Is it time for a network tax cut?

It is truly remarkable to what extent corporate and personal behavior is dictated by tax policy. Much of the discussion in our nation’s capital in regard to tax reform has been about competitiveness as a rational to lower corporate tax rates. It appears as though the United States charges a 20 percent higher tax rate than much of the rest of the world, forcing corporations to shift some operations and assets into lower tax rate jurisdictions. It’s safe to say that tax policy impacts behavior in measurable ways.

Just yesterday I was speaking with a communications service provider analyst. We discussed the overhead of SD-WAN tunnels. I showed the math of how it can tax various protocols. The tax for various protocols was:

The analyst even agreed that based on an average mix of traffic (iMix), that the weighted average across all protocols might be as high as 30 percent for many organizations.

What was shocking is his response that “Nobody cares about tunnel overhead.” I have heard this from many in our industry. In fact, it’s generally taken as fact – tunnel overhead is negligible. While it may be true, on a single site, single WAN connection, 30 percent extra bandwidth may not move the needle, if you have 2,000 sites, and you are using/building/paying for connectivity, over the long haul you will spend 30 percent more. The fact that everyone in our industry dismisses this as “noise” is shocking, especially since most believe bandwidth rates will double yet again.

Why tax policies in the 20 percent range impact worldwide behavior, but competitive companies are willing to disregard savings of 30 percent of long term networking costs as negligible is fascinating. Has our industry thrown its hands up? Is accepting a new 14 layer ISO stack the new norm? Is 96.2 percent overhead on a single terminal keystroke acceptable? It’s no wonder the average networking professional is loosing respect organizationally. If FedEx or UPS had to repackage every package, and it added 30 percent to their transport costs – would anybody think it was negligible?

There are also many cases where 30 percent additional bandwidth simply doesn’t fly. Satellite communications links are expensive per unit of bandwidth and satellite companies frequently charge by bandwidth use. Many public clouds also charge for bandwidth. In these cases, there is a hard dollar cost associated with the additional bandwidth. Large files moved at line rate can take 30 percent longer to deliver, delaying business processes.

Arthur Laffer’s famous trickle-down economic theory suggests that there is a relationship between tax rates and taxes collected. He theorized that if taxes were 100 percent, tax collections would be zero because there would be no incentive to produce goods or services. Is there a similar performance theory in networking? Is there a trickle-down benefit when we eliminate encapsulation and seven additional network layers?

The simple answer is yes. Inspecting and securing 7 layers is easier than 14. Avoiding reduced MSS speeds effective bandwidth transfers. Avoiding consequential packet fragmentation greatly improves router efficiency. Providing network fairness and QoS is far easier on discrete flows. If we could route the packets without tunnels we definitely should.

What about hidden taxes? There is a hidden network tax lurking today in managing our attack surface area. Network professionals are expected to offer the smallest attack surface possible. Common tools in reducing this include VRF’s, ACLs, pseudowires, private networks, VLANs, VxLANS, and firewalls, and there are an even bigger array of tools for detecting intrusions when they occur. This expense is not just born one time—there are ongoing operational expenses tied to managing these tools. Furthermore, these tools are used in combination; they are complicated and often operationally impactful which further taxes our network engineers. With open arms we accept this challenge without ever questioning why. Why don’t routing protocols distribute ACL’s along with route advertisement? Why are all of the reducers of attack surface area manually provisioned while route dissemination is automatic?

How did our profession ever get to a place where network taxes are deemed unworthy of our attention? What we need is a revolution in methodology and values. We need to return to our roots as networkers, and start thinking about solving problems with software infused intelligence at the session/networking layer. Look how application developers focus on improvements—TLS1.3 is an example of good progress forward, achieving a 50 percent reduction in packet exchanges and a full prevention of any legitimate or illegitimate man in the middle (proxy), and all done with software and backward compatibility. We need to begin thinking about changing the game. Warning to all CCIE’s: advances in networking may require software intelligence. I say bring it on! Let’s start returning benefit rather than new layers of complexity and waste.