In its most rudimentary terms, a digital twin in the realm of networking is the concept of emulating or simulating a like-for-like topology of a production environment for the purpose of testing, validation, and assurance. But as was recently pointed out to me, it shouldn’t stop there. Take a look at Google Maps – that’s a digital twin of the planet. Take a look at Google search engine – that’s a digital twin of the Internet.
Popular emulation platforms like GNS3 and EVE-NG are often used to mimic small portions of a production environment. That of course is never actually a twin, nor is it nearly at the scale and capability of the production environment. Today’s networks are complex and extend well beyond the capabilities of common emulation applications. Firewalls, SD-WAN, cloud, SSE, micro-segmentation, production state data, and significant features that are simply unsupported in emulated environments make it impossible to home grow real digital twins of your network.
When we take a step back, it really all comes down to use cases for the digital twin.
What if, like Google Maps, you could get the path of any source and destination across your entire estate? What if, like a search engine, you could find the answer to anything you need to know about your network? Enter Forward Networks.
How does Forward Networks work?
Provided either as an on-prem or SaaS solution, Forward Networks collects the full configuration and state information from all the network elements in your environment. They do this through SSH and API, depending on the platform. Using proprietary mathematical models, they create a full scale digital twin of your network, including campus, data center, and cloud, combining the real configuration and state information at a point in time. The result is truly mind blowing, with countless benefits that I can barely scratch the surface on here:
- End-to-end multi-vendor path analysis
- Compliance validation
- Root cause identification
- Firewall and ACL rule analysis
- Network inventory analysis
- Change emulation
- Failure emulation
- Fully searchable data lake of configuration and state
- So much more…
Let’s look at a few of these…
How is path searching different with Forward Networks?
Think for a moment about the complexities of a common network. Data Center overlays, maybe with EVPN/VXLAN, NSX, or ACI. Don’t forget about the underlay. Think about the WAN with SDWAN overlays and proprietary non-traditional routing policies to handle DIA and private application access. Think about multi-tenant firewalls, Layer 7 inspection. Don’t forget about multi cloud connectivity across Azure, AWS, and GCP, or extending VMware into those environments. Oh, and agent based enforcement of micro segmentation. Remote network VPNs, NATs, overlapping IP space, and all those nooks and crannies you always forget about…
Now you want to know why Dave in Florida can’t reach an app hosted in California. Despite the complexities outlined about, Forward Networks not only draws out the full path, but it can pinpoint reasons why Dave can’t access the app. From the branch, over the SDWAN, to the EVPN data center, and blocked by a firewall rule, for example.
But it doesn’t stop there. Engineers don’t want to take this through CAB and assume this is the only firewall rule that would resolve the problem. Forward let’s you bypass policies in path emulation to see if there is anything else down stream. Maybe the server’s micro segmentation agent is also blocking the traffic. Maybe there is some missing NAT statement.
This is powerful stuff.
Why would I want a search engine for my network?
Have you ever participated in an audit and had to find how many devices had a certain parameter enabled? Or how many devices were in scope based on the path of a flow? Have you ever wondered how many devices are EOL or impacted by a CVE? What about just finding exactly where some IP or MAC address was in your network? Forward provides a literal search engine for the entire network configuration and state information, and it’s something you really need to see to appreciate.
It’s not uncommon for Forward Networks customers to have dozens or hundreds of saved custom queries for collecting information about their network inventory, configuration, and state information. Although the query language isn’t too complex, it requires some skill to craft it appropriately for each use case.
Recently, Forward Networks released a GenAI front end which allows customer to provide natural language queries to the prompt and get the custom queries generated as a result, drastically reducing the barrier to entry for their search engine. Not only that, you can reverse the prompt to provide a custom query and ask the GenAI to translate into natural language so you understand want the query is intending to accomplish.
Is there anyone else in the market doing what Forward Networks can do?
In my opinion, no.
There are vendor-specific platforms offering some of the similar functionality for path tracing, but it’s not nearly as comprehensive, and falls short in the multi-vendor flows.
Netbrain is potentially a contender given their multi-vendor approach. They have a compelling solution as well. Forward is simply unique in the way they mathematically model full network state, handle complex vendor integrations, and set themselves apart with their search engine.
No customer should assume that Forward is always a home run, and I suggest that competing technologies should still be assessed. Netbrain may be more advantageous for required use cases, for example. But it would be foolish to overlook Forward Networks.
So is Forward Networks the digital twin GOAT?
If you talk to their customers, the impression I get is ‘absolutely’. Just listen to Michael Wynston, Global Director of Network Architecture and Automation for Fiserv, speak about their real world implementation of Forward Networks, and how it’s become a vital part of their operations.
I have a visceral memory of the first time I met with Forward Networks back in 2016. I had never seen a company do what they do – daunting beyond comprehension. They started as a digital twin product and have shaped the definition and use cases for digital twin over the years, unlike many others that started out with a different intent and have evolved to compete in the digital twin marketplace. I’m not affiliated, nor sponsored in any way by Forward Networks. They just have one of those remarkable technologies that brings excitement to network engineering. It can be transformative, and in my opinion, is worthwhile to consider.
I suggest you take a look at their product, watch their latest presentation at Networking Field Day 34, watch it end-to-end, and judge for yourself whether they should be title holders of the network digital twin GOAT.
