Network Analytics Starting in 2016

One area of networking that is desperately waiting for new approaches is what we call visibility now but will be analytics tomorrow. Visibility is really about reading data from the network and then presenting it on the webpage while analytics can merge dozens of disparate data sources into a much more useful information with a dash of machine learning. For example, compare call centre logs with network application performance and look for correlation.

Visibility is “read-only” from a limited set of very old APIs in the network like SNMP, Syslog or CLI scraping [1]. Analytics takes multiple sources including new SDN APIs like OpenFlow, OVSDB et al.

SDN is about enabling new APIs and new ways of accessing device information and one of those is providing not only read but also write API functionality. And SDN has created new APIs based around flow networking concepts that expose better data sources and richer forms of collating information on traffic flows and the network services they represent.

Network Analytics got serious boost in credibility when Cisco announced an entire product portfolio on analytics. At the same time, customers are building their own solutions in response to the poor quality of current SDN APIs especially when it comes to monitoring, configuration and telemetry as this video from Feb 2013 highlights.

Why Not sFlow or NetFlow

But having the data itself isn’t all that useful consider, for example, the rise of NetFlow Monitoring software over last five years has been slow, at best. sFlow and NetFlow are somewhat better than packet capture as a data source but the source data require enormous processing to extract useful information. sFlow is, to some extent, customisable but relies on vendor CLI implementation for configuration and thats still highly resistant to software control.

Don’t Rush In, This Isn’t Core to Cisco Business

Cisco has patchy record of making successful software products and a Google-like history of abandoning products after a year or two if they aren’t successful or no longer meet a new “vision”. Don’t believe any hype about committed products and investment protection, I would wait a few years before jumping in. I would look for startups with a lower cost of entry and learn about network analytics in a safer environment.

Routers as Telemetry Tools

Juniper is also seeing demand for Telemetry. In this blog post on Network Analytics.

Junos Telemetry Interface (JTI) is a highly scalable distributed telemetry collection engine that is designed to help network operators stream statistics and event states to data collectors, network controllers or any other device that is capable of collecting this information for real-time or post analysis.

Although I can’t find any manuals or documentation on “Junos Telemetry Interface”(is it real ?) I believe that this signals a new era in network devices.

Today, the primary function of a hardware router is to route IP packets between two interfaces. In 2016, that simple function isn’t valuable in the face of silicon and software commoditisation and customers expect more for their money. Routers are well placed to act as telemetry data collection tools for network and application visibility as a value-added features.

Its Not Big Data, Its Not Big Money

Some of the press see this announcement as Cisco moving into Big Data. Big Data is to Network Analytics what a database is to websites, simply part of the system. No doubt Cisco has a “big data”-like engine that is performing the actual analysis but Cisco is adding value by inputting data directly and providing default templates for ease of use.

At the same time, there is real competition to vendor-led initiatives that are open-source projects. Only a moderate level of competence is needed to build an ELK-stack platform with couple of engineers (not programmers/developers) and a few months of project time. But Enterprises & Carriers are unlikely to realise this or consider it a viable option.

The EtherealMind View

Analytics is a big part of the future of networking and we are taking small steps down that road. I’m looking for more information in this area.

  1. Yes, entire software libraries and/or frameworks exist to create APIs out of device CLI scraping with SSH.

Originally published at etherealmind.com on February 22, 2016.

Show your support

Clapping shows how much you appreciated EtherealMind’s story.