The Internet is built around routers, yet there has been little innovation in routing itself for decades. Early networks mainly involved just packets and flows within private networks. With the rapid expansion of the Internet in the 1990s, the first round of modifications focused on improving “speeds and feeds” through specialized hardware.
The router of yesterday was not designed to handle the mobile and cloud applications that exist today because it was originally built to send packets between a series of computers, not deliver services across both private and public networks. As a result, an entire industry has emerged around routers to deliver bolt-on functionality such as firewalls and load balancers.
What’s more, controlling how packets move between endpoints and through routing devices often involves adding a new network on top of the existing network, referred to as an overlay. Overlay networks don’t address the underlying issues with networking, they compound them, which can be complex and expensive. Enabling all of these technologies to work together reliably and securely is very difficult, making the Internet as we know it complex, fragile and insecure.
The router of tomorrow needs to operate differently and more intelligently to handle today’s network demands, as well as the demands of the future, such as those for IoT and increased video traffic driven by collaboration, monitoring and virtual reality. That’s where session-based routing comes in. A software-based router that is session-oriented and deterministic can drastically simplify the network, eliminating complexity such as middleboxes and tunneling and overlay technologies, and making it possible to deliver all the end-to-end benefits enterprises need, such as native security/encryption, policy-based routing and more.
In this slideshow, 128 Technology explains the concept of session-based routing and outlines the four key reasons why session-based routers will fix the Internet.
Four Reasons to Consider Session-Based Routers
Click through for more on the concept of session-based routing and four key reasons why session-based routers will fix the Internet, as identified by 128 Technology.
What Is a Session?
What is a session and why does it make a router smarter?
A session is a two-way exchange of information and is comprised of related flows in both directions; it is a lot like a phone call. Today, almost every network involves bi-directional sessions to move packets, and nearly all of the advanced service functions that have emerged, like firewalls, load balancers, etc., are required to have an understanding of and control over network sessions.
A session-oriented router can route traffic end to end, making packet transmission fundamentally simpler and more transparent, all while offering benefits like improved security, control and agility. Using sessions enables these benefits because the software is intelligent enough to dynamically optimize how and where packets travel through the network. Session management has traditionally been done higher up on the open system interconnection (OSI) stack by the endpoints communicating with each other, and not aware of all the other sessions on the network. Layer 3 session awareness enables the router to dynamically manage all sessions going across a network in an intelligent way and provide end-to-end visibility, even across private network boundaries and network address translation (NAT) devices.
According to the World Economic Forum, cyberspace crimes will cost the global economy $445 billion in 2016. Gartner estimates that by 2020, companies worldwide are expected to spend around $170 billion on cybersecurity – a growth rate of nearly 10 percent in the next five years.
With session-based routing, enterprises can realize improved network security. Session-based routing enables a clear view into the source and the destination of packets as they travel from private to public to private networks, allowing operators to enforce security policies more easily, facilitate a path and then encrypt information along that path. This guarantees the integrity of the path and prevents “man in the middle” and “spoofing” attacks. The session-based router is also smart enough to know what data is already encrypted, which means network operators can avoid double-encrypting information to prevent fragmentation and minimize latency. It can also encrypt information that might not already be encrypted or does not meet minimum security policy criteria.
The foundation of session-based routing is built on a zero-trust model. A packet is not forwarded on a network without an explicit policy for doing so. No broadcast domains are default routes for hackers to utilize once they have compromised one machine and are looking to move onto others, and data exfiltration is stanched at its source.
Elimination of Middlebox Appliances
Middlebox technologies such as firewalls, load balancers, deep packet inspection devices and NAT devices act as bolt-on solutions that run alongside traditional routers. All are separate “boxes” – virtual or physical – that add significant cost and complexity to today’s networks. In fact, there may be more middleboxes in networks today than routers!
Software-Defined Networking (SDN), Network Function Virtualization (NFV) and Software-Defined Wide Area Networks (SD-WAN) have all emerged as potential solutions to network complexity issues. The problem with these approaches is that they virtually replicate the existing way of networking. They still rely on middleboxes (albeit virtually), or rely on existing tunneling and overlay techniques that just add yet another layer of complexity.
Having session-based routers means that intelligence can be natively built into the router and the packets themselves. The routers can understand and enforce policies (security or otherwise) and ultimately, enforce the path the data will take. Other important details can be put into the first packet of a session, enabling native functionality such as load balancing and firewalling.
Elimination of Tunneling Technologies
As networks expanded and interconnected – both inside and outside the walls of companies around the globe – the demands of business also grew. The focus became about protecting critical business processes to control the flow of packets between endpoints, for better performance, security and reliability. Enter overlay, encapsulation and tunneling techniques such as MPLS, IPsec, VxLAN, VPN and GRE.
These technologies were developed to deliver deterministic routing, network virtualization and segmentation to IP networks but ultimately act as “workarounds.” Not only are they incredibly complicated but they are also incredibly expensive. Session-based routing eliminates the need for these costly techniques because it utilizes an in-band signaling technique that recognizes the first packet of a session and controls the session based on information in that packet.
There is no application or quality of service (QoS) visibility by routers in the middle of a tunnel. For instance, if someone builds an IPsec tunnel between their enterprise and a cloud provider, the routers in the middle are blind to the traffic. When congestion occurs, packets are indiscriminately discarded. When the routing layer is session-oriented, each routing hop has visibility to the application, QoS, and security requirements, and when congestion does occur, it can dynamically and intelligently optimize the sessions.
Works with Existing Infrastructures
Organizations have invested billions of dollars in their network infrastructure over the past 25 years to power the Internet we know today. Though there is significant evidence that there are cracks in the wall, it is simply not an option to rip and replace all that has been deployed.
Session-based routers enable a much tighter alignment between the network and the applications it supports. And, because session-oriented routers are software-based, advanced, secure networking can be put anywhere and everywhere, right alongside existing routers and other infrastructures, to bring much needed intelligence throughout the network.