Palo Alto, California-based Forward Networks can create a virtual twin of a network to assure network performance. The firm was launched by four Stanford University Ph.D.s five years ago and has raised $33 million in two funding rounds.
Forward's software taps into configuration data and operational state information from every device on the network to create the virtual copy. The flow of data is constant, so the digital twin always is current. It tracks how the network is doing and assesses the impact that any hardware or software change has on operations. The data collection is done via APIs that link to major manufacturers' network equipment.
“We have a copy of the production network in software and use this digital twin to map all actions the network performs and use a mathematical algorithm to determine whether they are operating as they should be,” Forward Networks CEO and Co-founder David Erickson told FierceTelecom.
Erickson said that when the digital twin is turned up, it invariably finds issues lurking just below the surface. “We help to find landmines, such as misconfigured VLANs, things that are very common," he said. They may not impact things at the moment, but innocuous changes may make those things a problem. He added that every network has a significant “punch list” of issues that must be addressed.
Forward Networks is in the intent based networking (IBN) sector, in which network administrators can tell the system what changes are desired, and the network executes those on command. The network administrators no longer have to wrestle with details.
Erickson said it is not always easy for network administrators to know what they need to ask the network to do. The organization may be running hundreds of applications. Determining what each needs to do to be in line with organizational goals and turning that into specific policy directions is hard. Forward Networks does this, Erickson said. "Forward Networks helps crystalize intent," Erickson said.
The real-time use of a digital twin has several applications, Erickson said. It can ensure that a condition is persistent. For instance, an organization may assume that the guest Wi-Fi offers no path for a bad actor to get to the backend corporate network. Forward Networks continually assesses whether that assumption indeed is accurate.
Another Forward Networks use case is control of change windows. When organizations make changes to their networks by adding or subtracting hardware and software, changing configurations and in other ways, precautions are taken to ensure that there is no unforeseen impact. If, for instance, a new application is being installed in a distributed network, the platform would take a snapshot of the network immediately before the firewall is opened and immediately when it is closed. A comparison of the two will point out whether an unintended change was made.
“Forward Networks has taken a compelling approach to network assurance through verification," said Brad Casemore, IDC's Research VP for data center networks. While no two vendors take precisely the same approach to the market, Casemore points to Cisco's Network Assure Engine, Veriflow and NetBrain as vendors with products that generally look at ensuring networks are performing as expected.