Andy Ory, VP & General Manager, Juniper Networks

SD-WAN to the Future

Andy Ory Headshot
For this dicussion about SD-WAN and tunnels, this image shows two men standing in front of an analog clock showing 10:04. The man on the left has a white lab coat, while the man on the right has an orange puffy vest.

“Tunnels? Where we’re going, we don’t need tunnels.”

Making your network tunnel-free with Session Smart leads to better user experiences, simpler operations, and more robust security, while reducing infrastructure costs and bandwidth consumption. In this webinar, Andy Ory and Patrick MeLampy explain how cloud and mobility have left tunnels in the past, how Session Smart Routing makes next-generation SD-WAN possible, and why conventional IP routing is no longer the solution of choice.

Show more

You’ll learn

  • How cloud and mobility have left tunnels in the past

  • How Session Smart Routing makes next-gen SD-WAN possible

  • Why conventional IP routing is no longer the way to go

Who is this for?

Network Professionals Security Professionals


Andy Ory Headshot
Andy Ory
VP & General Manager, Juniper Networks

Guest speakers

Patrick Melampy Headshot
Patrick MeLampy
Juniper Fellow, Juniper Networks


00:01 [Music]

00:27 [Music]

00:36 doc you won't believe this but in 2028

00:39 there were no more tunnels used in

00:40 networking how in the world did they get

00:42 the packets to go where they wanted them

00:44 to go well see doc starting in 2022

00:47 companies and governments were so

00:49 frustrated that none of their

00:50 orchestrated tunnel solutions could talk

00:52 to each other we went from having a

00:54 truly useful internet to a mess of

00:56 proprietary overlays

00:58 the standards process was effective the

01:00 ietf realized that the only remaining

01:02 purpose of a tunnel was to get a packet

01:04 to go where it wouldn't go otherwise by

01:07 instead identifying the destination as

01:09 of a packet as a word and not as an

01:12 address that gets rewritten or reused

01:14 they solved all of their problems

01:17 how did this impact the world well for

01:19 the first time in decades things got

01:20 simpler

01:22 using words to describe tenants and

01:23 services became a powerful way to

01:25 express network intent

01:27 once accurately expressed routers were

01:29 able to deliver on experiences like

01:31 never before so i would say experience

01:34 based networking really took hold here

01:36 are some examples file downloads went

01:38 faster bandwidth requirements at data

01:41 centers dropped by 30 percent saving

01:43 lots of money on circuits and head-end

01:45 equipment and due to an infusion of ai

01:47 the cost of network operations were

01:49 reduced substantially what happened to

01:52 sd-wan

01:53 well multi-path routing remains to this

01:55 day honestly multi-path routing is

01:58 something routers should have been

01:59 capable of from the onset of the

02:00 internet the missing capabilities

02:03 required to direct a path for a session

02:05 or service a tunnel was the only

02:08 approach prior to the development of

02:09 secure vector routing by juniper

02:11 networks now every router in the world

02:13 supports multi-path routing and the

02:15 sd-wan use case is now just the routing

02:18 use case i want to buy some stock and

02:20 hold it to 2028 what are the companies

02:22 that transform networking away from

02:24 overlays and underlays i can't give you

02:27 any investment advice but juniper

02:28 networks appears to once again be the

02:30 company that transformed the industry

02:32 they did it at the dawn of the internet

02:34 with the development of asics for

02:36 forwarding and they did it again 30

02:38 years later with the development of

02:39 secure vector routing

02:44 great scott i've never heard of ipv7

02:47 ipv6 was codified in the 90s and was

02:50 still not fully implemented after 30

02:52 years what is ipv7 well doc sometimes

02:56 things are held back because of a

02:57 specific reason

02:59 network address is so widely used we're

03:01 preventing change running two internets

03:03 the ipv4 and the ipv6 was the plan for

03:06 30 years and since both worked it was

03:08 believed to be only a matter of time but

03:10 the transition never completed with

03:12 juniper leading the way towards using an

03:14 addressing system based on words that

03:16 operated over top of the existing

03:18 hodgepodge of networks the addressing

03:21 issue went away ipv7 was born as a

03:24 simple way to subscribe for services by

03:26 name

03:26 dns was mothballed and applications were

03:29 simply requested by name routers had

03:32 routing tables that could turn names

03:33 into locations unexpectedly the world

03:36 shifted to a sub-pub model for

03:38 requesting access to services many of

03:41 the security problems that existed went

03:44 away

03:45 how does this work i can't believe it

03:48 well it uses metadata cookies these are

03:50 inserted into the payload portion of

03:52 packets and used to communicate network

03:54 intent to upstream routers the cool

03:56 thing doc is that this information makes

03:58 it through metal boxes carry grade gnats

04:01 load balancers firewalls and that can

04:03 only be read by the intended next hop

04:05 router so communicating network intent

04:08 via cookies change networking

04:10 but all the application guys use cookies

04:12 today

04:13 this doesn't seem so far-fetched marty i

04:16 wonder why it took so long

04:18 sometimes the future is obvious when you

04:20 look back on it

04:27 well after jeff bezos and elon musk left

04:30 for other solar systems the hyperscale

04:32 big tech company emerged into an even

04:34 larger behemoth

04:36 every single network server in the world

04:38 is now run in a micro google zone data

04:40 center

04:41 how did this change networking well the

04:44 shape of the network has always been

04:45 changing but in their 20s the changing

04:48 shape accelerated the hyperscalers of

04:50 that day developed large worldwide

04:52 networking footprints to connect clients

04:54 anywhere to servers in their data

04:56 centers the concepts of wan and sd-wan

04:58 were challenged what was needed were

05:00 easy to use software capabilities that

05:02 could operate inside the hyperscaler

05:04 servers to bring back network elegance

05:07 and control to enterprises so in the

05:09 future

05:10 corporations will still control their

05:12 own networks yeah i mean the digital

05:15 backbones of companies have become the

05:17 most important infrastructure they own

05:19 they need to control their own networks

05:21 for security and competitive advantage

05:23 they now use ai and ml to assist in

05:26 operating everything

05:27 but but why did the democrats and the

05:29 republicans go away well they didn't

05:31 really go away the prevalence of hackers

05:33 and political operatives and even fake

05:35 news went completely away when networks

05:38 had good audit trails without

05:39 misinformation people started to realize

05:42 we all share the same goals we still

05:44 have political parties but secure access

05:46 to reliable information has changed the

05:48 debate

05:52 doc probably the biggest surprise is

05:54 that the giant security problems we had

05:56 in the early part of the 2020s decade

05:59 has gone away but but marty

06:01 how could this happen

06:03 with the advent of router to router

06:05 authentication and identify identifying

06:08 every session in detail with an audit

06:10 trail defined by an end-to-end

06:12 identifier scams were rapidly terminated

06:15 but probably more important was creating

06:17 smaller network communication segments

06:19 that allowed communications only for

06:21 specific clients and services for a

06:23 single purpose

06:24 they call this hyper segmentation it's

06:26 like taking the internet and breaking it

06:28 into millions of smaller networks each

06:30 with a small subset of users and servers

06:33 wow so what happened to anywhere to

06:36 anywhere anonymous anybody can send

06:38 anything to anybody internet well

06:41 frankly society we just couldn't

06:42 continue to operate that way governments

06:45 were held hostage along with

06:46 infrastructure companies by attackers we

06:48 also couldn't stop using the network we

06:50 were really at a breaking point did did

06:52 sassy help

06:53 well sassy was the beginning of a set of

06:55 revolutions in security the first

06:57 revolution came when basically no one

06:59 could trust anyone also called zero

07:01 trust this paved the way to large

07:04 cloud-based security products they had

07:06 to be in the cloud due to the processing

07:08 requirements large databases of

07:09 real-time information and the

07:11 efficiencies of scale

07:14 so

07:14 it was like the great firewall of china

07:17 no not really

07:18 security became much more service

07:20 specific some types of services require

07:22 very specific security in fact

07:24 separating all of the services into

07:26 separate networks helped prevent losses

07:28 when a breach occurs

07:30 what was needed from the network is very

07:32 simple specific capabilities to loop in

07:35 the closest and best security for a

07:37 specific application or service

07:39 how did they stop attackers from always

07:42 breaking in i mean virtually every

07:43 attack for decades was tied to tricking

07:45 someone into executing code on a trusted

07:47 machine by not trusting any machine we

07:50 made a one large step forward

07:52 once access was obtained exfiltration or

07:54 attacks can be mounted to get the

07:56 executed code onto a machine urls are

07:59 often used or attachments to emails all

08:01 that was required was to trick a human

08:03 that's trusted into clicking on

08:04 something the genius of ai and ml came

08:07 to the forefront of 14 attackers and

08:09 hackers in the famous pandemic of 2021

08:13 the way we contained the virus was to

08:15 segment ourselves as much as possible we

08:17 had to identify and track the infected

08:19 people and quarantine them

08:21 we had to develop complex predictive

08:23 models and we had to find a safe vaccine

08:26 vaccine to inoculate everyone

08:28 the sassy solutions accomplished all

08:30 four of these to wipe out fraud scams

08:32 and attacks on the internet

08:38 you know doc what i found most

08:39 astounding is the esteem and reverence

08:41 that i.t professionals had in the future

08:44 they had a seat at the executive

08:45 roundtable and were involved in every

08:47 aspect of a business turns out digital

08:50 infrastructure of companies defined

08:52 their profit profitability more than any

08:54 other single thing

08:56 marty that's a huge difference from our

08:58 day i.t managers are often not

09:01 appreciated

09:02 yeah you know ai changed everything

09:05 i.t guys went from not really knowing

09:07 how their networks were being used to

09:09 having a seat at the board room

09:11 by learning about applications and

09:12 services it leaders became business

09:15 leaders having network intelligence or

09:17 network knowledge of how digital assets

09:20 were operating became the key source of

09:22 competitive advantage now everybody

09:24 wants to talk to the i.t guy

09:26 why did it take 50 years to get there

09:29 what's preventing us from doing these

09:31 things now well you know our networks

09:33 are multi-layered and today tunnel based

09:36 it's very hard to get useful telemetry

09:38 we try to recognize applications on the

09:41 fly but this has become harder

09:43 everything is encrypted and dns queries

09:45 are now completely invisible google and

09:48 facebook succeeded in getting sni

09:50 encrypted which was the last means of

09:52 identifying applications

09:55 so

09:56 if application creators and owners don't

09:59 want networks to know what's happening

10:01 how how did this amazing transformation

10:04 occur

10:04 well you know the application guys

10:06 aren't afraid of their names but they

10:08 are highly concerned about security ip

10:11 addresses and

10:12 network infrastructure and so forth so

10:15 when changing from using ip addresses to

10:18 names with ipv7 the application guys

10:20 started publishing their applications in

10:22 routing databases

10:24 did this make things better well it was

10:26 perhaps the biggest revolution so no

10:28 longer do application owners have to

10:30 publish list of ip addresses

10:32 but the pub sub model for obtaining

10:34 routes to applications also allowed

10:36 invitation only access which greatly

10:39 improved security all in application

10:41 guys started to cooperate with the

10:43 network guys and you know what they sang

10:45 kumbaya together

10:50 i was very surprised to learn that

10:51 juniper has been added to the dow jones

10:53 index you know it replaced cisco systems

10:56 cisco tried to fight progress but the

10:58 hyperscalers and application developers

11:00 really wanted a network that focused on

11:02 experience as soon as the application

11:04 guys discovered that juniper solutions

11:06 were experience based they became the

11:08 dominant force in networking

11:10 what happened to cisco well they

11:12 actually merged with a food services

11:13 company by the same sounding name

11:15 s-y-s-c-o you ever hear this yeah

11:17 now the bulk of their revenues are from

11:19 selling macaroni i heard biff got a job

11:21 at cisco

11:22 i guess i'm not gonna warn him

11:30 okay so

11:31 we we we

11:34 you know acting is not our long suit

11:37 but we really appreciate this time um

11:40 you know what what is really serious is

11:44 how important our networks are and what

11:46 we can learn from the past because we

11:47 can't really travel into the future but

11:49 if we learn from the past and look at

11:50 the challenges today we can start to

11:52 infer what are the right kinds of

11:54 solutions

11:55 you know an example would be if everyone

11:57 on this webinar looked out their window

11:59 and could visualize 500 billion dollars

12:02 of infrastructure global infrastructure

12:05 that drives the world's economy connects

12:08 us all and it's made up really would be

12:10 in three colors storage compute and

12:13 network

12:14 and what's happened is that storage and

12:16 compute have forever changed i mean

12:18 think about it when you go buy a laptop

12:20 it doesn't even have a disk drive

12:21 anymore your storage is in the cloud

12:24 and and compute you know vmware and

12:26 virtualization just changed the dynamics

12:28 and the economics of being able to

12:30 deploy things like data centers at gale

12:33 same thing's going to happen to

12:34 networking and the reason is both

12:36 storage and compute had general purpose

12:39 compute separating from the software and

12:41 the software could spin

12:43 free and innovate and you know it was

12:45 mark andreasen that you know said maybe

12:47 25 years ago software is going to eat

12:49 the world it's it's software can

12:51 innovate so quickly and so we've worked

12:53 really hard to separate the routing

12:55 software from any underlying hardware

12:57 requirements and really innovate and we

13:00 think that networking is going to

13:02 undergo the same revolution and

13:04 transformation and have the same kind of

13:06 business impact and opportunities as

13:08 storage and compute did one of the key

13:10 things is advancement without technical

13:12 debt you know this notion of putting

13:14 layers upon layers of complexity to

13:16 solve your current problem but just

13:18 making things more unwieldy you know pat

13:21 talk to us a little bit about technical

13:22 debt is that is that what's happening in

13:24 2021 and how do we avoid it

13:28 yeah you know it is my opinion that

13:29 there that um we're accumulating

13:31 technical debt in our networks at a

13:33 pretty rapid pace

13:34 you know in evidence of that that's easy

13:36 to see is there's like calls right now

13:38 for standards uh to be established so

13:41 that um

13:42 tunnel tunnels that are being

13:44 orchestrated

13:45 uh by one vendor can talk to tunnels

13:48 being orchestrated by another vendor or

13:50 even another instance of the same vendor

13:53 you know the fact that these sd-wan

13:55 solutions can't talk to each other is a

13:57 giant problem

13:58 it's also a problem that they're all

14:00 using slightly different proprietary

14:03 headers and information you know we the

14:06 the way that the network has become so

14:08 ubiquitous and powerful over over the

14:10 ages is because we've all used the same

14:13 protocols and and subscribe to standard

14:16 standards are very very important

14:18 you know

14:19 lately i've seen a bunch of standard

14:21 proposals being made for

14:23 people that want the overlay network to

14:26 actually communicate with and send

14:28 security events and and uh with the

14:31 underlay so you you know if an alarm or

14:34 a circuit issue or route issue happens

14:36 in the underlay you need to tell the

14:38 overlay and vice versa and you know it's

14:40 it's sort of maddening um

14:43 in terms of the amount of debt we're

14:44 accumulating and most recently i'll give

14:46 you you know another example of how

14:48 we're overloading existing protocols to

14:51 the extent that is probably going to

14:53 drive us uh to another breaking point so

14:56 the to the dns subsystem is really used

14:59 for routing today the dns system answers

15:01 the question for every client

15:04 not just what is the address of a

15:06 particular server but where is the best

15:08 server for me at this moment in time now

15:12 and so that's really a routine that

15:14 really should be the choice of the

15:16 network and not the choice of of dns i

15:18 mean dns is provisioned and populated

15:21 and takes you know 10 12 15 minutes for

15:24 it to be updated and we're using dns now

15:27 with very very short leases which is how

15:29 long the information is valid sometimes

15:31 measured in seconds and that's because

15:33 we want

15:34 clients to keep coming back to get new

15:36 information so we can do

15:38 spread stuff out do load balancing and

15:40 run our the internet in a different way

15:43 using dns as part of our routing

15:44 solution

15:46 you know so it's very important that um

15:49 that we pay attention to uh these kinds

15:52 of technologies that are being stretched

15:55 and

15:55 hopefully uh avoid sort of piling on the

15:58 tech and creating problems that just

16:00 won't go away and then solving them with

16:02 yet another another layer

16:05 so andy um

16:08 one of the you really strike uh it's it

16:11 sounds so interesting when you talk

16:12 about innovation and software and

16:14 why is it that

16:16 you know big companies oftentimes really

16:19 struggle with being innovative

16:22 you know well i mean the the truth is

16:24 innovation requires little companies and

16:27 big companies small groups and large

16:29 groups because it's not just the idea

16:31 it's not it's not a science experiment

16:33 it actually is delivering a solution

16:35 that has impactful positive business

16:38 outcomes in a sustained and scalable way

16:41 and so what you have is you have little

16:42 focused

16:43 organizations that worship from the

16:45 altar of disruption and speed whereas

16:48 you have larger organizations that are

16:50 about customer intimacy and business

16:52 predictability and so really it's almost

16:55 like a texas two-step and you know what

16:57 you find are small organizations can

17:00 really innovate and then need to partner

17:02 with the larger organizations to become

17:04 part of a broader context and you know

17:08 that that's a transition that we as an

17:10 organization went through about six

17:12 months ago you know so we patrick and i

17:16 are two of the seven co-founders of 128

17:18 technology and about six months ago we

17:21 found one of the greatest if not the

17:23 greatest routing company the most

17:25 innovative routing company in the world

17:27 where we were cohabitating a very large

17:29 10 000 site deployment in retail health

17:32 care and we realize one plus one really

17:34 equals four

17:36 and so

17:37 um you know we're able to provide

17:39 innovation and juniper is able to

17:42 provide full stack integration they're

17:44 able to provide comprehensive

17:46 uh security solutions they provide ml

17:49 and ai and cloud things that we don't

17:51 have and so it really is important that

17:54 you have both of those elements so that

17:56 the sustainable business outcomes can be

17:58 affected

17:59 you know sometimes what happens that big

18:01 companies themselves just try and

18:03 innovate without any real insight and it

18:07 ends up being that we pile on to an

18:09 existing technology in a way that just

18:11 isn't so valuable and starts to become

18:13 unwieldy and maybe even inefficient or

18:16 cause problems i'm pat do you want to i

18:18 know you have one that you want to talk

18:19 about

18:21 yeah you know

18:23 it's really interesting like um

18:25 the way the network works and i'm not

18:27 sure how many people know this but the

18:29 way it evolved was that uh it's all

18:32 based on tcp and with tcp you know in

18:35 the early days

18:36 andy i had the same problem in one of my

18:38 webinars don't touch the papers near

18:40 your computer

18:42 i'm so sorry

18:43 it's okay you do it very very carefully

18:46 it comes across very loud um

18:50 so the interesting part is is uh the way

18:52 the tcp operates is is it it never knows

18:56 how fast the network is

18:58 the client and server have no clue and

19:00 the server can send out packets way

19:02 faster than the network can can can

19:04 deliver them which would result in all

19:06 of those packets being dropped and

19:08 having to be retransmitted to prevent

19:10 this from happening over and over again

19:12 every time there's a client server uh

19:14 session that gets established the tcp

19:16 protocol starts slow and sort of ramps

19:19 up speed and when it gets to the point

19:22 where it's going as fast as the

19:24 end-to-end connection will allow a

19:26 packet will be dropped and when that

19:28 packet's dropped it signals the server

19:30 don't go any faster and it also signals

19:32 the client don't go any faster so

19:34 everybody sort of settles down locks in

19:36 and understands oh this is how fast i

19:38 can go and and without dropping packets

19:41 and that's how the the whole internet

19:43 works now the sd-wan guys

19:45 several of them

19:47 tout forward air correction as a way to

19:49 replace a packet that was dropped in the

19:51 middle of the network

19:52 and what's funny is is dropping packets

19:55 is essential for the network to work

19:57 correctly and so now the you know these

19:59 tunnels um because they're aggregate

20:01 flows and because

20:03 they're not a single inside of these

20:05 tunnels are hundreds if not thousands of

20:07 individual flows

20:09 because they're such large what we call

20:11 elephant flows they suffer more random

20:14 early discard than

20:16 than if if all of those sessions had

20:17 been uh separate and in different flows

20:20 going through the same routed network

20:22 first they would be spread out as much

20:24 and they wouldn't all be impacted by

20:25 random early discard but when a discard

20:27 occurs it's more likely to happen on a

20:29 tunnel so by adding forward air

20:31 correction they can recover that packet

20:33 but recovering that packet doesn't make

20:35 sense with the tcp standard and so

20:39 it and the worst part about it is is it

20:41 consumes up to 33

20:43 additional bandwidth on top of the

20:45 on top of the tunnel overhead so it's an

20:48 example yet of another sort of

20:50 solution to a problem that we created by

20:54 solving the problem with more tech you

20:56 know we need to get back to basics of

20:58 routing packets

20:59 if tunnel's only purpose is to get a

21:02 packet to go where it wouldn't go

21:03 otherwise we need to fix the way routing

21:06 works and that's what 128 technology did

21:09 and that's why juniper acquired us

21:12 you know andy um

21:14 it's really fascinating

21:19 because some you know that businesses

21:22 really really need to focus on their

21:24 digital infrastructure it's so important

21:26 to how they run maybe you could talk for

21:28 you know i i'm certainly interested in

21:30 your views on how

21:31 important the i.t profession and the

21:34 digital infrastructure of their

21:36 companies are and maybe you can comment

21:38 on that

21:39 yeah it's funny you know in the in the

21:41 present you know the little movie clip

21:43 you and i did um

21:45 we talked about the importance of the

21:47 i.t professional and uh it's true that i

21:51 t you know most people don't understand

21:53 in their organization what the cio does

21:55 it's very hard for them to figure it out

21:57 and they tend to look at it as a cost

21:59 center um and and to some extent there's

22:02 some truth to that

22:04 uh we're also seeing that um we're

22:06 outsourcing everything to the cloud you

22:08 know we're moving more and more to the

22:09 cloud and you tend not to outsource

22:11 things that are strategic and so these

22:14 are these tend to be short you know i

22:17 think that that this is a short-term

22:19 move of what's really going to happen to

22:20 i.t i think that it and the it

22:23 profession is going to become incredibly

22:25 strategic to every one of these large

22:28 corporations because as they digitally

22:30 transform all their engagement and all

22:33 their experience is going to be trolled

22:35 through the lens of what it is able to

22:37 deliver and secure and when you think

22:40 about it we live in a world even today

22:42 where the largest taxi cab company in

22:45 the world doesn't own a single car and

22:47 that's uber and the largest hotel chain

22:50 in the world doesn't own a single hotel

22:52 and that's airbnb and we've seen the

22:55 last 15 months of the pandemic we've

22:57 seen real digital engagement of all of

22:59 our stakeholders whether it's employees

23:01 or partners or customers

23:04 and you know what you realize is that

23:06 the network is where things stop and

23:08 where things start and it is critically

23:10 important so i do think that the next 10

23:12 years it is going to become more

23:15 strategic than it's ever been digital

23:17 transformation is real and the pandemic

23:20 has only served to accelerate it we have

23:22 a saying around juniper

23:24 that experience is the new uptime and it

23:27 and it really is because if people have

23:30 a good experience when they impact when

23:32 they interact with your business they're

23:33 going to do it again and if they have a

23:35 bad experience they may go somewhere

23:37 else and and that's really a big deal um

23:41 you know i've had i i guess i could say

23:43 marty

23:44 i'm kind of kind of uh

23:46 curious what else changed in 2028

23:50 well you know it it's really surprising

23:52 how the worlds of networking and the

23:54 worlds of um the application guys and

23:57 the and the devops guys all sort of

23:59 merge together into

24:02 an amazing world the application guys

24:05 really really have a lot of information

24:07 that the networking guys would like to

24:08 have for example if the user's failing

24:11 to log into a service repeatedly i would

24:14 think the networking guys would like to

24:16 know that secondly if an application

24:18 needs quality uh cost for a particular

24:22 purpose and the application owner is

24:24 willing to pay for it it would be really

24:26 quite nice if the application could

24:28 request that securely of the network

24:31 network intent being communicated

24:33 through the payload portion of packets

24:35 in the form of metadata

24:38 in the future could be incredibly

24:40 powerful way to not only authenticate

24:42 and secure connectivity between routers

24:45 but between routers and servers and

24:47 between clients and and and routed

24:49 networks so i i feel like you know this

24:52 ipv7 we we all make we made fun of it in

24:56 the in the video but there really does

24:58 have to be a new way

25:00 in the future there has to be a new way

25:02 we can't continue to use ip addresses

25:05 the way we've been using them

25:07 and

25:08 use dns to try to put some sense to them

25:11 and to figure out how to run these

25:13 networks securely it and express network

25:15 intent using addresses it's just not

25:18 going to work so i i am uh excited uh

25:21 when when i when we joined juniper i was

25:24 very excited because many of the people

25:26 in in juniper senior uh

25:28 engineering areas are very committed to

25:30 standards and the question started

25:32 coming up right away about well

25:34 when are we going to make secure vector

25:36 routing a standard when is the metadata

25:38 going to go through a standardization

25:39 process we want to make this stuff open

25:41 or we will never

25:43 that's what networking people do and

25:45 that was really good news for me and uh

25:48 we're very excited to say that juniper

25:50 is committed to making these things

25:51 standard and we really need our our

25:54 customers and our our support in in

25:56 achieving that

25:57 um because you know we can't do it

25:59 ourselves we need we need our big

26:01 customers to help us but we're very

26:03 excited about that and i do believe that

26:05 that networking networking is in a a

26:08 sort of a place where it's going to

26:10 change fast not only andy because of the

26:12 things you said

26:14 the introduction and software but also

26:16 incredible brokenness in how it's

26:18 working and how we're just layering on

26:21 more inefficient layers of technology to

26:23 solve problems that only create more

26:25 problems and make things harder to

26:27 understand

26:28 and i just feel like we're at it we're

26:30 at a breaking point and there's going to

26:31 be some fantastic innovation i do

26:33 believe juniper's found it in ai and in

26:37 secure vector routing uh swirled

26:39 together that's my belief

26:42 yeah i mean i mean the thing you know

26:43 patrick and i are new to juniper we've

26:45 been here for a little over half a year

26:48 and so we have fresh eyes and what's

26:51 wonderful first of all is that the

26:52 commitment is authentic

26:54 that the folks are present they believe

26:56 what patrick's saying that change is

26:58 afoot they need to think differently

27:00 they need to partner they need to assess

27:02 their value

27:03 in terms of the impactful business

27:05 outcomes they can have with their

27:07 customers slash partners

27:09 the other thing is that juniper very

27:11 much is in the goldilocks zone

27:13 they're big enough to be global they're

27:15 big enough to have a comprehensive

27:17 solution from full stack at the edge all

27:20 the way into the cloud with all of the

27:22 requisite technologies like ml and ai

27:25 but they're small enough that they can

27:27 all get in a room and they can really

27:28 talk about the issues

27:30 and they're they're the things they buy

27:32 the things they acquire are truly

27:34 impactful

27:35 and

27:36 you know that that's why i think you're

27:37 going to continue to see

27:39 juniper lead through this incredible

27:42 transition

27:43 of what's going on in this market

27:45 so with that i think we ought to open it

27:47 up to questions really appreciate

27:48 everyone's time on this webinar

27:51 pat we're um

27:53 maybe let me move my papers here without

27:55 making too much noise and let's look at

27:56 some of these questions

28:04 so there was a question about um

28:06 ai features and how they helped during

28:08 the course of time in in performance of

28:11 the network

28:13 well i have to say um i always prided

28:16 myself when i was a cto and top

28:18 technologist at both acme packet and 128

28:22 that i i understood everything about

28:24 technology and i can honestly say it's

28:27 embarrassing but i knew nothing about ai

28:29 and ml and i did not appreciate how it

28:32 worked i did not appreciate what it

28:34 could mean or the power that it it has

28:36 andy and i used to sit around

28:38 over having we share an office because

28:41 we're i don't know why we share an

28:42 office which is ridiculous but

28:44 we would sit around and have coffee and

28:46 talk about when cars will drive

28:48 themselves and when they won't

28:50 and um we would argue

28:52 literally for hours about the same topic

28:54 you know

28:55 and of course

28:56 neither of us really knows the answer um

28:59 but

29:00 artificial intelligence is really unique

29:02 and and the way i i'm a i'm a guy that

29:06 has to see it and touch it to believe it

29:09 when i got to juniper and i started

29:10 talking to the data scientists

29:12 at first i said yeah yeah yeah it's all

29:14 crap and then i i saw some of the models

29:17 they have and i was blown away so for

29:20 example we struggled and the best way to

29:23 to explain it is through example we

29:25 struggled and literally

29:27 uh had so much difficulty with some bad

29:30 cables at a large deployment it was a 10

29:32 000

29:33 router deployment at a major retail

29:35 store and and there were two routers at

29:37 every site connected by a two foot long

29:39 cable which provided the dog leg and a

29:42 method of communicating between the

29:43 active and the standby

29:45 because we only saw software at the time

29:48 we were an independent company

29:50 the customer had to go out and buy these

29:52 cables and so they spec them out as cat

29:54 6 cables and they ordered 10 000 of them

29:56 and uh

29:58 you know they

29:59 they're only two foot long cable and you

30:01 know we wound up having a bunch of

30:04 problems and uh

30:06 in these routers and the the the symptom

30:08 was that the uh auto negotiation would

30:11 fluctuate from you know full speed to to

30:14 it would downshift to slower speeds we

30:16 wound up seeing some occasional runts or

30:19 framing errors or or and this was across

30:22 a large number

30:23 of of these different locations and you

30:26 know the end customer was just

30:28 fit to be tied it was they were they

30:29 were excited about the technology but

30:31 frustrated that the hardware wasn't

30:33 working they thought it was the hardware

30:34 we tried swapping the hardware things

30:36 out

30:36 we tried everything and literally after

30:38 three or four weeks we said well gee why

30:41 don't we swap out the cable and they

30:43 didn't believe that the cables could

30:45 cause such a problem but we did swap

30:46 them out at one site and the problem

30:48 went away we then realized that by

30:51 testing the cables and having them

30:53 taking them to a test lab that they were

30:55 insufficient and as much as 10 or 15

30:58 percent of them were bad not all of them

31:00 but they had no way to know of the 10

31:02 000 locations which locations had the

31:05 bag cables and which ones didn't and so

31:07 they wound up having to replace them all

31:09 i got to juniper and the very first

31:12 example they showed me on their aiml was

31:15 a bad cable detection algorithm and you

31:18 know

31:18 they trained it they got data from bad

31:21 cables over and the and the data science

31:23 guys who don't know anything about

31:24 networking or bad cables we're able to

31:26 see the data behind it and able to make

31:29 predictive models of not only cables

31:32 that were actively failing but cables

31:34 that were likely to fail or or degrade

31:37 and keep in mind cable performance is

31:39 tied to lots of things including

31:41 temperature and humidity so

31:43 i have to say that i fell off my chair

31:46 when i saw that and and then i saw some

31:48 of their other models they're developing

31:49 it's truly transformational i mean

31:52 imagine the cost of replacing all those

31:54 cables because you just don't know and

31:56 andy uh i always tell you when i

31:58 remember when i first saw the internet

32:00 and i told you this was going to change

32:01 the world this ai ml and networking is

32:04 going to change networking

32:06 yeah i mean another example are we we

32:09 statically engineer and provision

32:11 pathways on our network for the types of

32:13 services and our biases are programmed

32:15 in there as well so we may sit there and

32:17 say voice needs to go over the mpls

32:19 circuit we'll use the dia circuit for

32:21 something else

32:22 but you know a network a learning

32:24 network is able to look at this and

32:26 might say actually that's not the case

32:28 and so if it's able to harvest in real

32:30 time what's going on it can start

32:33 challenge some of our biases and

32:35 empirically derive what are the best

32:37 ways best paths best resources for the

32:40 kinds of services we want not to mention

32:42 that things are our dynamic

32:45 you know william has a question here

32:46 about you know header compression as a

32:48 way to say bandwidth and before i turn

32:50 that over to pat because we did have an

32:51 argument early on about header

32:53 compression um versus tunnelless

32:56 architectures and what the difference is

32:58 there are so many reasons not just the

33:00 bandwidth savings for not using tunnels

33:03 they're

33:04 bi-directional they provide a trap door

33:06 in the in the return path they increase

33:09 your attack surface area they make it

33:10 very difficult to manage individual

33:13 sessions on a link and dynamically move

33:15 that um there's lots of different

33:17 reasons but pat maybe you want to

33:18 briefly talk about um header compression

33:20 versus what we're doing

33:23 yeah so uh i mean in fact some people

33:26 who are really smart say you're still an

33:27 overlay and you are just compressing

33:29 headers and while that's true

33:32 uh we eliminate all the extra data

33:34 that's sent over and over and over again

33:36 on every packet by by using session

33:38 state to do it what andy said is

33:40 critically important we also enforce the

33:42 return pathway which is what a firewall

33:44 would do

33:45 and and by keeping the the flows

33:48 together into a session uh we've we've

33:50 been able to provide a lot more

33:52 analytics and information that would be

33:55 useful to an ai solution or to a a siem

33:59 solution or to a network owner an

34:00 operator i mean we actually don't need

34:03 to build an a a complete overlay data

34:06 collection and data processing thing to

34:08 figure out what's going on in our

34:09 network we actually know

34:11 so uh

34:12 all of that's really good but in the

34:14 metadata like we talked about

34:16 the metadata being used to compress the

34:18 tunnel or get rid of the tunnel it also

34:20 contains routing intent

34:22 and it's signed and it's signed by the

34:25 first router for the second router

34:27 and it also has a time of day in the

34:30 signature so what winds up happening is

34:32 this means that nothing can be replayed

34:35 this means that that if i'm a router

34:37 talking to another router in the network

34:39 every packet that arrives at that

34:40 interface is absolutely authenticated

34:43 from it its source is authenticatable

34:46 also inside this metadata is a session

34:48 id that is attached or assigned by the

34:51 first router that sees the session and

34:53 and starts the process and so you can

34:56 trace things through the network like an

34:58 audit basis you can actually even on our

35:00 products get traces for a particular

35:03 session through the entire network of

35:04 routers that support the metadata and so

35:07 we

35:08 it's a it's a it's a transformational

35:10 way

35:11 to do uh to express network uh intent

35:14 between between routers that works

35:17 through every firewall every

35:18 carrier-grade net so it really is a

35:20 bigger deal than just header compression

35:23 and andy there was another question here

35:26 yeah

35:26 there was a question here about

35:28 bad actors working their way into ipv7

35:32 um you know

35:35 first of all virtually the entire dns

35:37 infrastructure is is not is used in an

35:40 unencrypted fashion and i know there's

35:42 lots of efforts uh dnssec and there's

35:44 lots of efforts to make people stop

35:46 doing that

35:47 but when you think about

35:50 like like office 365 they publish their

35:53 addresses online so that firewall

35:56 administrators can build rules to

35:59 secure or to increase the security

36:02 between the their their routers or their

36:04 firewalls at their locations and

36:06 microsoft's uh office 365 servers and

36:10 they update this monthly or whatever and

36:13 i think zoom does the same thing i think

36:15 salesforce doesn't say all these basic

36:17 uh software as a service uh guys are

36:20 updating their their addresses and

36:21 information we

36:23 we think that

36:25 and it's all done in a non-standard

36:26 fashion like everyone has their own way

36:28 of doing it

36:29 most people it's a document on an html

36:31 document it's got to be hand entered

36:34 into our extended acls and our routers

36:37 manually and we have to do all the

36:39 the bitwise math uh to make to enter the

36:41 stuff correctly and it's just really

36:44 painstakingly painful and the question

36:46 is would

36:47 application owners uh submit that

36:49 information into a registry that is

36:51 accessible securely i actually think

36:53 they would i think it would be

36:55 you know the nice thing about

36:57 subscription models for information

36:59 routing information is that

37:00 you could publish information in a

37:02 routing database for only those parties

37:04 that you want to obtain it

37:07 and i know it's complicated but you know

37:09 linkedin facebook these are amazing

37:12 networks of of social networks where

37:15 they scale to unbelievable sizes where

37:17 there's a lot of controls over who can

37:19 see what and and who can access what it

37:21 doesn't seem far-fetched to me that that

37:23 couldn't be how the the the router

37:26 network operates in the future

37:29 pat let's see if we can go into the next

37:30 one which is you know expand on using

37:32 words instead of ip addresses

37:35 yeah so inside this metadata that i

37:38 talked about we actually put two words

37:40 in there the one word is the tenant and

37:42 another which is basically the

37:44 identifies the client's network zone or

37:46 security zone or or and and

37:49 and

37:50 the tenant is structured as a as a

37:52 dotted domain-like address so it can

37:55 you can only be in one vlan but you know

37:57 if you use a dotted domain name like

38:00 model you can actually be in a

38:02 hierarchical set of vlans which is

38:05 essentially uh which is what we do so

38:07 you could be you know an employee but

38:09 you could also be a director you could

38:11 also be a a a you know an executive and

38:15 you could

38:16 have all these different tiers defined

38:18 by uh like like a domain address and

38:21 that's the tenant side that

38:22 that's who's wanting the service and

38:24 it's not a 10.0 address or

38:27 it's a real textual name and then the

38:30 service itself is a real textual name

38:33 very similar to a domain name service

38:36 that you would get in dns in fact it's

38:37 identical and so what winds up happening

38:40 is in this network intent you know the

38:42 name of the service the person wants and

38:43 you know who the requester is by

38:45 security zone or by or and and you trust

38:48 it because it's been signed by the the

38:50 branch router so you trust it and it

38:52 gives you information that you wouldn't

38:54 have otherwise so now when you get to

38:57 the other side of the network

38:58 forget you you don't even need dns

39:01 really what you need is you have the

39:02 name of the service you need to know

39:04 where that service is and if that

39:06 service is on a specific address you can

39:08 route you can not nat to that address or

39:10 route straight to that address so that

39:12 the name itself stays in the routing

39:15 system from beginning to end now

39:17 invariably you leave the the

39:20 the domain of this kind of routed

39:22 network and wind up in the old world in

39:24 the old world you are correct you know

39:27 no one's going to be able to read that

39:30 name out until this kind of networking

39:32 ipv7 spreads like wildfire

39:37 i think i answered the question i hope

39:39 yeah yeah

39:41 so um next one is about dna ns and

39:43 cookies playing a role in svr between

39:46 two public ips

39:49 uh where's the question i don't see it

39:50 here oh hold on it says do the dns and

39:54 cookies play any role in svr between two

39:56 public ips

39:59 oh

40:00 um

40:03 well you know

40:05 the public ips classically that we use

40:07 today are not

40:09 really

40:10 they're like um

40:12 like at your branch office no one really

40:14 probably even knows your public address

40:16 um unless you are smart enough to figure

40:18 it out and when you go to a service the

40:20 branch you know the public address

40:22 that's on the edge of the data center

40:25 that your tunnel's using today you may

40:27 not be able to discern as well i think

40:30 the um

40:32 you know the the public addresses in the

40:34 ipv4 network and the ipv6 network are

40:36 like transport addresses that the

40:39 networking world needs to know they need

40:41 i i need to know how to get to the data

40:43 center and then once at the edge of the

40:45 data center how to get to the servers

40:47 that have the service i'm looking for

40:49 and the name that we're putting in the

40:51 metadata helps with both

40:54 we call those public addresses by the

40:56 way at

40:58 uh in our ssr product at juniper we call

41:00 those public addresses waypoints they're

41:02 like if you know ipv6 segment routing

41:05 they're like

41:06 um

41:07 the segments they're they're like the

41:09 the the the

41:10 the instance of the fact

41:13 and pat where you're going to go i want

41:15 let me loop two questions into what

41:16 you're about to say because it's

41:18 important we had a question about is

41:20 this name data routing and we had a

41:21 question about how is this different

41:23 from segment routing and i remember

41:26 around our shop for the last five years

41:28 you would talk about you know the recipe

41:30 for doing what we do is taking segment

41:32 routing some name data routing and some

41:34 lisp and stirring it together maybe we

41:36 want to maybe you want to talk a little

41:37 bit about that i think that'll put name

41:39 data routing and segment routing into

41:40 context

41:42 yeah sure so name data routing it does

41:44 suggest that you you route to named

41:46 objects on on the internet and let the

41:48 network figure out where they are

41:51 and in a sense we do that only you know

41:54 so

41:55 that's why it's one part name data

41:57 networking um although

42:00 name data networking operates on top of

42:02 an existing network it requires a

42:04 complete change in how clients and

42:06 servers operate and so

42:08 we on the other hand

42:10 uh can bridge the old world to this

42:13 named world by using our router as a way

42:16 of applying those kinds of policies

42:18 with lisp you know it's it

42:20 it has too weak it has a weakness and it

42:22 has a strength the strength the strength

42:24 of

42:25 of lisp is that it has a big database of

42:28 of things that you need to get to and it

42:31 gives you an address to get there so

42:34 that's similar to how our step protocol

42:37 operates where

42:38 uh you know you you it's like dns you

42:41 give it a name and uh it instead of it

42:43 giving you the actual address

42:46 of

42:47 of the service instance it gives you the

42:50 waypoint address to get there but it

42:52 operates very similar to dns and lisp

42:54 it's like it's like lisp more than dns

42:57 but it's similar where you can look

42:58 things up to find out an address to send

43:00 stuff to

43:01 and then of course ipv6 segment routing

43:04 you know with ipv6 segment routing you

43:06 change the address of the packet to go

43:08 to the router you want it to go to

43:11 in our world we changed the source

43:14 address

43:15 and the destination address to be the

43:16 router addresses to create a pair of

43:18 routers so i'm the source router you're

43:20 the desk writer i changed the address

43:22 source address to me i changed the

43:24 desktop to you now i have a pathway

43:26 between me and you for a session a

43:29 singular session and in return

43:32 the the return path is assumed to be

43:34 exactly the same

43:36 and so the reverse addresses are used in

43:38 the return path and we can send four

43:41 billion unique sessions between any two

43:43 routers using this technique

43:45 and so that's all three of them combined

43:47 it's like the best of all threes merged

43:49 together the weakness with lisp of

43:50 course is that there's no security and

43:52 if you know the the our loc or the the

43:55 the the secret address that's returned

43:57 from the that's the server you can send

43:59 packets into a data center with without

44:01 there's no there's no um uh

44:03 authentication so we've added that so

44:05 it's like all three put together

44:08 into one

44:09 and and something that's really

44:11 important because there is 500 billion

44:13 dollars of existing infrastructure you

44:15 know over the last 15 or 20 years people

44:17 have talked about starting a brand new

44:18 internet it's just not going to happen

44:21 we need we need technologies and

44:24 solutions that innovate in place and so

44:27 you know if you have our technology at a

44:29 thin edge at a branch site and you have

44:31 it in a data center or at another branch

44:34 site that that works we we can and it

44:36 will work with regular ordinary routers

44:39 in between and we don't need

44:41 bi-directionality but when you

44:43 think about the importance of experience

44:46 and how that is all session based on you

44:49 know it's a digital transformation that

44:51 does really presuppose that you are able

44:54 to

44:55 get the bi-directionality so that you're

44:57 able to make sure that the total

45:00 experience not one way or the other is

45:04 functioning well and and that's really

45:06 important

45:07 so you know so andy there's been several

45:09 questions about ipv7 um

45:13 it was a complete farcical notion that

45:15 there was an ipv7 so there really is no

45:17 ipv7

45:18 um you know we were there are bad actors

45:20 though

45:21 well there are bad actors but think

45:23 about the thing about ipv7 is is you

45:26 know we have to get away from using

45:28 these fixed sort of addresses that have

45:31 no meaning to humans

45:32 to express network intent and whether

45:34 you want to call that ipv7 or you want

45:36 to call it uh

45:39 you know

45:40 i don't know what we're going to call it

45:41 but i i think something has to change

45:43 we're at a breaking point and so we made

45:45 that up as a joke

45:48 um

45:49 yeah you know there was a question here

45:51 about you know is 128 uh somehow a zero

45:54 trust network zero tr you know for acc

45:56 an access concept between firewalls no

45:58 tunnels only encrypted sessions

46:02 yeah it is it is zero trust in many ways

46:05 uh first of all every single session is

46:08 authenticated with its unique signature

46:11 on every single header at first packet

46:14 on every on the metadata it's signed and

46:16 then

46:17 thereafter every single packet has an

46:20 hmac um checksum on it or an hmac

46:22 signature on it every single packet that

46:24 is unique to that particular tenant uh

46:27 tenant that is where the traffic is

46:29 coming from

46:30 uh so it it really is um

46:33 you know you can't get one packet into

46:35 this it's it's it's as secure or not as

46:38 a ipsec tunnel would be it's absolutely

46:41 as secure as that nothing can get in in

46:44 in the back way

46:45 but it's more secure than a tunnel in

46:47 the sense of what andy said earlier you

46:49 know tunnels are like open doors like

46:52 it's like a hallway with open doors on

46:54 both ends that open up pathways and

46:57 to a t all of our sd-wan competitors

47:00 use cider block style

47:02 uh

47:04 route enablement

47:05 uh through these tunnels like they

47:07 create they they use these tunnels to

47:08 create a larger

47:10 you know private network that spans from

47:12 your data center to your brand site and

47:14 then you have to go about the business

47:16 of deciding what should go through that

47:18 tunnel with either extended acls or or

47:22 whatever that particular vendor offers

47:24 as a way to to stop things from going

47:26 through the tunnel that shouldn't go

47:27 through the tunnel you know because once

47:29 you open that door

47:30 things could sneak in and out and we

47:32 don't do that we treat each session

47:35 as a unique

47:36 authenticated admittance uh in both

47:40 directions so if it's going from the

47:42 data center to the to the branch uh

47:45 it is a unique session that is is

47:47 separated from the the the session going

47:50 the opposite way from the branch to the

47:51 data center so it really is uh

47:54 zero trust between these routers and

47:56 when you think about um

47:58 segmentation um you know what a lot of

48:02 sd-wan

48:03 companies do is they say well you need

48:05 to have a separate tunnel for if you

48:07 want to have pci compliance

48:09 between the branch and the data center

48:13 you don't need that with our solution we

48:15 are in fact we do quite well in the

48:16 retail area especially the largest

48:18 retail companies on the planet because

48:21 they use our technique for obtaining pci

48:24 compliance it's very very secure

48:26 and you don't have to have a separate

48:27 tunnel

48:28 for to achieve that level of separation

48:32 right right a very easy way to think

48:34 about what we're talking about

48:36 is if you know pat and i each have a

48:38 phone and i can call pat he can answer

48:40 it he can tell me what he sees

48:42 and perhaps he is a video sensor we hang

48:46 up when pat picks his phone off hook he

48:47 doesn't get dial tone so by making route

48:50 paths directional and session stateful

48:54 you really can provide a lot of security

48:56 natively it's almost like a firewall on

48:58 every single route path

49:01 there's a question here about um traffic

49:03 encryption you know pat should elaborate

49:05 on this because it's really interesting

49:07 where things are going and how the

49:08 solution works

49:10 yeah so

49:11 some some sessions or some services do

49:14 need encryption because they're not

49:16 encrypted it may be a an older sort of

49:19 sort of technique your company's using

49:20 that is from 20 years ago and there's no

49:22 encryption uh what we see in most of the

49:25 networks we're in is that about 80 to 85

49:28 of everything that's going between the

49:30 branch and the data center or the branch

49:32 and the internet is already encrypted

49:34 it's already encrypted but and 20 is not

49:37 and of that 20 percent a lot of it is

49:39 things like dns or and or ntp you know

49:42 old-fashioned protocols

49:44 and some of them are going through the

49:46 the the

49:47 branch to data center connections

49:50 and so what we do is we have this

49:52 conditional encryption notion and when

49:54 we see um

49:56 protocols that are not encrypted uh we

49:58 actually can encrypt the payload using

50:00 aes 256 which is the same cipher that

50:03 everyone's using with um with an ipsec

50:06 tunnel so you you're essentially got the

50:08 same

50:09 uh cryptographic security but without

50:12 necessarily having the overhead of

50:14 establishing a complete tunnel and we do

50:17 it on a session by space session by

50:19 session basis so it it's as good as tls

50:23 uh in that sense it's session by session

50:25 and it's encryption for each session we

50:27 do all the key management between the

50:28 routers for those protocols that don't

50:30 have

50:31 uh encryption but we don't re-encrypt

50:34 everything else and so if you're using

50:35 ipsec tunnels

50:37 and 80 of your traffic's already

50:39 encrypted you're paying a heavy price

50:41 both in terms of increased latency

50:43 increased bandwidth and and a much lower

50:47 performing uh router because of all the

50:49 encryption work it's doing

50:51 so we do not

50:55 there's a question here about for an

50:56 enterprise currently to make use of of

50:59 the 128 solution the juniper 128

51:01 solution is an on-prem data center

51:03 on-prem slash data center the model as

51:06 opposed to public cloud so maybe we

51:07 should talk about

51:09 where we are with cloud so so we

51:11 we make software and in the same exact

51:14 software like the exact same

51:16 distrib release of software will run at

51:19 aws it'll run on a dell server it'll run

51:22 on a on a lantern or an azure telecom

51:25 box it'll run in azure it'll run in uh

51:28 uh

51:28 uh

51:30 ali cloud i mean it's the same exact

51:32 software and it runs on high-end

51:35 yeah and

51:36 so you don't have to it's almost like

51:39 and and you can have one

51:42 sheet of glass to run all of that you

51:44 know one conductor to run all of it and

51:46 when we you know when bit when um marty

51:48 was coming back from the future and he

51:50 said that the it guy uh controlled

51:53 things that were in the public clouds uh

51:55 that's how you would do it is you you

51:57 have complete network control of all

51:59 these routers wherever they're located

52:05 so um another question was about you

52:07 know does 1500 byte packet size make

52:09 sense in a world of 100 and 400 gig

52:12 links and you know first of all a huge

52:15 part of the gain of our technology and

52:18 not encapsulating happens with the

52:20 latency with respect to small packet

52:22 sizes where interactive

52:24 communications are involved i mean you

52:26 can see latency cut in half at that

52:28 point but it is true that if you try and

52:30 encapsulate large packets you can result

52:32 you know it can be packet fragmentation

52:34 as a result but maybe you want to answer

52:37 the question more broadly about

52:39 yeah

52:40 it's it's a very good question because

52:42 we on the outset our assumption was that

52:44 we'd only save 12 to 15 percent of the

52:46 bandwidth when we before we actually got

52:48 customers and really dug into it the

52:51 assumption was that oh you know this

52:52 1500 byte packet uh it needs to be act

52:55 with a small packet the average would be

52:57 750 bytes you know uh velocloud uses a

53:01 hundred and third 131 bytes of

53:03 of overhead we don't have any

53:06 therefore we would save 131 over 750 12

53:09 14 and that that was our assumption

53:12 and and

53:13 we were so surprised at how many small

53:16 packets are out there in real networks

53:18 you know we did a retail establishment

53:20 and they didn't believe that they were

53:22 going to save anything they were using

53:23 cisco dmvpn and they weren't even using

53:26 sd-wan it was just dm vpn which is a

53:29 basically uses ipsec tunnels to connect

53:31 branches to to uh the data center and

53:34 they said there's no way you know you're

53:35 going to save 15

53:37 no way so we

53:39 counted

53:40 real traffic on a real we we were

53:42 implemented in a real store for a trial

53:44 and we measured and compared uh the

53:46 traffic before and after the

53:48 implementation and we we uh did it over

53:52 a two hour period and we saved them 37

53:55 and you know

53:56 the question really comes down to why

53:58 are there so many small packets what are

53:59 their proprietary apps and why are they

54:01 sending small packets and all those i

54:03 don't have the answers to all those

54:05 i mean

54:06 all i can say is is that

54:08 it was 37 savings and they were just

54:10 dumbfounded when they computed because

54:13 everything has to go through a security

54:14 stack and because they uh have to have

54:17 data center head-end routers and they

54:18 have to have uh circuits and everything

54:21 for this whole network they were saving

54:23 five terabytes a day based on that and

54:25 and it really did move the needle and i

54:28 you know it is surprising um i think

54:30 everyone should should

54:32 measure their own

54:33 uh

54:34 you know try to measure their own we

54:36 added a feature in our product that

54:38 actually does it for you and it tells

54:40 you how much you're saving over using a

54:42 velocloud-like solution uh or or

54:46 you know a solution based on ipsec

54:48 tunnels and it computes it in real time

54:50 and you'll see it vary from 12 to go as

54:53 high as 50 percent for certain

54:55 applications like voice we we do a lot

54:57 of voice as well

54:58 it saves well into the hundred percent

55:00 range well into a hundred

55:02 it it's amazing it's it's like a it cuts

55:05 your bandwidth in half so

55:07 it is remarkable actually and and before

55:10 people say it doesn't matter they really

55:12 need to start looking at their costs of

55:14 their of all their head and routing

55:15 equipment and circuits right

55:18 and and you know a derivative of that is

55:20 that you know more and more people are

55:21 using wireless as a backup

55:24 to augment their wireline connectivity

55:26 and if you need to move a session that's

55:28 not performing onto a wireless link and

55:31 you depend upon tunnels you're either

55:32 going to drop the session because the

55:34 tunnel convergence time is going to be

55:35 longer than what the session timer will

55:37 allow or you're going to keep the

55:38 session you're going to keep the tunnel

55:40 alive and incur a pretty onerous expense

55:42 in terms of heartbeat

55:45 while you're just waiting to receive

55:46 something that may or may not

55:48 happen so

55:50 you know not requiring tunnels means

55:51 that you can just move over to wireless

55:53 link you you can move the session it

55:55 runs and there's no convergence time

55:57 there's no bandwidth penalty in terms of

55:59 a heartbeat there was i think john had a

56:01 question as it related to does this

56:03 replace bgp and that's a good question

56:06 that is a good question the

56:08 no it it doesn't in fact our although we

56:10 didn't explicitly talk about it in our

56:13 in this presentation our router has to

56:15 support ospf bgp and all the different

56:17 routing protocols that are in use today

56:19 because there's nothing wrong with layer

56:21 three layer three works fine you know

56:23 the issue really is when networks talk

56:25 to each other it's like i have an rfc

56:27 1918 private network running 10.0

56:30 addresses and i need to talk to aws that

56:32 has another 10-0 address space and our

56:35 approach to this over the last three

56:37 decades has been let's make a win and

56:39 normalize all this addressing so

56:41 everything can talk to everything and

56:43 then we'll put in extended acls to

56:45 prevent everything from talking to

56:46 everything and then you know

56:49 let's hope the company doesn't divest

56:51 anything or buy anything or or change

56:53 anything because oh my god

56:54 it it it just becomes so freaking

56:56 brittle and so we said the problem is

56:59 you can't go between networks it's an

57:00 inter-networking problem we have it's

57:02 not a networking problem it's how these

57:04 networks where these networks meet that

57:06 bgp doesn't go

57:08 you can't connect be you know bgp won't

57:11 allow you to connect a private network

57:13 over a public network to a private

57:15 network it doesn't permit that that's

57:17 the focus of what we're trying to do

57:20 here which is create an internetwork

57:22 that works

57:26 so something you said uh sparked ramesh

57:28 uh to have an observation saying so i

57:30 suppose this is an overlay then

57:33 yes it it it is an overlay technically

57:35 we get into this dispute of is it an

57:37 overlay and it is a logical overlay for

57:40 sure it just isn't tunnel based it

57:42 signals with metadata

57:44 in the first packets of sessions and um

57:47 not in every session like ipv6 segment

57:50 routing but just in the first packet

57:53 right right

57:55 well patrick i you know i i guess i'd

57:58 like to just you know end by saying

57:59 thank you to everyone that came um you

58:02 know we have lots of materials we run

58:05 um you know lots of webinars seminars um

58:09 we're distributed all over the world

58:11 come check us out we we really feel like

58:13 we can have a dramatic income on your

58:16 digital transformation journey that will

58:18 have positive business outcomes for your

58:21 enterprise or your organization and um

58:24 you know we're we're here for you so i

58:26 hope this is the beginning of a

58:27 relationship or an extension of an

58:30 existing relationship pat is there

58:32 anything you want to end with yeah i'm

58:33 on linkedin if anybody wants to have a

58:35 one-on-one about the technology i i just

58:38 love it so give reach out to me on

58:39 linkedin

58:42 excellent

58:44 thank you

Show more