Forward Networks – The Search and Verification Engine for your Intent-based Network

www.forwardnetworks.com

Forward Enterprise Highlights

Forward Networks’ mission is to de-risk and accelerate network operations, by increasing efficiency, reducing outages and verifying network intent. Built on a series of breakthrough algorithms, Forward Enterprise provides enhanced network visibility, policy verification and change modeling for legacy, SDN or hybrid environments.

Key Benefits

Forward Enterprise delivers: + Lower costs of managing large and

complex networks+ Reduction in human error,

misconfiguration, and unpredictedbehavior that lead to network outages

+ Increase in network agility+ Enhanced security policy verification

Deployment Options

Forward Enterprise can be deployed fully On-Premises or as a SaaS solution in the cloud.

The Complexity of Network Operations

Diverse and complex: Today’s enterprise networks contain routers, switches, firewalls and load-balancers from a variety of different vendors. Each vendor has a lineup of different hardware models, operating systems, and configuration syntax (and associated quirks). Underlying these network devices can be hundreds all the way to millions of forwarding rules governing the network behavior for business-critical applications. This results in a level of complexity well beyond what is easily manageable by even the most adept network operations team.

Many of the most frequent tasks in network operators’ workflows involve pulling together and building views of network-wide behavior across switching, routing, and security devices. This is currently done in a hop-by-hop manual fashion, which is repetitive, error-prone, time-consuming, and requires deep skill and experience. Network operators are on their own, without the help they desire to complete tasks quickly.

Inadequate Tools: The systems and tools that most enterprises use daily in such a complex environment are old and woefully inadequate (i.e. ping, traceroute, etc.). Operators have little if any visibility into how the simplest change in one of their network devices will impact the global behavior of their network.

Costly & Error Prone: Most organizations are only one device misconfiguration away from a major outage. According to Gartner Group, 80% of network outages are caused by people and process issues, while more than 50% are caused by change configuration issues. Gartner also estimates that network downtime costs organizations on average $5,600 per minute, which translates to well over $300K per hour.

A New Approach to Network Operations

Forward Networks’ mission is to de-risk and accelerate network operations, by increasing efficiency, reducing outages and verifying network intent. The Forward Platform delivers the enhanced network visibility, policy verification, and change modeling needed to meet these goals.

Forward Networks – The Search and Verification Engine for your Intent-based Network

www.forwardnetworks.com

Forward Enterprise As a software-based system, Forward Enterprise collects all of the configuration data and forwarding state residing inside devices in a running network -- including switches, routers, load balancers, and firewalls. By applying a series of breakthrough algorithms created over the course of years of academic and applied research, Forward Enterprise computes a model of all current and potential behaviors of the network devices. What this delivers to users is a mathematically accurate copy of a running network, all in software.

Forward Enterprise – The Search and Verification Engine for your Intent-Based Network

The Forward Platform consists of three main architectural components:

Forward Collector

Performs the collection of the device configuration and state (MAC, ACL, FIB tables, etc.). The collection is done over an SSH connection.

Forward Core

The core is the Forward Platform computational engine that creates an accurate model of the network. It’s where all the existing network behavior is indexed and made searchable.

Forward Dashboard

Easy-to-use, HTML5-based dashboard which provides instant access to the Forward Applications. All data and analytics in the Dashboard are made available via REST APIs.

Forward Networks – The Search and Verification Engine for your Intent-based Network

www.forwardnetworks.com

Forward Applications

Layered on top of this behavioral model of a running network, Forward Enterprise offers a series of applications:

Forward Search™ - “Google for your network”Fast, easy-to-use search over all possible network configuration, state, and behavior

Forward Verify™ - Is it doing what it should?Continuously validate connectivity and configuration correctness, and security postures

Forward Predict™ - Will this change work?Simulate the effect of proposed changes to deploy with confidence

REST API - Integrate into existing workflowAccess all network data created by the platform via REST APIs

Forward Search™

Instant search: With Forward Search, users gain Google-like search capability for the network, with instant, interactive access to all end-to-end traffic behavior. Every search result shows not just where the traffic can go, but also shows all the relevant configuration and state details that explain how that traffic gets handled.

Figure 1: Forward Search - Example of host-to-host path discovery

Forward Networks – The Search and Verification Engine for your Intent-based Network

www.forwardnetworks.com

Figure 2: Forward Search - Example of IP address search

Always-up-to-date topology: Network teams need network documentation to efficiently solve network problems. It is critical to have access to current documentation, especially when under pressure to solve a business impacting issue. Manually documenting networks of any size is a slow and error-prone process and the resulting documentation becomes instantly out-of-date. Forward Essentials provides an always up-to-date topology with link auto-discovery and editing capability. The interactive topology allows the user to dive into the details of each device’s configuration and state, quickly providing access to debugging-critical information.

Figure 3: Forward Search - Example of network topology Figure 4: Forward Search - Example of topology editing

Forward Networks – The Search and Verification Engine for your Intent-based Network

www.forwardnetworks.com

Diff capability: by “diff-ing” historical snapshots of the network, operators can determine what has changed on their network devices between two points in time, easily narrowing down the changes responsible for the network issues

Figure 5: Forward Networks - Example of Diffs

Device inventory: easy tracking of vendors, platforms and software versions for immediate insight about the network infrastructure:

Figure 6: Forward Networks - Example of device inventory

Additionally, Forward Essentials is ready to plug into existing automation workflows with its comprehensive set of REST APIs and data export capability.

Use Cases Root-cause Analysis – With instant, searchable access to network data and behavior, operators can root-cause network and security issues faster, thus improving overall efficiency and application time-to-market. + Path Search – Find where traffic can go within the network, with an easy to use query language to search and identify network paths. + Locate Devices and Behavior – Find any device on your network, including its connections. Users can locate devices with simple queries, andexamine device behavior.

Network Documentation – Forward Enterprise provides an interactive topology together with a device inventory. Network engineers no longer need to spend time updating static network diagrams that are instantly out of date the moment they are saved. + Current Topology – After a network is indexed, an interactive topology map is ready. No need to manually create and update topology

diagrams – Forward Enterprise does it automatically.+ Inventory – Comprehensive inventory of every network element and its details.

Forward Networks – The Search and Verification Engine for your Intent-based Network

www.forwardnetworks.com

Forward Verify™ With Forward Verify, network and security teams can verify whether the network has been configured and behaves exactly as it was intended. Forward Verify enables rapid automatic identification of areas where the network implementation is not meeting the desired intent, including issues such as failed connectivity, violations of security policy, and incorrect configuration, allowing operators to remediate a problem before it becomes a widespread issue across the network. Forwarding correctness is verified by validating end-to-end user- defined network policies, also known as “checks”, which need to hold true as the network evolves. If a check fails, the user can quickly understand and troubleshoot the problem using the path search and explanation capability available in the Forward dashboard.

Forward Verify also offers a library of Predefined Checks applicable to almost every network environment. These are pre-built correctness checks that, in one click, can be used to audit a network and identify silent issues ranging from routing loops, VLAN inconsistencies, MTU or duplex mismatches, to traffic black-holes. With Forward Verify, network teams finally have the freedom to unit test their network like a programmer would in a software development process. Furthermore, since these tests are applied to a software copy of the running network, they do not affect the production environment.

Figure 7: Forward Verify - Example of visual diagnosis of failed policy check

Figure 8: Forward Verify - Example of verification checks

Use CasesChange Window Validation – After a network change, Forward Verify can quickly and comprehensively test whether the network is ready for business, with full application connectivity and no broken configuration. If a change needs to be aborted, the platform can quickly verify that the network was restored to its prior connectivity + Validation of New Equipment – Faster certification cycles that shorten new technology adoption.+ Verification after OS upgrades – Instant network behavior verification post upgrade.

Continuous Auditing – During normal operation conditions, the Forward Enterprise continuous monitors for network changes that break operator intent and can yield missing or degraded application connectivity. + Audit for Compliance and Security: Set, check, and customize policies for each device in your entire network. Then determine the complianceof your network behavior to ensure uptime and secure operations.

Forward Networks – The Search and Verification Engine for your Intent-based Network

www.forwardnetworks.com

Forward Predict™ Forward Predict enables network teams to model the correctness of network changes before they are deployed to production. Configuration changes to a network are typically tested in a lab environment, which never match the scale and end-to-end behavior of a production network.

Forward Predict enables the user to “sandbox” a new version of the network model containing proposed changes, and quickly verify the effects of their change on the existing compliance and security policies defined by the user.

Forward Predict capabilities are expanding over time, and currently include ACL, NAT, and firewall rule changes.

Figure 9: Forward Predict - Example of Sandbox editing

Use Cases Predicting How Changes Affect Network Behavior – with Forward Predict, network and security teams can take the guesswork out of network change management, by predicting how changes will affect the network’s behavior.Test at Full Scale – Testing changes in lab environments that are nowhere near the scale of your production network provides limited value. With Forward Predict, you can test changes on a full-scale copy of your network to build complete confidence before deploying a change to production.

Deployment Options Forward Enterprise can be deployed fully On-Premises or as a SaaS solution in the cloud. In both cases the latest security best practices are in place to protect customer’s sensitive data.

Requirements for On-Premises Deployment System Requirements for SaaS deployment

Forward Enterprise is deployed as a Virtual Machine (VM-OVA format) for KVM and ESXi environments. The deployment requires the following resources:

• Cores: 16

• RAM: 64 GB of reserved memory. Performance mayimprove with more memory availability, but only whenindividual snapshots are large.

• Disk: 250 GB of disk. The amount of disk consumed willdepend on the number of historical snapshots to bestored, as well as the size of each one.

• A machine (virtual or physical) with at least two dedicatedcores and 4GB of RAM. Supported Operating Systems:Ubuntu Linux (14.04 and 16.04), Apple OS X (10.12), andWindows 7 (or later versions).

• The machine must be able to access thehttps://app.forwardnetworks.com/ webpage via HTTPS.

• The user must have admin privileges on the machine.

• The latest versions of Chrome or Firefox are required toaccess the Forward Enterprise UI.

Forward Networks – The Search and Verification Engine for your Intent-based Network

www.forwardnetworks.com

• SSH must be configured and working on the network devices from which the Forward Collector will collect data• The OS instance on which the Forward Collector is installed must have IP and SSH port reachability to the network devices, either

directly, or via a jump server.

Supported Vendors and Devices A10 Networks, Arista Networks, Check Point, Cisco Systems, F5 Networks, Fortinet, HPE, Juniper Networks, Palo Alto Networks, Pica8, VMware vSphere ESXi.

Please contact us at info@forwardnetworks.com for more details about supported devices and vendors.

Security for Cloud Deployments The security of customer data is our top priority. The Forward Platform never receives personally identifiable information (PII). All data sent to the cloud via the Internet is encrypted in transit using the latest industry standards.

• Data Collection: The Forward Platform only collects device configuration and state, never packet data. Specifically, the ForwardCollector gathers configuration files and dynamic state such as MAC, ARP and IP tables and automatically strips out sensitive data(such as passwords) from device configuration files before uploading to the cloud.

• Network Credentials: Network device credentials are only ever stored on the machine that runs the Forward Collector, and never storedin the cloud. These credentials can be configured to allow read-only access to the devices; the Forward Platform itself does not makeany changes to the network.

• Data Secured in Transit: The Forward Collector protects data in transit to the cloud using the industry standard HTTPS. The serversare fronted by an Amazon Elastic Load Balancer (ELB) that is configured to use the most recent and stringent ELB Security Policy.

• Data Secured at Rest: Customer data in the Forward Networks Cloud service is stored in encrypted Amazon Relational DatabaseService (RDS) instances and encrypted Amazon Elastic File Systems (EFS). All of the encryption keys are managed automaticallythrough Amazon Key Management Service (KMS) that uses Hardware Security Modules to protect the security of encryption keys andits security and quality controls have been validated and certified by several compliance schemes including ISO 27017, ISO 27018, ISO9001 and PCI DSS Level 1.

About Forward Networks

Forward Networks’ mission is to de-risk and accelerate network operations, by increasing efficiency, reducing outages and verifying network intent. Built on a series of breakthrough algorithms, the Forward Platform provides enhanced network visibility, policy verification and change modeling for legacy, SDN or hybrid environments.

Forward Networks is headquartered in Palo Alto, California, and funded by top-tier investors, including Andreessen Horowitz, DFJ, A.Capital, SV Angel, and several luminaries in the networking and systems space.

Please visit www.forwardnetworks.com to learn more or contact us at sales@forwardnetworks.com.

Network Requirements