Network intelligence as promoted by the large network vendors is the Star Wars defense system of our time - monolithic, vulnerable and inherently unreliable. Proponents of smart networks want to extend their hegemony by incorporating application performance and security into a unified, super-intelligent infrastructure. They want to integrate everything into the network and embed security into every node. In theory, you would then have centralized control and strong perimeter defense.
The other side - Cisco's Rob Redford
Face-off Forum
What do you think about smart networks?
While on the surface this sounds reasonable, a deeper look reveals that this kind of approach presents significant risk for users and service providers. It runs counter to the clear trends in network communication, such as today's radical growth in broadband and wireless networks , and increased virtualization of corporate networks through use of public infrastructure. As a result of these trends, much network traffic is accessing corporate data centers from public networks rather than the private LAN, and the boundaries of the enterprise are expanding. Companies must grow by embracing these trends and fully leveraging public infrastructure and the power of the Internet.
Network vendors are right in recognizing and trying to address the two fundamental challenges of network communications: application performance and security. However, they are wrong in believing the best way to address these concerns is to integrate application performance and security into the underlying network.
The alternative is to avoid building increasing intelligence into the physical network, which I call the connectivity lane, and building it instead into a higher-level plane I call the intelligence plane.
The connectivity plane covers end-to-end network connectivity in its broadest sense, leveraging IPv4 and eventually IPv6 . This plane's characteristics are packet-level performance and high availability. It is inherently insecure but incredibly resilient. The connectivity plane should be kept highly controlled and standardized, because it is heavy to manage and expensive to build and update. It should also be kept dumb, with change happening slowly.
Conversely, the intelligence plane is application centric and policy driven, and is an overlay to the connectivity plane. The intelligence plane is where you build relationships, security and policy, because it is flexible and cost effective. This plane is network independent, multi-vendor and adaptive, delivering applications and performance across a variety of environments, systems, users and devices. The intelligence plane allows you to extend the enterprise boundary using readily available public infrastructure. Many service and product vendors offer products that address the core issues of security and performance on the intelligence plane.
Connectivity vendors should focus their efforts on building faster, easier to manage and more reliable networks. Smart networks are good for vendors, not customers.
Kaplan is CEO of Aventail. He can be reached at evank@aventail.com.