 how did this impact the world well for
01:19 the first time in decades things got
01:20 simpler
01:22 using words to describe tenants and
01:23 services became a powerful way to
01:25 express network intent
01:27 once accurately expressed routers were
01:29 able to deliver on experiences like
01:31 never before so i would say experience
01:34 based networking really took hold here
01:36 are some examples file downloads went
01:38 faster bandwidth requirements at data
01:41 centers dropped by 30 percent saving
01:43 lots of money on circuits and head-end
01:45 equipment and due to an infusion of ai
01:47 the cost of network operations were
01:49 reduced substantially what happened to
01:52 sd-wan
01:53 well multi-path routing remains to this
01:55 day honestly multi-path routing is
01:58 something routers should have been
01:59 capable of from the onset of the
02:00 internet the missing capabilities
02:03 required to direct a path for a session
02:05 or service a tunnel was the only
02:08 approach prior to the development of
02:09 secure vector routing by juniper
02:11 networks now every router in the world
02:13 supports multi-path routing and the
02:15 sd-wan use case is now just the routing
02:18 use case i want to buy some stock and
02:20 hold it to 2028 what are the companies
02:22 that transform networking away from
02:24 overlays and underlays i can't give you
02:27 any investment advice but juniper
02:28 networks appears to once again be the
02:30 company that transformed the industry
02:32 they did it at the dawn of the internet
02:34 with the development of asics for
02:36 forwarding and they did it again 30
02:38 years later with the development of
02:39 secure vector routing
02:44 great scott i've never heard of ipv7
02:47 ipv6 was codified in the 90s and was
02:50 still not fully implemented after 30
02:52 years what is ipv7 well doc sometimes
02:56 things are held back because of a
02:57 specific reason
02:59 network address is so widely used we're
03:01 preventing change running two internets
03:03 the ipv4 and the ipv6 was the plan for
03:06 30 years and since both worked it was
03:08 believed to be only a matter of time but
03:10 the transition never completed with
03:12 juniper leading the way towards using an
03:14 addressing system based on words that
03:16 operated over top of the existing
03:18 hodgepodge of networks the addressing
03:21 issue went away ipv7 was born as a
03:24 simple way to subscribe for services by
03:26 name
03:26 dns was mothballed and applications were
03:29 simply requested by name routers had
03:32 routing tables that could turn names
03:33 into locations unexpectedly the world
03:36 shifted to a sub-pub model for
03:38 requesting access to services many of
03:41 the security problems that existed went
03:44 away
03:45 how does this work i can't believe it
03:48 well it uses metadata cookies these are
03:50 inserted into the payload portion of
03:52 packets and used to communicate network
03:54 intent to upstream routers the cool
03:56 thing doc is that this information makes
03:58 it through metal boxes carry grade gnats
04:01 load balancers firewalls and that can
04:03 only be read by the intended next hop
04:05 router so communicating network intent
04:08 via cookies change networking
04:10 but all the application guys use cookies
04:12 today
04:13 this doesn't seem so far-fetched marty i
04:16 wonder why it took so long
04:18 sometimes the future is obvious when you
04:20 look back on it
04:27 well after jeff bezos and elon musk left
04:30 for other solar systems the hyperscale
04:32 big tech company emerged into an even
04:34 larger behemoth
04:36 every single network server in the world
04:38 is now run in a micro google zone data
04:40 center
04:41 how did this change networking well the
04:44 shape of the network has always been
04:45 changing but in their 20s the changing
04:48 shape accelerated the hyperscalers of
04:50 that day developed large worldwide
04:52 networking footprints to connect clients
04:54 anywhere to servers in their data
04:56 centers the concepts of wan and sd-wan
04:58 were challenged what was needed were
05:00 easy to use software capabilities that
05:02 could operate inside the hyperscaler
05:04 servers to bring back network elegance
05:07 and control to enterprises so in the
05:09 future
05:10 corporations will still control their
05:12 own networks yeah i mean the digital
05:15 backbones of companies have become the
05:17 most important infrastructure they own
05:19 they need to control their own networks
05:21 for security and competitive advantage
05:23 they now use ai and ml to assist in
05:26 operating everything
05:27 but but why did the democrats and the
05:29 republicans go away well they didn't
05:31 really go away the prevalence of hackers
05:33 and political operatives and even fake
05:35 news went completely away when networks
05:38 had good audit trails without
05:39 misinformation people started to realize
05:42 we all share the same goals we still
05:44 have political parties but secure access
05:46 to reliable information has changed the
05:48 debate
05:52 doc probably the biggest surprise is
05:54 that the giant security problems we had
05:56 in the early part of the 2020s decade
05:59 has gone away but but marty
06:01 how could this happen
06:03 with the advent of router to router
06:05 authentication and identify identifying
06:08 every session in detail with an audit
06:10 trail defined by an end-to-end
06:12 identifier scams were rapidly terminated
06:15 but probably more important was creating
06:17 smaller network communication segments
06:19 that allowed communications only for
06:21 specific clients and services for a
06:23 single purpose
06:24 they call this hyper segmentation it's
06:26 like taking the internet and breaking it
06:28 into millions of smaller networks each
06:30 with a small subset of users and servers
06:33 wow so what happened to anywhere to
06:36 anywhere anonymous anybody can send
06:38 anything to anybody internet well
06:41 frankly society we just couldn't
06:42 continue to operate that way governments
06:45 were held hostage along with
06:46 infrastructure companies by attackers we
06:48 also couldn't stop using the network we
06:50 were really at a breaking point did did
06:52 sassy help
06:53 well sassy was the beginning of a set of
06:55 revolutions in security the first
06:57 revolution came when basically no one
06:59 could trust anyone also called zero
07:01 trust this paved the way to large
07:04 cloud-based security products they had
07:06 to be in the cloud due to the processing
07:08 requirements large databases of
07:09 real-time information and the
07:11 efficiencies of scale
07:14 so
07:14 it was like the great firewall of china
07:17 no not really
07:18 security became much more service
07:20 specific some types of services require
07:22 very specific security in fact
07:24 separating all of the services into
07:26 separate networks helped prevent losses
07:28 when a breach occurs
07:30 what was needed from the network is very
07:32 simple specific capabilities to loop in
07:35 the closest and best security for a
07:37 specific application or service
07:39 how did they stop attackers from always
07:42 breaking in i mean virtually every
07:43 attack for decades was tied to tricking
07:45 someone into executing code on a trusted
07:47 machine by not trusting any machine we
07:50 made a one large step forward
07:52 once access was obtained exfiltration or
07:54 attacks can be mounted to get the
07:56 executed code onto a machine urls are
07:59 often used or attachments to emails all
08:01 that was required was to trick a human
08:03 that's trusted into clicking on
08:04 something the genius of ai and ml came
08:07 to the forefront of 14 attackers and
08:09 hackers in the famous pandemic of 2021
08:13 the way we contained the virus was to
08:15 segment ourselves as much as possible we
08:17 had to identify and track the infected
08:19 people and quarantine them
08:21 we had to develop complex predictive
08:23 models and we had to find a safe vaccine
08:26 vaccine to inoculate everyone
08:28 the sassy solutions accomplished all
08:30 four of these to wipe out fraud scams
08:32 and attacks on the internet
08:38 you know doc what i found most
08:39 astounding is the esteem and reverence
08:41 that i.t professionals had in the future
08:44 they had a seat at the executive
08:45 roundtable and were involved in every
08:47 aspect of a business turns out digital
08:50 infrastructure of companies defined
08:52 their profit profitability more than any
08:54 other single thing
08:56 marty that's a huge difference from our
08:58 day i.t managers are often not
09:01 appreciated
09:02 yeah you know ai changed everything
09:05 i.t guys went from not really knowing
09:07 how their networks were being used to
09:09 having a seat at the board room
09:11 by learning about applications and
09:12 services it leaders became business
09:15 leaders having network intelligence or
09:17 network knowledge of how digital assets
09:20 were operating became the key source of
09:22 competitive advantage now everybody
09:24 wants to talk to the i.t guy
09:26 why did it take 50 years to get there
09:29 what's preventing us from doing these
09:31 things now well you know our networks
09:33 are multi-layered and today tunnel based
09:36 it's very hard to get useful telemetry
09:38 we try to recognize applications on the
09:41 fly but this has become harder
09:43 everything is encrypted and dns queries
09:45 are now completely invisible google and
09:48 facebook succeeded in getting sni
09:50 encrypted which was the last means of
09:52 identifying applications
09:55 so
09:56 if application creators and owners don't
09:59 want networks to know what's happening
10:01 how how did this amazing transformation
10:04 occur
10:04 well you know the application guys
10:06 aren't afraid of their names but they
10:08 are highly concerned about security ip
10:11 addresses and
10:12 network infrastructure and so forth so
10:15 when changing from using ip addresses to
10:18 names with ipv7 the application guys
10:20 started publishing their applications in
10:22 routing databases
10:24 did this make things better well it was
10:26 perhaps the biggest revolution so no
10:28 longer do application owners have to
10:30 publish list of ip addresses
10:32 but the pub sub model for obtaining
10:34 routes to applications also allowed
10:36 invitation only access which greatly
10:39 improved security all in application
10:41 guys started to cooperate with the
10:43 network guys and you know what they sang
10:45 kumbaya together
10:50 i was very surprised to learn that
10:51 juniper has been added to the dow jones
10:53 index you know it replaced cisco systems
10:56 cisco tried to fight progress but the
10:58 hyperscalers and application developers
11:00 really wanted a network that focused on
11:02 experience as soon as the application
11:04 guys discovered that juniper solutions
11:06 were experience based they became the
11:08 dominant force in networking
11:10 what happened to cisco well they
11:12 actually merged with a food services
11:13 company by the same sounding name
11:15 s-y-s-c-o you ever hear this yeah
11:17 now the bulk of their revenues are from
11:19 selling macaroni i heard biff got a job
11:21 at cisco
11:22 i guess i'm not gonna warn him
11:30 okay so
11:31 we we we
11:34 you know acting is not our long suit
11:37 but we really appreciate this time um
11:40 you know what what is really serious is
11:44 how important our networks are and what
11:46 we can learn from the past because we
11:47 can't really travel into the future but
11:49 if we learn from the past and look at
11:50 the challenges today we can start to
11:52 infer what are the right kinds of
11:54 solutions
11:55 you know an example would be if everyone
11:57 on this webinar looked out their window
11:59 and could visualize 500 billion dollars
12:02 of infrastructure global infrastructure
12:05 that drives the world's economy connects
12:08 us all and it's made up really would be
12:10 in three colors storage compute and
12:13 network
12:14 and what's happened is that storage and
12:16 compute have forever changed i mean
12:18 think about it when you go buy a laptop
12:20 it doesn't even have a disk drive
12:21 anymore your storage is in the cloud
12:24 and and compute you know vmware and
12:26 virtualization just changed the dynamics
12:28 and the economics of being able to
12:30 deploy things like data centers at gale
12:33 same thing's going to happen to
12:34 networking and the reason is both
12:36 storage and compute had general purpose
12:39 compute separating from the software and
12:41 the software could spin
12:43 free and innovate and you know it was
12:45 mark andreasen that you know said maybe
12:47 25 years ago software is going to eat
12:49 the world it's it's software can
12:51 innovate so quickly and so we've worked
12:53 really hard to separate the routing
12:55 software from any underlying hardware
12:57 requirements and really innovate and we
13:00 think that networking is going to
13:02 undergo the same revolution and
13:04 transformation and have the same kind of
13:06 business impact and opportunities as
13:08 storage and compute did one of the key
13:10 things is advancement without technical
13:12 debt you know this notion of putting
13:14 layers upon layers of complexity to
13:16 solve your current problem but just
13:18 making things more unwieldy you know pat
13:21 talk to us a little bit about technical
13:22 debt is that is that what's happening in
13:24 2021 and how do we avoid it
13:28 yeah you know it is my opinion that
13:29 there that um we're accumulating
13:31 technical debt in our networks at a
13:33 pretty rapid pace
13:34 you know in evidence of that that's easy
13:36 to see is there's like calls right now
13:38 for standards uh to be established so
13:41 that um
13:42 tunnel tunnels that are being
13:44 orchestrated
13:45 uh by one vendor can talk to tunnels
13:48 being orchestrated by another vendor or
13:50 even another instance of the same vendor
13:53 you know the fact that these sd-wan
13:55 solutions can't talk to each other is a
13:57 giant problem
13:58 it's also a problem that they're all
14:00 using slightly different proprietary
14:03 headers and information you know we the
14:06 the way that the network has become so
14:08 ubiquitous and powerful over over the
14:10 ages is because we've all used the same
14:13 protocols and and subscribe to standard
14:16 standards are very very important
14:18 you know
14:19 lately i've seen a bunch of standard
14:21 proposals being made for
14:23 people that want the overlay network to
14:26 actually communicate with and send
14:28 security events and and uh with the
14:31 underlay so you you know if an alarm or
14:34 a circuit issue or route issue happens
14:36 in the underlay you need to tell the
14:38 overlay and vice versa and you know it's
14:40 it's sort of maddening um
14:43 in terms of the amount of debt we're
14:44 accumulating and most recently i'll give
14:46 you you know another example of how
14:48 we're overloading existing protocols to
14:51 the extent that is probably going to
14:53 drive us uh to another breaking point so
14:56 the to the dns subsystem is really used
14:59 for routing today the dns system answers
15:01 the question for every client
15:04 not just what is the address of a
15:06 particular server but where is the best
15:08 server for me at this moment in time now
15:12 and so that's really a routine that
15:14 really should be the choice of the
15:16 network and not the choice of of dns i
15:18 mean dns is provisioned and populated
15:21 and takes you know 10 12 15 minutes for
15:24 it to be updated and we're using dns now
15:27 with very very short leases which is how
15:29 long the information is valid sometimes
15:31 measured in seconds and that's because
15:33 we want
15:34 clients to keep coming back to get new
15:36 information so we can do
15:38 spread stuff out do load balancing and
15:40 run our the internet in a different way
15:43 using dns as part of our routing
15:44 solution
15:46 you know so it's very important that um
15:49 that we pay attention to uh these kinds
15:52 of technologies that are being stretched
15:55 and
15:55 hopefully uh avoid sort of piling on the
15:58 tech and creating problems that just
16:00 won't go away and then solving them with
16:02 yet another another layer
16:05 so andy um
16:08 one of the you really strike uh it's it
16:11 sounds so interesting when you talk
16:12 about innovation and software and
16:14 why is it that
16:16 you know big companies oftentimes really
16:19 struggle with being innovative
16:22 you know well i mean the the truth is
16:24 innovation requires little companies and
16:27 big companies small groups and large
16:29 groups because it's not just the idea
16:31 it's not it's not a science experiment
16:33 it actually is delivering a solution
16:35 that has impactful positive business
16:38 outcomes in a sustained and scalable way
16:41 and so what you have is you have little
16:42 focused
16:43 organizations that worship from the
16:45 altar of disruption and speed whereas
16:48 you have larger organizations that are
16:50 about customer intimacy and business
16:52 predictability and so really it's almost
16:55 like a texas two-step and you know what
16:57 you find are small organizations can
17:00 really innovate and then need to partner
17:02 with the larger organizations to become
17:04 part of a broader context and you know
17:08 that that's a transition that we as an
17:10 organization went through about six
17:12 months ago you know so we patrick and i
17:16 are two of the seven co-founders of 128
17:18 technology and about six months ago we
17:21 found one of the greatest if not the
17:23 greatest routing company the most
17:25 innovative routing company in the world
17:27 where we were cohabitating a very large
17:29 10 000 site deployment in retail health
17:32 care and we realize one plus one really
17:34 equals four
17:36 and so
17:37 um you know we're able to provide
17:39 innovation and juniper is able to
17:42 provide full stack integration they're
17:44 able to provide comprehensive
17:46 uh security solutions they provide ml
17:49 and ai and cloud things that we don't
17:51 have and so it really is important that
17:54 you have both of those elements so that
17:56 the sustainable business outcomes can be
17:58 affected
17:59 you know sometimes what happens that big
18:01 companies themselves just try and
18:03 innovate without any real insight and it
18:07 ends up being that we pile on to an
18:09 existing technology in a way that just
18:11 isn't so valuable and starts to become
18:13 unwieldy and maybe even inefficient or
18:16 cause problems i'm pat do you want to i
18:18 know you have one that you want to talk
18:19 about
18:21 yeah you know
18:23 it's really interesting like um
18:25 the way the network works and i'm not
18:27 sure how many people know this but the
18:29 way it evolved was that uh it's all
18:32 based on tcp and with tcp you know in
18:35 the early days
18:36 andy i had the same problem in one of my
18:38 webinars don't touch the papers near
18:40 your computer
18:42 i'm so sorry
18:43 it's okay you do it very very carefully
18:46 it comes across very loud um
18:50 so the interesting part is is uh the way
18:52 the tcp operates is is it it never knows
18:56 how fast the network is
18:58 the client and server have no clue and
19:00 the server can send out packets way
19:02 faster than the network can can can
19:04 deliver them which would result in all
19:06 of those packets being dropped and
19:08 having to be retransmitted to prevent
19:10 this from happening over and over again
19:12 every time there's a client server uh
19:14 session that gets established the tcp
19:16 protocol starts slow and sort of ramps
19:19 up speed and when it gets to the point
19:22 where it's going as fast as the
19:24 end-to-end connection will allow a
19:26 packet will be dropped and when that
19:28 packet's dropped it signals the server
19:30 don't go any faster and it also signals
19:32 the client don't go any faster so
19:34 everybody sort of settles down locks in
19:36 and understands oh this is how fast i
19:38 can go and and without dropping packets
19:41 and that's how the the whole internet
19:43 works now the sd-wan guys
19:45 several of them
19:47 tout forward air correction as a way to
19:49 replace a packet that was dropped in the
19:51 middle of the network
19:52 and what's funny is is dropping packets
19:55 is essential for the network to work
19:57 correctly and so now the you know these
19:59 tunnels um because they're aggregate
20:01 flows and because
20:03 they're not a single inside of these
20:05 tunnels are hundreds if not thousands of
20:07 individual flows
20:09 because they're such large what we call
20:11 elephant flows they suffer more random
20:14 early discard than
20:16 than if if all of those sessions had
20:17 been uh separate and in different flows
20:20 going through the same routed network
20:22 first they would be spread out as much
20:24 and they wouldn't all be impacted by
20:25 random early discard but when a discard
20:27 occurs it's more likely to happen on a
20:29 tunnel so by adding forward air
20:31 correction they can recover that packet
20:33 but recovering that packet doesn't make
20:35 sense with the tcp standard and so
20:39 it and the worst part about it is is it
20:41 consumes up to 33
20:43 additional bandwidth on top of the
20:45 on top of the tunnel overhead so it's an
20:48 example yet of another sort of
20:50 solution to a problem that we created by
20:54 solving the problem with more tech you
20:56 know we need to get back to basics of
20:58 routing packets
20:59 if tunnel's only purpose is to get a
21:02 packet to go where it wouldn't go
21:03 otherwise we need to fix the way routing
21:06 works and that's what 128 technology did
21:09 and that's why juniper acquired us
21:12 you know andy um
21:14 it's really fascinating
21:19 because some you know that businesses
21:22 really really need to focus on their
21:24 digital infrastructure it's so important
21:26 to how they run maybe you could talk for
21:28 you know i i'm certainly interested in
21:30 your views on how
21:31 important the i.t profession and the
21:34 digital infrastructure of their
21:36 companies are and maybe you can comment
21:38 on that
21:39 yeah it's funny you know in the in the
21:41 present you know the little movie clip
21:43 you and i did um
21:45 we talked about the importance of the
21:47 i.t professional and uh it's true that i
21:51 t you know most people don't understand
21:53 in their organization what the cio does
21:55 it's very hard for them to figure it out
21:57 and they tend to look at it as a cost
21:59 center um and and to some extent there's
22:02 some truth to that
22:04 uh we're also seeing that um we're
22:06 outsourcing everything to the cloud you
22:08 know we're moving more and more to the
22:09 cloud and you tend not to outsource
22:11 things that are strategic and so these
22:14 are these tend to be short you know i
22:17 think that that this is a short-term
22:19 move of what's really going to happen to
22:20 i.t i think that it and the it
22:23 profession is going to become incredibly
22:25 strategic to every one of these large
22:28 corporations because as they digitally
22:30 transform all their engagement and all
22:33 their experience is going to be trolled
22:35 through the lens of what it is able to
22:37 deliver and secure and when you think
22:40 about it we live in a world even today
22:42 where the largest taxi cab company in
22:45 the world doesn't own a single car and
22:47 that's uber and the largest hotel chain
22:50 in the world doesn't own a single hotel
22:52 and that's airbnb and we've seen the
22:55 last 15 months of the pandemic we've
22:57 seen real digital engagement of all of
22:59 our stakeholders whether it's employees
23:01 or partners or customers
23:04 and you know what you realize is that
23:06 the network is where things stop and
23:08 where things start and it is critically
23:10 important so i do think that the next 10
23:12 years it is going to become more
23:15 strategic than it's ever been digital
23:17 transformation is real and the pandemic
23:20 has only served to accelerate it we have
23:22 a saying around juniper
23:24 that experience is the new uptime and it
23:27 and it really is because if people have
23:30 a good experience when they impact when
23:32 they interact with your business they're
23:33 going to do it again and if they have a
23:35 bad experience they may go somewhere
23:37 else and and that's really a big deal um
23:41 you know i've had i i guess i could say
23:43 marty
23:44 i'm kind of kind of uh
23:46 curious what else changed in 2028
23:50 well you know it it's really surprising
23:52 how the worlds of networking and the
23:54 worlds of um the application guys and
23:57 the and the devops guys all sort of
23:59 merge together into
24:02 an amazing world the application guys
24:05 really really have a lot of information
24:07 that the networking guys would like to
24:08 have for example if the user's failing
24:11 to log into a service repeatedly i would
24:14 think the networking guys would like to
24:16 know that secondly if an application
24:18 needs quality uh cost for a particular
24:22 purpose and the application owner is
24:24 willing to pay for it it would be really
24:26 quite nice if the application could
24:28 request that securely of the network
24:31 network intent being communicated
24:33 through the payload portion of packets
24:35 in the form of metadata
24:38 in the future could be incredibly
24:40 powerful way to not only authenticate
24:42 and secure connectivity between routers
24:45 but between routers and servers and
24:47 between clients and and and routed
24:49 networks so i i feel like you know this
24:52 ipv7 we we all make we made fun of it in
24:56 the in the video but there really does
24:58 have to be a new way
25:00 in the future there has to be a new way
25:02 we can't continue to use ip addresses
25:05 the way we've been using them
25:07 and
25:08 use dns to try to put some sense to them
25:11 and to figure out how to run these
25:13 networks securely it and express network
25:15 intent using addresses it's just not
25:18 going to work so i i am uh excited uh
25:21 when when i when we joined juniper i was
25:24 very excited because many of the people
25:26 in in juniper senior uh
25:28 engineering areas are very committed to
25:30 standards and the question started
25:32 coming up right away about well
25:34 when are we going to make secure vector
25:36 routing a standard when is the metadata
25:38 going to go through a standardization
25:39 process we want to make this stuff open
25:41 or we will never
25:43 that's what networking people do and
25:45 that was really good news for me and uh
25:48 we're very excited to say that juniper
25:50 is committed to making these things
25:51 standard and we really need our our
25:54 customers and our our support in in
25:56 achieving that
25:57 um because you know we can't do it
25:59 ourselves we need we need our big
26:01 customers to help us but we're very
26:03 excited about that and i do believe that
26:05 that networking networking is in a a
26:08 sort of a place where it's going to
26:10 change fast not only andy because of the
26:12 things you said
26:14 the introduction and software but also
26:16 incredible brokenness in how it's
26:18 working and how we're just layering on
26:21 more inefficient layers of technology to
26:23 solve problems that only create more
26:25 problems and make things harder to
26:27 understand
26:28 and i just feel like we're at it we're
26:30 at a breaking point and there's going to
26:31 be some fantastic innovation i do
26:33 believe juniper's found it in ai and in
26:37 secure vector routing uh swirled
26:39 together that's my belief
26:42 yeah i mean i mean the thing you know
26:43 patrick and i are new to juniper we've
26:45 been here for a little over half a year
26:48 and so we have fresh eyes and what's
26:51 wonderful first of all is that the
26:52 commitment is authentic
26:54 that the folks are present they believe
26:56 what patrick's saying that change is
26:58 afoot they need to think differently
27:00 they need to partner they need to assess
27:02 their value
27:03 in terms of the impactful business
27:05 outcomes they can have with their
27:07 customers slash partners
27:09 the other thing is that juniper very
27:11 much is in the goldilocks zone
27:13 they're big enough to be global they're
27:15 big enough to have a comprehensive
27:17 solution from full stack at the edge all
27:20 the way into the cloud with all of the
27:22 requisite technologies like ml and ai
27:25 but they're small enough that they can
27:27 all get in a room and they can really
27:28 talk about the issues
27:30 and they're they're the things they buy
27:32 the things they acquire are truly
27:34 impactful
27:35 and
27:36 you know that that's why i think you're
27:37 going to continue to see
27:39 juniper lead through this incredible
27:42 transition
27:43 of what's going on in this market
27:45 so with that i think we ought to open it
27:47 up to questions really appreciate
27:48 everyone's time on this webinar
27:51 pat we're um
27:53 maybe let me move my papers here without
27:55 making too much noise and let's look at
27:56 some of these questions
28:04 so there was a question about um
28:06 ai features and how they helped during
28:08 the course of time in in performance of
28:11 the network
28:13 well i have to say um i always prided
28:16 myself when i was a cto and top
28:18 technologist at both acme packet and 128
28:22 that i i understood everything about
28:24 technology and i can honestly say it's
28:27 embarrassing but i knew nothing about ai
28:29 and ml and i did not appreciate how it
28:32 worked i did not appreciate what it
28:34 could mean or the power that it it has
28:36 andy and i used to sit around
28:38 over having we share an office because
28:41 we're i don't know why we share an
28:42 office which is ridiculous but
28:44 we would sit around and have coffee and
28:46 talk about when cars will drive
28:48 themselves and when they won't
28:50 and um we would argue
28:52 literally for hours about the same topic
28:54 you know
28:55 and of course
28:56 neither of us really knows the answer um
28:59 but
29:00 artificial intelligence is really unique
29:02 and and the way i i'm a i'm a guy that
29:06 has to see it and touch it to believe it
29:09 when i got to juniper and i started
29:10 talking to the data scientists
29:12 at first i said yeah yeah yeah it's all
29:14 crap and then i i saw some of the models
29:17 they have and i was blown away so for
29:20 example we struggled and the best way to
29:23 to explain it is through example we
29:25 struggled and literally
29:27 uh had so much difficulty with some bad
29:30 cables at a large deployment it was a 10
29:32 000
29:33 router deployment at a major retail
29:35 store and and there were two routers at
29:37 every site connected by a two foot long
29:39 cable which provided the dog leg and a
29:42 method of communicating between the
29:43 active and the standby
29:45 because we only saw software at the time
29:48 we were an independent company
29:50 the customer had to go out and buy these
29:52 cables and so they spec them out as cat
29:54 6 cables and they ordered 10 000 of them
29:56 and uh
29:58 you know they
29:59 they're only two foot long cable and you
30:01 know we wound up having a bunch of
30:04 problems and uh
30:06 in these routers and the the the symptom
30:08 was that the uh auto negotiation would
30:11 fluctuate from you know full speed to to
30:14 it would downshift to slower speeds we
30:16 wound up seeing some occasional runts or
30:19 framing errors or or and this was across
30:22 a large number
30:23 of of these different locations and you
30:26 know the end customer was just
30:28 fit to be tied it was they were they
30:29 were excited about the technology but
30:31 frustrated that the hardware wasn't
30:33 working they thought it was the hardware
30:34 we tried swapping the hardware things
30:36 out
30:36 we tried everything and literally after
30:38 three or four weeks we said well gee why
30:41 don't we swap out the cable and they
30:43 didn't believe that the cables could
30:45 cause such a problem but we did swap
30:46 them out at one site and the problem
30:48 went away we then realized that by
30:51 testing the cables and having them
30:53 taking them to a test lab that they were
30:55 insufficient and as much as 10 or 15
30:58 percent of them were bad not all of them
31:00 but they had no way to know of the 10
31:02 000 locations which locations had the
31:05 bag cables and which ones didn't and so
31:07 they wound up having to replace them all
31:09 i got to juniper and the very first
31:12 example they showed me on their aiml was
31:15 a bad cable detection algorithm and you
31:18 know
31:18 they trained it they got data from bad
31:21 cables over and the and the data science
31:23 guys who don't know anything about
31:24 networking or bad cables we're able to
31:26 see the data behind it and able to make
31:29 predictive models of not only cables
31:32 that were actively failing but cables
31:34 that were likely to fail or or degrade
31:37 and keep in mind cable performance is
31:39 tied to lots of things including
31:41 temperature and humidity so
31:43 i have to say that i fell off my chair
31:46 when i saw that and and then i saw some
31:48 of their other models they're developing
31:49 it's truly transformational i mean
31:52 imagine the cost of replacing all those
31:54 cables because you just don't know and
31:56 andy uh i always tell you when i
31:58 remember when i first saw the internet
32:00 and i told you this was going to change
32:01 the world this ai ml and networking is
32:04 going to change networking
32:06 yeah i mean another example are we we
32:09 statically engineer and provision
32:11 pathways on our network for the types of
32:13 services and our biases are programmed
32:15 in there as well so we may sit there and
32:17 say voice needs to go over the mpls
32:19 circuit we'll use the dia circuit for
32:21 something else
32:22 but you know a network a learning
32:24 network is able to look at this and
32:26 might say actually that's not the case
32:28 and so if it's able to harvest in real
32:30 time what's going on it can start
32:33 challenge some of our biases and
32:35 empirically derive what are the best
32:37 ways best paths best resources for the
32:40 kinds of services we want not to mention
32:42 that things are our dynamic
32:45 you know william has a question here
32:46 about you know header compression as a
32:48 way to say bandwidth and before i turn
32:50 that over to pat because we did have an
32:51 argument early on about header
32:53 compression um versus tunnelless
32:56 architectures and what the difference is
32:58 there are so many reasons not just the
33:00 bandwidth savings for not using tunnels
33:03 they're
33:04 bi-directional they provide a trap door
33:06 in the in the return path they increase
33:09 your attack surface area they make it
33:10 very difficult to manage individual
33:13 sessions on a link and dynamically move
33:15 that um there's lots of different
33:17 reasons but pat maybe you want to
33:18 briefly talk about um header compression
33:20 versus what we're doing
33:23 yeah so uh i mean in fact some people
33:26 who are really smart say you're still an
33:27 overlay and you are just compressing
33:29 headers and while that's true
33:32 uh we eliminate all the extra data
33:34 that's sent over and over and over again
33:36 on every packet by by using session
33:38 state to do it what andy said is
33:40 critically important we also enforce the
33:42 return pathway which is what a firewall
33:44 would do
33:45 and and by keeping the the flows
33:48 together into a session uh we've we've
33:50 been able to provide a lot more
33:52 analytics and information that would be
33:55 useful to an ai solution or to a a siem
33:59 solution or to a network owner an
34:00 operator i mean we actually don't need
34:03 to build an a a complete overlay data
34:06 collection and data processing thing to
34:08 figure out what's going on in our
34:09 network we actually know
34:11 so uh
34:12 all of that's really good but in the
34:14 metadata like we talked about
34:16 the metadata being used to compress the
34:18 tunnel or get rid of the tunnel it also
34:20 contains routing intent
34:22 and it's signed and it's signed by the
34:25 first router for the second router
34:27 and it also has a time of day in the
34:30 signature so what winds up happening is
34:32 this means that nothing can be replayed
34:35 this means that that if i'm a router
34:37 talking to another router in the network
34:39 every packet that arrives at that
34:40 interface is absolutely authenticated
34:43 from it its source is authenticatable
34:46 also inside this metadata is a session
34:48 id that is attached or assigned by the
34:51 first router that sees the session and
34:53 and starts the process and so you can
34:56 trace things through the network like an
34:58 audit basis you can actually even on our
35:00 products get traces for a particular
35:03 session through the entire network of
35:04 routers that support the metadata and so
35:07 we
35:08 it's a it's a it's a transformational
35:10 way
35:11 to do uh to express network uh intent
35:14 between between routers that works
35:17 through every firewall every
35:18 carrier-grade net so it really is a
35:20 bigger deal than just header compression
35:23 and andy there was another question here
35:26 yeah
35:26 there was a question here about
35:28 bad actors working their way into ipv7
35:32 um you know
35:35 first of all virtually the entire dns
35:37 infrastructure is is not is used in an
35:40 unencrypted fashion and i know there's
35:42 lots of efforts uh dnssec and there's
35:44 lots of efforts to make people stop
35:46 doing that
35:47 but when you think about
35:50 like like office 365 they publish their
35:53 addresses online so that firewall
35:56 administrators can build rules to
35:59 secure or to increase the security
36:02 between the their their routers or their
36:04 firewalls at their locations and
36:06 microsoft's uh office 365 servers and
36:10 they update this monthly or whatever and
36:13 i think zoom does the same thing i think
36:15 salesforce doesn't say all these basic
36:17 uh software as a service uh guys are
36:20 updating their their addresses and
36:21 information we
36:23 we think that
36:25 and it's all done in a non-standard
36:26 fashion like everyone has their own way
36:28 of doing it
36:29 most people it's a document on an html
36:31 document it's got to be hand entered
36:34 into our extended acls and our routers
36:37 manually and we have to do all the
36:39 the bitwise math uh to make to enter the
36:41 stuff correctly and it's just really
36:44 painstakingly painful and the question
36:46 is would
36:47 application owners uh submit that
36:49 information into a registry that is
36:51 accessible securely i actually think
36:53 they would i think it would be
36:55 you know the nice thing about
36:57 subscription models for information
36:59 routing information is that
37:00 you could publish information in a
37:02 routing database for only those parties
37:04 that you want to obtain it
37:07 and i know it's complicated but you know
37:09 linkedin facebook these are amazing
37:12 networks of of social networks where
37:15 they scale to unbelievable sizes where
37:17 there's a lot of controls over who can
37:19 see what and and who can access what it
37:21 doesn't seem far-fetched to me that that
37:23 couldn't be how the the the router
37:26 network operates in the future
37:29 pat let's see if we can go into the next
37:30 one which is you know expand on using
37:32 words instead of ip addresses
37:35 yeah so inside this metadata that i
37:38 talked about we actually put two words
37:40 in there the one word is the tenant and
37:42 another which is basically the
37:44 identifies the client's network zone or
37:46 security zone or or and and
37:49 and
37:50 the tenant is structured as a as a
37:52 dotted domain-like address so it can
37:55 you can only be in one vlan but you know
37:57 if you use a dotted domain name like
38:00 model you can actually be in a
38:02 hierarchical set of vlans which is
38:05 essentially uh which is what we do so
38:07 you could be you know an employee but
38:09 you could also be a director you could
38:11 also be a a a you know an executive and
38:15 you could
38:16 have all these different tiers defined
38:18 by uh like like a domain address and
38:21 that's the tenant side that
38:22 that's who's wanting the service and
38:24 it's not a 10.0 address or
38:27 it's a real textual name and then the
38:30 service itself is a real textual name
38:33 very similar to a domain name service
38:36 that you would get in dns in fact it's
38:37 identical and so what winds up happening
38:40 is in this network intent you know the
38:42 name of the service the person wants and
38:43 you know who the requester is by
38:45 security zone or by or and and you trust
38:48 it because it's been signed by the the
38:50 branch router so you trust it and it
38:52 gives you information that you wouldn't
38:54 have otherwise so now when you get to
38:57 the other side of the network
38:58 forget you you don't even need dns
39:01 really what you need is you have the
39:02 name of the service you need to know
39:04 where that service is and if that
39:06 service is on a specific address you can
39:08 route you can not nat to that address or
39:10 route straight to that address so that
39:12 the name itself stays in the routing
39:15 system from beginning to end now
39:17 invariably you leave the the
39:20 the domain of this kind of routed
39:22 network and wind up in the old world in
39:24 the old world you are correct you know
39:27 no one's going to be able to read that
39:30 name out until this kind of networking
39:32 ipv7 spreads like wildfire
39:37 i think i answered the question i hope
39:39 yeah yeah
39:41 so um next one is about dna ns and
39:43 cookies playing a role in svr between
39:46 two public ips
39:49 uh where's the question i don't see it
39:50 here oh hold on it says do the dns and
39:54 cookies play any role in svr between two
39:56 public ips
39:59 oh
40:00 um
40:03 well you know
40:05 the public ips classically that we use
40:07 today are not
40:09 really
40:10 they're like um
40:12 like at your branch office no one really
40:14 probably even knows your public address
40:16 um unless you are smart enough to figure
40:18 it out and when you go to a service the
40:20 branch you know the public address
40:22 that's on the edge of the data center
40:25 that your tunnel's using today you may
40:27 not be able to discern as well i think
40:30 the um
40:32 you know the the public addresses in the
40:34 ipv4 network and the ipv6 network are
40:36 like transport addresses that the
40:39 networking world needs to know they need
40:41 i i need to know how to get to the data
40:43 center and then once at the edge of the
40:45 data center how to get to the servers
40:47 that have the service i'm looking for
40:49 and the name that we're putting in the
40:51 metadata helps with both
40:54 we call those public addresses by the
40:56 way at
40:58 uh in our ssr product at juniper we call
41:00 those public addresses waypoints they're
41:02 like if you know ipv6 segment routing
41:05 they're like
41:06 um
41:07 the segments they're they're like the
41:09 the the the
41:10 the instance of the fact
41:13 and pat where you're going to go i want
41:15 let me loop two questions into what
41:16 you're about to say because it's
41:18 important we had a question about is
41:20 this name data routing and we had a
41:21 question about how is this different
41:23 from segment routing and i remember
41:26 around our shop for the last five years
41:28 you would talk about you know the recipe
41:30 for doing what we do is taking segment
41:32 routing some name data routing and some
41:34 lisp and stirring it together maybe we
41:36 want to maybe you want to talk a little
41:37 bit about that i think that'll put name
41:39 data routing and segment routing into
41:40 context
41:42 yeah sure so name data routing it does
41:44 suggest that you you route to named
41:46 objects on on the internet and let the
41:48 network figure out where they are
41:51 and in a sense we do that only you know
41:54 so
41:55 that's why it's one part name data
41:57 networking um although
42:00 name data networking operates on top of
42:02 an existing network it requires a
42:04 complete change in how clients and
42:06 servers operate and so
42:08 we on the other hand
42:10 uh can bridge the old world to this
42:13 named world by using our router as a way
42:16 of applying those kinds of policies
42:18 with lisp you know it's it
42:20 it has too weak it has a weakness and it
42:22 has a strength the strength the strength
42:24 of
42:25 of lisp is that it has a big database of
42:28 of things that you need to get to and it
42:31 gives you an address to get there so
42:34 that's similar to how our step protocol
42:37 operates where
42:38 uh you know you you it's like dns you
42:41 give it a name and uh it instead of it
42:43 giving you the actual address
42:46 of
42:47 of the service instance it gives you the
42:50 waypoint address to get there but it
42:52 operates very similar to dns and lisp
42:54 it's like it's like lisp more than dns
42:57 but it's similar where you can look
42:58 things up to find out an address to send
43:00 stuff to
43:01 and then of course ipv6 segment routing
43:04 you know with ipv6 segment routing you
43:06 change the address of the packet to go
43:08 to the router you want it to go to
43:11 in our world we changed the source
43:14 address
43:15 and the destination address to be the
43:16 router addresses to create a pair of
43:18 routers so i'm the source router you're
43:20 the desk writer i changed the address
43:22 source address to me i changed the
43:24 desktop to you now i have a pathway
43:26 between me and you for a session a
43:29 singular session and in return
43:32 the the return path is assumed to be
43:34 exactly the same
43:36 and so the reverse addresses are used in
43:38 the return path and we can send four
43:41 billion unique sessions between any two
43:43 routers using this technique
43:45 and so that's all three of them combined
43:47 it's like the best of all threes merged
43:49 together the weakness with lisp of
43:50 course is that there's no security and
43:52 if you know the the our loc or the the
43:55 the the secret address that's returned
43:57 from the that's the server you can send
43:59 packets into a data center with without
44:01 there's no there's no um uh
44:03 authentication so we've added that so
44:05 it's like all three put together
44:08 into one
44:09 and and something that's really
44:11 important because there is 500 billion
44:13 dollars of existing infrastructure you
44:15 know over the last 15 or 20 years people
44:17 have talked about starting a brand new
44:18 internet it's just not going to happen
44:21 we need we need technologies and
44:24 solutions that innovate in place and so
44:27 you know if you have our technology at a
44:29 thin edge at a branch site and you have
44:31 it in a data center or at another branch
44:34 site that that works we we can and it
44:36 will work with regular ordinary routers
44:39 in between and we don't need
44:41 bi-directionality but when you
44:43 think about the importance of experience
44:46 and how that is all session based on you
44:49 know it's a digital transformation that
44:51 does really presuppose that you are able
44:54 to
44:55 get the bi-directionality so that you're
44:57 able to make sure that the total
45:00 experience not one way or the other is
45:04 functioning well and and that's really
45:06 important
45:07 so you know so andy there's been several
45:09 questions about ipv7 um
45:13 it was a complete farcical notion that
45:15 there was an ipv7 so there really is no
45:17 ipv7
45:18 um you know we were there are bad actors
45:20 though
45:21 well there are bad actors but think
45:23 about the thing about ipv7 is is you
45:26 know we have to get away from using
45:28 these fixed sort of addresses that have
45:31 no meaning to humans
45:32 to express network intent and whether
45:34 you want to call that ipv7 or you want
45:36 to call it uh
45:39 you know
45:40 i don't know what we're going to call it
45:41 but i i think something has to change
45:43 we're at a breaking point and so we made
45:45 that up as a joke
45:48 um
45:49 yeah you know there was a question here
45:51 about you know is 128 uh somehow a zero
45:54 trust network zero tr you know for acc
45:56 an access concept between firewalls no
45:58 tunnels only encrypted sessions
46:02 yeah it is it is zero trust in many ways
46:05 uh first of all every single session is
46:08 authenticated with its unique signature
46:11 on every single header at first packet
46:14 on every on the metadata it's signed and
46:16 then
46:17 thereafter every single packet has an
46:20 hmac um checksum on it or an hmac
46:22 signature on it every single packet that
46:24 is unique to that particular tenant uh
46:27 tenant that is where the traffic is
46:29 coming from
46:30 uh so it it really is um
46:33 you know you can't get one packet into
46:35 this it's it's it's as secure or not as
46:38 a ipsec tunnel would be it's absolutely
46:41 as secure as that nothing can get in in
46:44 in the back way
46:45 but it's more secure than a tunnel in
46:47 the sense of what andy said earlier you
46:49 know tunnels are like open doors like
46:52 it's like a hallway with open doors on
46:54 both ends that open up pathways and
46:57 to a t all of our sd-wan competitors
47:00 use cider block style
47:02 uh
47:04 route enablement
47:05 uh through these tunnels like they
47:07 create they they use these tunnels to
47:08 create a larger
47:10 you know private network that spans from
47:12 your data center to your brand site and
47:14 then you have to go about the business
47:16 of deciding what should go through that
47:18 tunnel with either extended acls or or
47:22 whatever that particular vendor offers
47:24 as a way to to stop things from going
47:26 through the tunnel that shouldn't go
47:27 through the tunnel you know because once
47:29 you open that door
47:30 things could sneak in and out and we
47:32 don't do that we treat each session
47:35 as a unique
47:36 authenticated admittance uh in both
47:40 directions so if it's going from the
47:42 data center to the to the branch uh
47:45 it is a unique session that is is
47:47 separated from the the the session going
47:50 the opposite way from the branch to the
47:51 data center so it really is uh
47:54 zero trust between these routers and
47:56 when you think about um
47:58 segmentation um you know what a lot of
48:02 sd-wan
48:03 companies do is they say well you need
48:05 to have a separate tunnel for if you
48:07 want to have pci compliance
48:09 between the branch and the data center
48:13 you don't need that with our solution we
48:15 are in fact we do quite well in the
48:16 retail area especially the largest
48:18 retail companies on the planet because
48:21 they use our technique for obtaining pci
48:24 compliance it's very very secure
48:26 and you don't have to have a separate
48:27 tunnel
48:28 for to achieve that level of separation
48:32 right right a very easy way to think
48:34 about what we're talking about
48:36 is if you know pat and i each have a
48:38 phone and i can call pat he can answer
48:40 it he can tell me what he sees
48:42 and perhaps he is a video sensor we hang
48:46 up when pat picks his phone off hook he
48:47 doesn't get dial tone so by making route
48:50 paths directional and session stateful
48:54 you really can provide a lot of security
48:56 natively it's almost like a firewall on
48:58 every single route path
49:01 there's a question here about um traffic
49:03 encryption you know pat should elaborate
49:05 on this because it's really interesting
49:07 where things are going and how the
49:08 solution works
49:10 yeah so
49:11 some some sessions or some services do
49:14 need encryption because they're not
49:16 encrypted it may be a an older sort of
49:19 sort of technique your company's using
49:20 that is from 20 years ago and there's no
49:22 encryption uh what we see in most of the
49:25 networks we're in is that about 80 to 85
49:28 of everything that's going between the
49:30 branch and the data center or the branch
49:32 and the internet is already encrypted
49:34 it's already encrypted but and 20 is not
49:37 and of that 20 percent a lot of it is
49:39 things like dns or and or ntp you know
49:42 old-fashioned protocols
49:44 and some of them are going through the
49:46 the the
49:47 branch to data center connections
49:50 and so what we do is we have this
49:52 conditional encryption notion and when
49:54 we see um
49:56 protocols that are not encrypted uh we
49:58 actually can encrypt the payload using
50:00 aes 256 which is the same cipher that
50:03 everyone's using with um with an ipsec
50:06 tunnel so you you're essentially got the
50:08 same
50:09 uh cryptographic security but without
50:12 necessarily having the overhead of
50:14 establishing a complete tunnel and we do
50:17 it on a session by space session by
50:19 session basis so it it's as good as tls
50:23 uh in that sense it's session by session
50:25 and it's encryption for each session we
50:27 do all the key management between the
50:28 routers for those protocols that don't
50:30 have
50:31 uh encryption but we don't re-encrypt
50:34 everything else and so if you're using
50:35 ipsec tunnels
50:37 and 80 of your traffic's already
50:39 encrypted you're paying a heavy price
50:41 both in terms of increased latency
50:43 increased bandwidth and and a much lower
50:47 performing uh router because of all the
50:49 encryption work it's doing
50:51 so we do not
50:55 there's a question here about for an
50:56 enterprise currently to make use of of
50:59 the 128 solution the juniper 128
51:01 solution is an on-prem data center
51:03 on-prem slash data center the model as
51:06 opposed to public cloud so maybe we
51:07 should talk about
51:09 where we are with cloud so so we
51:11 we make software and in the same exact
51:14 software like the exact same
51:16 distrib release of software will run at
51:19 aws it'll run on a dell server it'll run
51:22 on a on a lantern or an azure telecom
51:25 box it'll run in azure it'll run in uh
51:28 uh
51:28 uh
51:30 ali cloud i mean it's the same exact
51:32 software and it runs on high-end
51:35 yeah and
51:36 so you don't have to it's almost like
51:39 and and you can have one
51:42 sheet of glass to run all of that you
51:44 know one conductor to run all of it and
51:46 when we you know when bit when um marty
51:48 was coming back from the future and he
51:50 said that the it guy uh controlled
51:53 things that were in the public clouds uh
51:55 that's how you would do it is you you
51:57 have complete network control of all
51:59 these routers wherever they're located
52:05 so um another question was about you
52:07 know does 1500 byte packet size make
52:09 sense in a world of 100 and 400 gig
52:12 links and you know first of all a huge
52:15 part of the gain of our technology and
52:18 not encapsulating happens with the
52:20 latency with respect to small packet
52:22 sizes where interactive
52:24 communications are involved i mean you
52:26 can see latency cut in half at that
52:28 point but it is true that if you try and
52:30 encapsulate large packets you can result
52:32 you know it can be packet fragmentation
52:34 as a result but maybe you want to answer
52:37 the question more broadly about
52:39 yeah
52:40 it's it's a very good question because
52:42 we on the outset our assumption was that
52:44 we'd only save 12 to 15 percent of the
52:46 bandwidth when we before we actually got
52:48 customers and really dug into it the
52:51 assumption was that oh you know this
52:52 1500 byte packet uh it needs to be act
52:55 with a small packet the average would be
52:57 750 bytes you know uh velocloud uses a
53:01 hundred and third 131 bytes of
53:03 of overhead we don't have any
53:06 therefore we would save 131 over 750 12
53:09 14 and that that was our assumption
53:12 and and
53:13 we were so surprised at how many small
53:16 packets are out there in real networks
53:18 you know we did a retail establishment
53:20 and they didn't believe that they were
53:22 going to save anything they were using
53:23 cisco dmvpn and they weren't even using
53:26 sd-wan it was just dm vpn which is a
53:29 basically uses ipsec tunnels to connect
53:31 branches to to uh the data center and
53:34 they said there's no way you know you're
53:35 going to save 15
53:37 no way so we
53:39 counted
53:40 real traffic on a real we we were
53:42 implemented in a real store for a trial
53:44 and we measured and compared uh the
53:46 traffic before and after the
53:48 implementation and we we uh did it over
53:52 a two hour period and we saved them 37
53:55 and you know
53:56 the question really comes down to why
53:58 are there so many small packets what are
53:59 their proprietary apps and why are they
54:01 sending small packets and all those i
54:03 don't have the answers to all those
54:05 i mean
54:06 all i can say is is that
54:08 it was 37 savings and they were just
54:10 dumbfounded when they computed because
54:13 everything has to go through a security
54:14 stack and because they uh have to have
54:17 data center head-end routers and they
54:18 have to have uh circuits and everything
54:21 for this whole network they were saving
54:23 five terabytes a day based on that and
54:25 and it really did move the needle and i
54:28 you know it is surprising um i think
54:30 everyone should should
54:32 measure their own
54:33 uh
54:34 you know try to measure their own we
54:36 added a feature in our product that
54:38 actually does it for you and it tells
54:40 you how much you're saving over using a
54:42 velocloud-like solution uh or or
54:46 you know a solution based on ipsec
54:48 tunnels and it computes it in real time
54:50 and you'll see it vary from 12 to go as
54:53 high as 50 percent for certain
54:55 applications like voice we we do a lot
54:57 of voice as well
54:58 it saves well into the hundred percent
55:00 range well into a hundred
55:02 it it's amazing it's it's like a it cuts
55:05 your bandwidth in half so
55:07 it is remarkable actually and and before
55:10 people say it doesn't matter they really
55:12 need to start looking at their costs of
55:14 their of all their head and routing
55:15 equipment and circuits right
55:18 and and you know a derivative of that is
55:20 that you know more and more people are
55:21 using wireless as a backup
55:24 to augment their wireline connectivity
55:26 and if you need to move a session that's
55:28 not performing onto a wireless link and
55:31 you depend upon tunnels you're either
55:32 going to drop the session because the
55:34 tunnel convergence time is going to be
55:35 longer than what the session timer will
55:37 allow or you're going to keep the
55:38 session you're going to keep the tunnel
55:40 alive and incur a pretty onerous expense
55:42 in terms of heartbeat
55:45 while you're just waiting to receive
55:46 something that may or may not
55:48 happen so
55:50 you know not requiring tunnels means
55:51 that you can just move over to wireless
55:53 link you you can move the session it
55:55 runs and there's no convergence time
55:57 there's no bandwidth penalty in terms of
55:59 a heartbeat there was i think john had a
56:01 question as it related to does this
56:03 replace bgp and that's a good question
56:06 that is a good question the
56:08 no it it doesn't in fact our although we
56:10 didn't explicitly talk about it in our
56:13 in this presentation our router has to
56:15 support ospf bgp and all the different
56:17 routing protocols that are in use today
56:19 because there's nothing wrong with layer
56:21 three layer three works fine you know
56:23 the issue really is when networks talk
56:25 to each other it's like i have an rfc
56:27 1918 private network running 10.0
56:30 addresses and i need to talk to aws that
56:32 has another 10-0 address space and our
56:35 approach to this over the last three
56:37 decades has been let's make a win and
56:39 normalize all this addressing so
56:41 everything can talk to everything and
56:43 then we'll put in extended acls to
56:45 prevent everything from talking to
56:46 everything and then you know
56:49 let's hope the company doesn't divest
56:51 anything or buy anything or or change
56:53 anything because oh my god
56:54 it it it just becomes so freaking
56:56 brittle and so we said the problem is
56:59 you can't go between networks it's an
57:00 inter-networking problem we have it's
57:02 not a networking problem it's how these
57:04 networks where these networks meet that
57:06 bgp doesn't go
57:08 you can't connect be you know bgp won't
57:11 allow you to connect a private network
57:13 over a public network to a private
57:15 network it doesn't permit that that's
57:17 the focus of what we're trying to do
57:20 here which is create an internetwork
57:22 that works
57:26 so something you said uh sparked ramesh
57:28 uh to have an observation saying so i
57:30 suppose this is an overlay then
57:33 yes it it it is an overlay technically
57:35 we get into this dispute of is it an
57:37 overlay and it is a logical overlay for
57:40 sure it just isn't tunnel based it
57:42 signals with metadata
57:44 in the first packets of sessions and um
57:47 not in every session like ipv6 segment
57:50 routing but just in the first packet
57:53 right right
57:55 well patrick i you know i i guess i'd
57:58 like to just you know end by saying
57:59 thank you to everyone that came um you
58:02 know we have lots of materials we run
58:05 um you know lots of webinars seminars um
58:09 we're distributed all over the world
58:11 come check us out we we really feel like
58:13 we can have a dramatic income on your
58:16 digital transformation journey that will
58:18 have positive business outcomes for your
58:21 enterprise or your organization and um
58:24 you know we're we're here for you so i
58:26 hope this is the beginning of a
58:27 relationship or an extension of an
58:30 existing relationship pat is there
58:32 anything you want to end with yeah i'm
58:33 on linkedin if anybody wants to have a
58:35 one-on-one about the technology i i just
58:38 love it so give reach out to me on
58:39 linkedin
58:42 excellent
58:44 thank you
