Deep Dive: Network Architecture Challenges

Hello, my name is Litten Thomas. I'm a Technical Enablement Architect here at Cloudflare and I'm joined by Deepika Nath.

Deepika, would you like to introduce yourself?

Yes, thank you Litten. It's my pleasure to be here in front of this audience and also in front of you, Litten.

I'm Deepika Nath. I work for Kindle. I'm part of the CTO office in Kindle and I am Director of Infrastructure and Cloud Networking Architectures.

What that really means is a bit of everything architecture related, networking related, that spans multiple facets of enterprise networking.

It's a pretty exciting role.

Yeah, it sounds exciting. It sounds very in-depth too.

Today we're here to talk about actually the challenges that an organization faces with their current network architecture and how a partnership with both Cloudflare and Kindle can help solve some of those challenges.

Deepika, would you mind going into what a current customer environment is like today and what some of the challenges that that environment presents are?

Yes, absolutely. So when we think about networking of the past, things were simple way back when.

Customers owned everything on their premises.

They had their four brick walls or their offices and they trusted everything.

They built what they wanted. They controlled everything on-prem.

People came into work. They did their thing and they thought everything was fine.

And it was a little bit easier to control everything when they had everything they needed in their data centers or they had very stringent connectivity coming in from their branches, right?

What has changed in the last decade or more pretty much is a bit of an evolution and a patchwork.

We are seeing more and more of remote workers.

We are seeing a lot of requirements that I would say have been band-aided, sort of band-aided.

Like when they wanted their branches originally, they would simply get a point-to-point link or something.

When they needed more and more branches, they went to something like MPLS.

What do you see? We see a lot of the same. In fact, my experience prior to all this, I used to work on the network side of infrastructure and I actually laugh a little bit because in some of the places, I would imagine even in this building, the wiring that was laid down 20 or 25 years ago is still the wiring that is being used today, right?

And the challenge is that many times when a problem was surfaced, the solution was just to fix that problem without consideration to how the problem would be addressed later on or what this problem solves today would lead to greater complexity later on or as the network grew.

And so what happened was you started to see just a solutions bolted on top of each other, right?

And we had talked previously, we got a good chuckle out of the fact that take routing for example, right?

Static routes were fine until they weren't.

And then what happened was then dynamic routing was introduced. But as we know, dynamic routing actually came with its own problems between BGP and OSPF and a whole host of other solutions.

They were also all just point solutions for these specific problems.

But as time went on, they themselves became a problem, right? Right.

Absolutely. In fact, I think that technology really evolves to solve problems as they occur.

And we have been in a place where interoperability became an issue.

Some standardized protocols were developed. They had their own problems to make them even more interoperable.

We thought about routes being injected, right?

Exchanged. Eventually, we had a standardization with EBGP, right? But at the end of the day, when we think about networking, it was simply taking 0.1 to 0 .2 connectivity and having that connectivity work without a thought of how is my business evolving?

What is it going to need? And anticipating what could happen.

Right. And imagining, right? Imagining what could be the future. That really didn't exist.

So even when SD-WAN came into play, right? It brought certain ways in which you can prioritize how traffic gets into your network.

Beyond that point, you lose visibility into what happens, right?

Until it reaches that other destination.

So where we are today, I think is we need to think about re -imagining.

We need to think about, you know, what the network wasn't designed to do.

It was never its mission. But now we have a mission to make it not only network -connected, being secure, being agile, and really being that dynamic place where it creates the business of the future, which is frictionless.

Right. I think it's a great way to put it is the network was never designed to be intelligent.

It was really just a way that allowed for organizations to connect one site to another, one server to another, and, you know, one device to another.

And in doing so, what you had said also is important is that security was never a thought, right?

We implicitly trusted everyone that was within the four walls of the office because they belong there.

And so as a result, what happened was you started to see as time went on and as these solutions got more and more complicated and distributed, they also started having these issues of where is the security in all this, right?

And especially nowadays when organizations are moving into the cloud and moving into remote work, that becomes even more top of mind.

Organizations struggle with how to connect on-prem environments to cloud environments, remote workers to environments.

And there's a need to connect, but still no intelligence.

We were actually having a conversation about how even the cloud providers all do networking separately.

Differently. Yeah, differently.

Yes, yes. And that presents its own challenges because you now have to figure out how the networking works with each different cloud provider.

But at the end of the day, there's still no intelligence to it, right?

We don't have that intelligence.

So I guess that leads to my next thought, which is, you know, how would we allow for greater intelligence and more of the ability to have greater connectivity, regardless of where that resource is?

Right. So this is what I think.

What does a business need? They need agility, right? They have what they have on-prem.

They have pockets of MPLS where they have brought it together. Then they have remote branches that are just connected.

They may go into purchase and acquisitions.

They don't know what the future holds. What we need is a place where all these things can come in together.

And the paradigm shift of super connectivity with security.

Let's talk about what that looks like, right? It's not just about where I'm coming from.

It's about who am I? Am I an engineer? Am I a customer?

What am I allowed to access? That's that one point of view, right? How do I enforce that, right?

So what makes sense to me is to enforce it at the closest point to where the traffic enters the big connectivity cloud or the super connected place that we're talking about.

And we can do this, right? In a standardized way.

To me, that protocol is Anycast routing. Let's talk about what Anycast routing is in a nutshell.

Why am I excited about it? Sure. Okay. To me, it's the simplification.

In Anycast, what you do is take, build, say build an endpoint address that any point in your global presence can respond to.

What does that do?

In my customer prem, it simplifies my connectivity configuration. All I need is two IP addresses.

I say, I'm going to build my connectivity to this and this, and that could be responded to by anybody.

What does that mean? It gives me the ability to have HA, or I don't have to worry about active standby.

I don't have to worry about active active.

I can have multiple ways in which I can take my traffic, consume my traffic, and I'm not doing it as a customer, right?

The network is doing it for me, or that enablement of the technology is doing it for me.

In an intelligent way.

In an intelligent, that's what intelligence means. That's just one aspect of connectivity.

When it hits that point of presence where the traffic enters the super connectivity cloud, right?

They enforce the policies. What does that policy look like?

Who am I? What do I need to get to? Am I allowed to do it or not? Answer those simple questions.

Yes. It's hard to interrupt. How does that happen today?

The the request comes in after it already hits the network is when that assessment of what privileges are is done, right?

And that presents a problem in itself.

What we're saying is that you can now at the edge, allow a lot of the inspection to occur so that once the traffic passes through, it is appropriate and it belongs there as opposed to potentially being a threat after.

I actually call it, define it once your security posture, centralized, right?

Your centralized policy control, enforce it everywhere, uniformly with a single pass, pass through.

That's what the ultimate Nirvana is. Because it doesn't matter if I'm working from home, I'm working from somewhere else, I enter the network, network knows my identity, verifies it, verifies what I'm allowed to do, enforces that security posture.

I only define that posture once. What does that mean? Simplification.

It's also a consolidation of network and security coming together. So naturally, we are taking away the friction of network and security teams from the past, having them work together on the centralized policy control.

But the beauty of it is you only define it once.

Yes, the great benefits to an organization is that you had alluded to, HA is built in, redundancy is built in, resiliency is built in.

So even if traffic needs to be rerouted, the network knows how to reroute it as opposed to requiring that your teams have to say, do route updates or anything like that, right?

And that provides a tremendous amount of flexibility back to the organization because now instead of having your teams do the more mundane work, they are more free to improve business practices and be more meaningful and additive to the business, which is something that we're all dealing with these days.

Yes, that's exactly what it is about is that simplification architecturally to bring together uniformly how diverse types of connectivity will come in and force the policy in a consistent way.

But at the same time, this super connectivity cloud is dynamic, responsive, inclusive of threat actors.

And agile. And agile, yes. So blocking the threat vectors that come in, in a consistent way, dynamic rules to implement new threats as they occur, protecting your assets, all globally.

That's the future.

And, you know, without, without belaboring the subject, the fact that security can be enforced at the network, as opposed to having to do it in other parts and allowing for the network to be that decision maker, if you will, as far as if the traffic is allowed in or not.

And that's something that we are, we're very excited that the paradigm shift is underway and both Cloudflare and Kindle can be partners that enable that paradigm shift for organizations, as well as for, for the people who are doing the job on a day-to-day basis.

So in closing, what I wanted to just kind of recap is, you know, there's a, there's a paradigm shift underway that the old ways of doing technology, especially networking, they really haven't changed in the last 30 years.

If you take out one vendor and bring in another vendor, you're not rewiring the environment.

You're just plugging the existing environment into new tools.

And as time has gone on, those tools have just had greater and greater bolted on features without ever addressing or looking to what the complexity of this environment could be 20 or 30 years from now.

And, and so what we are, what we're proposing both Cloudflare and Kindle together is that with our connectivity cloud capabilities, that an organization can start to use intelligence and have more of a, an intelligent design, if you will, to how the network works with the rest of the technology environments and becomes more additive to the business.

Yes. So the connectivity cloud becomes this living, breathing place, a dynamic network, which is very agile, adaptive to whatever's going on.

So, you know, it's high performance. You know, that it's going to take you in the best way and block attacks.

So the customer can forget about how to manage all that.

They just worry about their governance. They worry about how do they bring their business agility and use the network to its maximum potential.

And the way I see our partnership working is Cloudflare bringing the technology, Kindle bringing the expertise of consulting and management and managed services where we can help the customer navigate taking their enterprise wherever they are today to the place where they want to go and creating this pathway to the future, but always with their best interest at heart of what they want to move first and prioritizing that with them and creating the journey and co-creating that future for them.

Yeah. So that's, that's the primary objective that we can allow for organizations or enable organizations to be able to solve, because this is something that organizations struggle with every single day.

I'm very excited about the, the future of what our two companies, organizations are going to be able to do together.

Thank you so much for watching.