The Changing Toolbox of a Modern Network Engineer
By Raphael Maseko, inq. Digital Zambia
In my early years as a Network Engineer, management of devices was serious business. One needed to know the command-line syntax to set up and manage devices such as routers and firewalls. Setting up Access lists on a PIX Firewall was something only few could confidently do without having a CISCO configuration manual open on the side. Imagine the agony of managing encryption keys from a command line!
Later, Java-driven configuration tools with a graphical user interface became available to simplify the process and provide some visualisation of what was happening on these boxes. I must say that this faced a bit of resistance from the hardcore ‘command-liners’ as it was seen as cheating!
Management of multiple devices was a nightmare. If an organisation had many branches with routers, switches and firewalls, it was inevitable for the network engineer to physically visit each of the branches to ensure those correct configurations were made. Subsequently, depending on how security was initially set up, some changes could be performed remotely. Still, often, the engineer was kept busy trotting from branch to branch to change configurations or perform firmware upgrades. Unfortunately, some of these challenges are still being experienced today by most engineers.
Another challenge faced in managing network devices has been the process of dealing with the short life cycles of device models and firmware. Proprietary devices have to be refreshed when they reach end-of-life or end-of-support, a process that involves CAPEX outflows and is, understandably, frowned upon by most CFOs. The modern CFO prefers a CAPEX light model in the running of the business. A model that is based on the right of use rather than pilling of hardware is more preferable as it reduces financial pressures on businesses.
Although technology to ease branch orchestration is now available, a significant number of engineers still grapple with managing network devices in a multi-branch environment; it should not be the case!
The current architectures that organisations have to deal with may have multiple branches with different devices, connected by differently scaled connections from multiple vendors with varying availability and quality of service. Some have a combination of Internet, MPLS, local loops, etc. These may be necessary to support, among other things, Internet access, access to Disaster Recovery (DR) sites and, increasingly, access to public cloud-hosted applications. With the ‘new normal’, further pressure is coming from the need to securely connect staff who are working from home or any other conceivable location to access corporate resources. These needs call for solutions that are uncomplicated, seamless, scalable and cost-effective. Further, the management of link outages and rerouting of traffic based on levels of business priority is not something that can be managed efficiently using traditional networking toolkits.
Enter Software Defined Networks (SDN) and Network Function Virtualization (NFV).
Virtualisation is enabling network architects to design, implement, and manage network services far more efficiently than ever before. Software-defined networking (SDN) and network function virtualisation (NFV) are two of the key capabilities fostering this transformation.
SDN is a network architecture approach that enables the network to be intelligently and centrally controlled using software applications. This helps operators to manage the entire network consistently and holistically without having to touch individual devices on the network. The goal of SDN is to improve network control by enabling enterprises and service providers to respond quickly to changing business requirements. NFV decouples network functions from proprietary hardware appliances such as routers, firewalls, VPN terminators, etc., and delivers equivalent network functionality without the need for specialised hardware. These virtual network functions (VNF) run on high-performance x86 servers, thereby providing the ability to use cheaper commodity hardware instead of costly specialised solutions, and offer the distinct advantage of on-demand deployment.
Software-Defined Wide-Area-Network (SD-WAN), which is the application of SDN on Wide Area Networks, simplifies the whole process of Branch orchestration and security. It provides for ease of deployment, central device manageability and reduced costs, plus improved connectivity to branch offices and the cloud. It also provides for intelligent rerouting of traffic based on available bandwidth, latency, the priority of particular traffic, etc.
The use of NFV technology now makes it possible to use ‘black box’ hardware that can be programmed or loaded with the necessary images to perform networking functions. These blackboxes can be in the form of Universal Customer Premises Equipment (uCPEs) that are non-proprietary and can take the form of a CISCO branch router today and assume the form of a Fortinet SD-WAN endpoint next week, or both. In this way, the physical device, which is just a small-form-factor desktop or rack-mountable computer with sufficient processing power and memory, becomes adaptable to the network function needs of an organisation. Upgrades can then be conducted by remotely loading the appropriate image from the chosen vendor to replace the obsolete ones. Multiple network functions can be loaded and made active on a single uCPE to meet the needs at hand.
These continual changes in technology mean that the upskilling of engineers of today and tomorrow also need to be placed against these ever-changing trends to match the demand. Network engineers understand networking intimately and are better placed to design the most efficient platforms for SDN. This means that it becomes necessary for engineers to embrace software development skills wilfully. For some, this will mean deciding to face their programming anxieties and dislike. I personally think this is not so much of choice but an imperative action for a future relevance. I cannot help but think that similar sentiments and reluctance to adapt must have been experienced by pilots when automation and auto-pilot technologies started surfacing into the aviation sector.
In conclusion, it is safe to say that network design and management will never be the same, and neither will network engineering. It is time to re-examine the trusted skills toolkit and determine what new skills need to be added to face the future.
Raphael Maseko is the Managing Director of inq. Digital Zambia Limited