 Hi, I'm Peter Burris and welcome to another CUBE Conversation from theCUBE Studios here in beautiful Palo Alto, California. Today we're going to talk about network assurance, a problem that's becoming increasingly important to large organizations as they envision greater distribution of their digital capabilities. And to have that conversation, we've got David Erickson, who's the CEO and co-founder of Forward Networks. David, welcome to theCUBE. Thank you, and a pleasure to be here. So let's start by getting a sense of what Forward Networks is. Tell us a little bit about Forward Networks and then we'll jump into it. Yeah, Forward Networks is a startup company here in Silicon Valley, based out of Palo Alto. Been in business for about five years now. Our background was four of us as co-founders were in the networking group at Stanford under Nick McEwen. We graduated with PhDs in computer science and networking in 2013. Saw a major problem in network operations and in the network assurance space and decided to go after it. Big Hairy problem, which we'll dig into, but it's been about two years since we've been in market, and yeah. All right, so let's talk about the Big Hairy problem. I can remember the days when network administration and operations was about finding a device, plugging something into it, making sure that you had an electrical circuit in place and then going back and telling everybody you'd done your job. Those were very simple networks. It took a long time. Some of them were pretty complex. As we moved to increasingly complex physical networks, but even more complex software to find networks, that assurance, that certainty that we have the network that we think we have kind of has gone away. So talk to us a little bit about this notion of network assurance. What is the enterprise problem that we're trying to solve? Yeah, I mean, you're dead on. If you look at the history of networking, we started very simple. We could manage this with humans. We only had so many changes we had to make on a day-to-day, week-to-week basis. But over time, we're now operating networks with thousands, even tens of thousands and hundreds of thousands of network devices in them. And that's, as you indicated, only growing with software-defined networking as we're bringing and dropping software elements that are also doing forwarding to bear on this. But unfortunately, well, at the same time, we also had a huge increase in applications and mission-critical day-to-day business operations and infrastructure that depend on this network to stay up and working. But if you look at what actually is done to ensure they're working properly and what the change process looks like, it's somewhat depressing to be completely honest. We make an awful lot of changes in production with minimal, if any, pretesting. Our post-testing is, you know, our customers calling us or our internal customers calling us, telling us it works or not. If they're not, you know, maybe we'll do a couple of pings and simple trace route tests and move on. And of course, this is tremendously risky to the business, let alone security, which is a whole nother topic we can dig into. But we need to bring in, and this is part of what Ford Networks is focused on, is helping our customers understand and ensure that their network is always up and stable, achieving what they want to achieve, that they've changed what they want it to change, and that it's as secure as they expect it to be. Now, let me build on this notion over network assurance, because we can think about it at, I'll just say three levels for right now. There's a lot of folks who do some sort of network device assurance. Have you updated that device? Have you updated that software construct? We've got Ansible, we've got a number of other tools that can do some of those things. And we also have tooling that can tell you, generally speaking, you know, in a knock, whether or not the network is up and available. But I think what you're talking about is something that's in between, where we're talking about a network being a logical organization of resources that communicate with each other, and assuring that as we make changes, that context, that notion of things in a relationship working together is not lost. Have I got that right? Perfectly right. So today it's reasonably straightforward to, with Ansible or NSO or TailF, you know, whatever, like some system today, to go out, make a change to the network, and then come along behind and maybe with some other scripts ensure that that actually went out. But what's really hard is to paint the holistic picture that even though I made these changes, all of my critical applications are actually still functioning. And so this is what we would bucket in a higher level term called intent-based networking. This is a reasonably recent entrant into how we think about networking, but it's very simple from a high level. It's, I need to holistically paint a picture for what my network should deliver to me on an end-to-end basis. And I need to assure that this is always happening. And this can be from a connectivity perspective. You know, imagine I'm a web company that has a bunch of customers that need to come in from the internet and hit my critical application that's underpinning everything my business does, right? So I need to know that my network has paths in it that are enabling that to occur 100% of the time. And so that's kind of the crux of intent-based networking, but it's thinking in high-level end-to-end actions, as opposed to the very nitty-gritty nuances of what's going on in any of these devices. Actually, let me give you another use case. So I can imagine a telco, an operator, that used to have physical devices and coordinate off some of those physical devices by customers to provide their network. But as they try to gain flexibility, gain speed, gain profitability, they're using a software-based network approach to do a better job of administering changes and management of those resources for their customers. So they want to be able to assure a customer that the network that the customer thinks it has in the context of the telco's overall network is assured, it's there. The customer, we can validate for the customer that even though we made a change, their network is still in place, right? Absolutely, multi-tenancy is a great use case for this, where you've got a bunch of different, even isolated networks that may be sharing the underlying physical infrastructure that are also being spun up with software, software elements that are really sucking the software out of the existing hardware, but making it more flexible, on-demand, all of those capabilities. And we see that for sure in telcos and in that space, but we also see it in the cloud, as people are moving applications up to the cloud, the same type of software elements are being controlled and set up there. And they have all the same pain and suffering that you see on-premise. And I think there's certainly not enough people that have set those up that understand that today, but as soon as they dive in and realize all of the configuration permutations that exist in cloud networking, they can pattern match and say, oh, this is the same difficulty that I've had for years in my on-prem environment. Well, let's talk a little bit about that security thing, because we can dive into it, because there is a close relationship between being able to stay categorically that this network contextually is in place and assured, and that we now have an understanding of what security is required on that set of resources. How does network assurance, intent-based network, and security come together, especially for you guys? Absolutely, so I think this, to talk about this, is good to talk a little bit about how the software works. So underneath the covers, we go and collect all of the data from the individual network elements without agents, without actually needing packets. We build a digital twin or a model of the underlying network in software. And then we run analytics that are based on research that came out of years and years of PhD study by one of my colleagues, plus us productionizing that as an organization, that using an actual mathematical model, we can trace where every packet could ever go in that entire environment. And why this is important is to be able to prove security properties of a network. You have to know where everything could ever go to conclusively prove it, right? And more often than not, today we're using very small sampling methods to try to prove properties with humans and doing port scans and things of that nature that just aren't comprehensive. And so this is part of our core technology that we bring to bear in this problem is knowing everything the network is capable of and then being able to mathematically prove security problems to your previous case. Imagine you've got a service provider that's offering a network to two competitors, right? You wanna make sure that those networks are actually completely isolated and that there's no possible crosstalk that could occur between there. So with our software, we can analyze that, we can prove that they are completely disconnected and then the event that they're not show you exactly why they are not when it began occurring and then quickly help you get that corrected and prove that you fixed it. You know, it's interesting because increasingly digital business is gonna mean that very, very complex partnerships are engaged through digital mechanisms and in the world of contracting there's a notion of a secured facility where I put something in there and you can take it out you can look at it, but you can't take it out. Now I could imagine your tool could also be used to set up those kinds of they used to call them to militarize zones and those types of things, but at a business level a facility where we can assure that we know who gets in when they get in and how they get in and when they don't. Absolutely, an obvious use case that occurs all the time is guest Wi-Fi. Every company on this planet has that, right? You wanna make sure though that when people are coming and consuming your guest Wi-Fi that they're not able to get back into your database and cause you a privacy or security incident and this is something we can assist with. So we're talking about moving from a probabilistic approach to assurance to a categorical, mathematical approach to insurance and being able to start to layer on some of those intent-based networking things. Let's talk about how the problem's gonna get worse, 5G. For folks who might be saying, oh yeah, well yeah, I got this issue it's gonna get even richer and more complex as we put out networks out there that can have greater densities of devices within them, higher bandwidth, even less time to assure that the network's behaving the way we expect it to. How is that gonna fold into this whole story? Yeah, absolutely. In almost every dimension, networking is growing in complexity every single year. 5G is a perfect example. We talked about cloud earlier, you see SD-WAN as another one as we kind of shift from MPLS to overlays over the internet. And the pace of that is just increasing. So if we don't catch up to that from an operational capabilities perspective, we're just gonna lose control of it, frankly. And the amount of outages, security incidents, time to deliver product internally in my business as if that all continues to increase, we're gonna be in a really bad place. And so that's why 4Networks has focused on trying to solve that and to bring up the capabilities of the operational teams to match that growing complexity and to level it out, frankly, and so that it becomes something that we can consistently bring into our environment. We all wanna transform our networks to bring in these technologies, but if we can't get ahead of the operational aspect of it, we can't do it. Yeah, we fail to adopt them. So you raise something interesting. So just really quickly, how does network assurance tooling, like what 4Networks provides, change the mindset of the network administrator from I used to do it this way and now I'm gonna do it that way? Yeah, we think of it really as DevOps. It's bringing the DevOps mindset that we have in software development of all the way to test-driven development where you write the test, then you write your code and then when the test passes, you know that you did what you need to do, you push that into production, you test it again and you just continue the continuous integration, continuous deployment cycle. That is the type and we've refined that over 30 to 40 years in software development and that's what enables us to have all the amazing services that we get on the broader internet today. We believe that that same sort of mentality and the characteristics of that pipeline need to be brought to networking to be able to give us confidence before we make changes what the outcome of that's gonna be into my network as we deploy them out to the network that it's doing exactly what we expect it to do and then to continue to monitor that because networks are living, breathing things that have humans that are out there on keyboards touching and changing things. If you don't keep an eye on it, it can run away from you really quickly. Which is what makes a NOx such an exciting place to hang out in IT organization. All right, so very quickly, last couple of minutes here. Where do you see forward networks going with the tooling? What's next? Yeah, we think of it very holistically as we would like forward networks to be the single source of truth for everything about your networking environment. Today this is layer two through layer four, switching routing, load balancers, firewalls, allowing you to get the visibility that you've craved across all of that to get that across the cloud to get that across all of the leading technologies from the various vendors and to layer in additional data over time. But ultimately it's to help you have uptime, confidence in what you're doing to be able to speed through the roadblocks and the hurdles that you deal with internally and delivering product, delivering network applications into your network and then just evolving that into the future. I think that this is the enabling technology to get us to the place that we have scalable 5G services, that we have these planet wide networks that are being put into space shortly to help reach every corner of the planet and to enable the next generation of overlay services that change our lives. We need, the network needs to be as reliable as power delivery and deliver the bandwidth and all of these things that we need. But to do that, we have to have scalable network operations otherwise the companies that deliver the services to us can't pay for it. No, absolutely, it's a major challenge for the world digital business transformation and quite frankly, good guys versus bad guys. All right, David Erickson, CEO and co-founder of Forward Networks, thanks again for being on theCUBE. Thank you very much. And I'm Peter Burris, thanks for listening about talking about network assurance. Until next time.