As technology advances, several trends are emerging in the application of Generative AI for networking, paving the way for more intelligent and adaptive network infrastructures. Some notable trends include Predictive Network Analytics, AI-Enhanced QOS, Network Resource Optimization, Anomaly Detection, Simulation of Realistic Network Environments, Autonomous Network Operations. RoCE (RDMA over Converged Ethernet) can address several challenges posed to networking devices in the context of Generative AI. 

This serves as the foundation for the AI fabric due its improved model training speed, optimized and reliable data movement and its compatibility with Ethernet networks. Effective monitoring of RoCE traffic becomes instrumental in maintaining seamless operations. 

Another important technique, proactive congestion management is crucial for maintaining optimal performance, reliability, and efficiency. AI workloads often involve the exchange of large datasets and real-time communication between nodes. Network congestion can lead to performance degradation, slowing down data transfers and compromising the responsiveness of AI applications. By identifying and addressing potential congestion points before they impact performance, proactive congestion management helps prevent degradation in the performance of generative AI tasks. This ensures that AI models can operate at optimal speeds, meeting the demands of real-time or near-real-time processing needs.

ONES – Crafted for SONiC based AI Fabric

In the ever-evolving realm of generative AI networks, where the need for high-performance and low-latency communication takes center stage, ONES 2.0 is set to redefine network optimization. This latest release presents a state-of-the-art solution meticulously crafted to streamline network operations. ONES seamlessly incorporates advanced features such as Priority Flow Control (PFC) counters for RoCE support, and proactive congestion management based on port and per port queue utilization details. ONES supports the collection of the metrics aiding the SONiC-Fabrics with AI across multiple vendor platforms offering excellent scalability support and powerhouses the data collection process. It also seamlessly integrates with the ONES ecosystem – orchestration, visibility, and support for third-party APIs including REST and Prometheus – offering the go-to solution for streamlined management, comprehensive monitoring, and flexible interoperability in complex network environments.

ONES Unveiling SONiC AI Fabrics & RoCE: A Visual Exploration 

ONES collects a set of valuable metrics that is instrumental in monitoring RoCE (RDMA over Converged Ethernet) as it provides insights into the flow control mechanisms and helps ensure the efficient and reliable communication of RoCE-enabled networks.  

How Does Metric Collection Empower AI Fabrics to Tackle Challenges?

• Traffic Prioritization: These metrics reveal how different types of traffic are prioritized in the network. In RoCE, where low-latency communication is crucial, the ability to prioritize traffic ensures that RDMA operations and other critical data transmissions are given precedence.
• Congestion Management: Help in monitoring and managing network congestion. RoCE networks can experience congestion, and PFC allows for the pause of non-critical traffic during congestion, preventing packet loss and ensuring the smooth operation of RDMA communication.

‍

• Quality of Service (QoS): RoCE networks often have specific QoS requirements. These metrics provide data on how well the network adheres to these QoS policies. Monitoring allows network administrators to ensure that RoCE traffic receives the necessary level of service, minimizing latency and optimizing performance.
• Identifying Bottlenecks: ONES can highlight potential bottlenecks in the network. By monitoring the pause frames and PFC counters, administrators can identify areas of congestion or network inefficiencies that may impact RoCE performance.
• Real-time Monitoring: Real-time monitoring done by ONES allows for immediate responsiveness to changes in network conditions. In RoCE environments, where rapid data transfers are common, timely identification and resolution of congestion issues contribute to maintaining low latency and high throughput.
• Performance Optimization: Understanding these metrics enables administrators to optimize the performance of RoCE networks. By analyzing the data, adjustments can be made to network configurations, traffic prioritization, or resource allocation to enhance overall RoCE performance.
• Capacity Planning: ONES metrics contribute to capacity planning by providing insights into how well the network can handle the current load and whether there is room for expansion. This is crucial for scaling RoCE networks to accommodate growing demands.

In the RoCE Traffic Topology GUI view, the flow unfolds dynamically, revealing the interconnected pathways of RDMA over Converged Ethernet (RoCE) traffic. Nodes representing devices engaged in RoCE communication are linked by lines indicating the data exchange routes. The graphical representation allows for an intuitive understanding of the network’s structure, emphasizing the direct, low-latency pathways characteristic of RoCE

In the graphical user interface (Figure 2), a visual representation unfolds, showcasing the dynamic network landscape with PFC enabled interfaces. These interfaces, depicted in the intuitive display, highlight the integration of RDMA over Converged Ethernet (RoCE) capabilities. The interfaces identified by a blue dot have the capability to transport RoCE traffic.

Figure 3 depicts various provisions facilitating RoCE support on a device. In this case, the device is handling L3 lossless traffic on queues 3 and 4 of interface number 51.

Figure 4 below in ONES depicts the distribution of RoCE traffic alongside regular traffic on the interface along with the seamless transmission of lossless data even in congested conditions, revealing the count of pause frames sent/received by the device.

‍

Queue drop counters play a pivotal role in AI Fabrics, offering crucial insights into the network’s performance and reliability. These counters specifically track instances where packets are dropped within the queuing system, providing valuable data for monitoring and optimization

Conclusion

Based on the presented GUI snapshots, it’s evident that ONES offers a captivating visual experience, showcasing intricately designed software crafted explicitly for the AI Fabric on the SONiC platform. ONES doesn’t just fulfill the requirements of contemporary networking; it also enhances user interaction through intuitive visualization and advanced features. This platform signifies an innovative approach to orchestrating and visualizing networks across multiple vendors, delivering a customized solution for addressing the intricate nature of AI Fabric on the SONiC platform.

What’s next in store for our forthcoming blog series, where we’ll extensively explore these informative topics:

• Detailed security compliance with ONES
• In-depth analysis regarding the measurement of NWSLA

To immerse yourself in SONiC firsthand, visit ONES Center. Delve into a comprehensive case study of SONiC, please check out “Maximizing Success with SONiC”.

ONES Rule Engine is an advanced feature that enhances your network management experience by providing a seamlessly integrated alert and notification system. It offers comprehensive monitoring metrics and allows you to create device and interface level rules with ease. With ONES Rule Engine, you can have tailored control over your network management. Upgrade your network management game and experience with ONES Rule Engine today!

10 Benefits of Using ONES Rule-Engine for Comprehensive Network Monitoring

• Comprehensive Monitoring
  ONES Rule-Engine takes a holistic approach to network monitoring by keeping an eye on diverse metrics such as CPU utilization, Memory utilization, PSU status, fans speed, RX/TX, and more. This breadth of coverage ensures that no aspect of your network goes unnoticed, providing a comprehensive view for proactive issue resolution.
• Device and Interface Level
  It allows the creation of rules at both device and interface levels. This fine grained rule management ensures that specific devices or interfaces can be targeted for rule application, allowing for a tailored approach to network optimization and issue handling.
• Rule Customization
  Rule-Engine understands the unique requirements of different network components. With device-level rules based on Hardware SKU, Role, and OS version, administrators can fine-tune alerts to align with the specific characteristics of their network infrastructure.

‍

• Device Inclusion & Exclusion 
  Flexibility is key in network management. The rule engine provides the capability to include or exclude devices from rules, ensuring that the rule engine caters to the specific needs of your network architecture. This feature enables a dynamic response to changes in the network environment.
• Severity-Based Alerting
  The Rule-Engine facilitates the creation of Critical and Warning severity alerts, allowing administrators to prioritize responses based on the urgency and impact of potential issues. This hierarchical alerting system ensures that critical problems are addressed promptly, minimizing downtime and optimizing network performance.
• Alert Summary for Collaborative Issue Resolution
  The system enables users to generate a comprehensive report of all alerts, facilitating effortless sharing with the team. This feature simplifies the collaborative resolution process, promoting efficient communication and knowledge transfer among team members.

‍

• Integration with Slack for real-time notifications
  ONES’ Slack integration ensures that critical alerts are delivered directly to designated channels, keeping teams informed and in sync. Additionally, weekly Slack digests provide a comprehensive overview of alerts and Zendesk ticket details, streamlining communication and collaboration.
• Zendesk Integration for Streamlined Ticketing
  The rule engine seamlessly integrates with Zendesk, automating the creation of tickets based on alerts. This integration simplifies the ticketing process, providing a centralized platform for tracking and managing network issues.
• Preventing redundant alerts leads to efficient alerting
  During the rule creation process, administrators have the capability to specify the maximum number of alerts for a particular metric on a specific device, mitigating the occurrence of redundant notifications. This feature contributes to a streamlined and efficient alerting system, enhancing the overall effectiveness of network management within the ONES 2.0 ecosystem.
• Strengthening Monitoring and Response Capabilities with detailed alert information
  Each alert is enriched with essential details, including Metric Name, Type(Critical or Warning), Triggered Time and Associated Rule Information. Alerts also includes a URL that will redirect users to associated visual representations for better understanding. In addition, device information such as IP address, role, region, SKU, serial number, NOS etc are the part of alert details. Interface specific alerts will have the related additional information like the interface name , speed , Transceiver details as shown in below image Fig 3.

‍

‍

Rule Engine coverage

• System Health
  Rules can be created to monitor system health like device’s CPU utilization, Memory utilization and CPU core temperatures and alert if those values exceed the critical or warning thresholds. ONES UI also provides the recommended thresholds for CPU and memory usage.
• Alert on Component Failures   
  Rule engine can be used to alert if a device FAN or a Power supply unit (PSU) goes faulty. ONES backend keeps continuous track of component health and triggers an alert in case of failure.
• Capacity Monitoring 
  Hardware switching is an important aspect in today’s network for high speed data transmissions. Situations can develop where the switch ASIC hardware limits are utilized and forwarding happens in software causing system instability. ONES rule engines have these monitored as well and rules can be created to notify if the ASIC IPv4 / IPv6 utilization exceeds the warning and critical levels.
• Traffic Monitoring
  Set the utilization levels for traffic links , acceptable thresholds for errors and discards and alerts will be generated for links crossing the set levels.
• Transceiver Health
  Transceiver operational values like Voltage, Temperature and Power are critical for having error free and lossless transmissions. Rule engine monitors those metrics and alerts the transceivers that are on verge of going rogue or requiring attention.
• SONiC Services Health
  In addition to all the above , alerts can be generated for any BGP neighboring going down and for monitoring synced and for container cpu utilization.

Conclusion

Embrace the power of ONES 2.0’s Rule Engine and Alerting system to elevate your network management experience. With real-time monitoring of hardware, network, components, counters and transceiver health to enhance your SONiC journey with unparalleled support and advanced alert management through Slack and Zendesk integrations.

The alerts system goes beyond Slack or Zendesk integrations and can be customized to fit any platform based on the requirements.

Stay tuned for our upcoming blog series, where we’ll dive deep into these insightful topics:

• RoCE Traffic Visibility in AI Fabric
• Detailed security compliance with ONES
• In-depth analysis regarding the measurement of NWSLA

Take a ‘test drive’ with ONES Center before SONiC Deployments with our well known vendors in hardware, platforms, ASIC and OS at your ease. Make your informed decision by testing it out with our multi-vendor, including Cisco SONiC, NVIDIA SONiC, Celestica SONiC, Marvell SONiC, Wistron SONiC, Edgecore Community SONiC, Arista SONiC, Supermicro SONiC, Enterprise SONiC, and DELL SONiC.

We’re excited to introduce ONES 2.0, a cutting-edge network operations tool that sets new standards for Visibility, Orchestration, and Support. This release represents a significant leap in our ongoing commitment to pushing the boundaries of network management capabilities and orchestration. 

Brimming with groundbreaking features, a polished user interface, improved data center orchestration through incremental configuration, upgraded NetOps APIs for seamless integration, and robust functionalities, ONES 2.0 empowers network teams to effortlessly streamline operations, delve into deeper insights, and ensure peak performance.

Get ready to embark on a journey where innovation meets excellence, as ONES 2.0 empowers your network endeavors with unparalleled sophistication and efficiency. It’s not just a tool; it’s a game-changer, designed to elevate your network experience to unprecedented levels. Welcome to ONES 2.0 !

Unlocking Data-Driven Success: 6 Key Benefits of Enhanced Telemetry

1. Data Center Interconnect Visibility

‍Enhance visibility of Data Center Interconnect topologies for Layer-2 Leaf-Spine, Rack-to-Rack Connectivity using EVPN-VXLAN and MC-LAG including control plane health and configurations.

2. Rule Engine and Alerts

‍Experience a robust Rule Engine and Alerts system integrated with Slack messaging and Zendesk ticketing. Monitor platform metrics, health, traffic bandwidth, and more. Stay proactive with customizable alerts and automatic ticketing.

3. AI-Fabric Control & Data Plane Visibility

‍Gain visibility into RoCE (RDMA over Converged Ethernet) metrics and RoCE link visibility for improved performance monitoring and visualize traffic flows on the topology page.

4. Firmware Compliance‍

Stay up-to-date with detailed firmware information for each switch, covering ONIE, BMC, BIOS, FPGA, and CPLD versions.

‍

5. Enhanced Supportability Functions

• Syslog Management: Simplify troubleshooting with a programmatic click in UI to collect the logs from devices, supported directly from the topology page.
• Console Access and Inventory Download: Seamlessly access the console of switches directly from the ONES interface, simplifying device management. Effortlessly download the inventory details of all devices for efficient asset management.

6. Network SLA: Packet Loss & Latency‍

ONES 2.0 incorporates exclusive back-end support for Network SLA, enabling users to monitor packet loss and latency between any two end-points, measured using ICMP or TCP.

How does NetOps Ready Orchestration enhance enterprise deployments?

Incremental Config‍

ONES 2.0 adds support for incremental configuration changes. You may now deploy a template to configure your fabric and progressively update VLANs/VNIs across the fabric. This agility makes your network designs more adaptable.‍

Improved NetOps API‍

The NetOps API has been improved in 2.0 to accommodate several underlay configurations, including seamless underlay and overlay configuration. This capability not only provides for a broader range of use-cases, but also handles more deployment scenarios such as L2LS, L3LS, and flexible configuration and elastic scaling of spine and leaf nodes

‍New Use Cases & Features

• L3 MC-LAG
  While L2 MC-LAG was already supported, ONES 2.0 adds L3 MC-LAG. This provides redundancy, load balancing, scalability, and easier management to meet diverse networking difficulties. Improve your network’s performance and reliability across a wide range of use scenarios.
• Layer2 Leaf-Spine (L2/L3 Mode)
  Designed to meet the escalating demands of modern data centers, the Layer2 Leaf-Spine architecture offers low-latency, high-bandwidth connectivity with redundancy and efficient traffic distribution.
• Rack-2-Rack Deployment
  A deployment scenario tailored for fabrics designed with interconnection with leaf devices exclusively, eliminating the need for spines. This streamlined configuration suits specific network architectures. 
• BGP Peering over LAG
  Enable higher bandwidth, load balancing, and redundancy with this configuration use case. Multiple physical links are aggregated into a logical bundle, known as a PortChannel, optimizing network performance.
• BGP Peering in MC-LAG Environments
  Configuring BGP peering among MC-LAG peers over the PeerLink ensures seamless operations during uplink failures, while additional interface peering expands network capabilities for optimized traffic handling and heightened resilience.
• sFlow & DHCP Relay Support
  ONES orchestration tool’s recent support for sFlow and DHCP Relay within the data center, unlock a new level of network management.
• Console Log
  ONES 2.0 provides administrators with a centralized console plane from which they can monitor network activity for various devices.This is quite useful for tracking the progress of the operation and recording logs in case of problems.

• Monitoring Configuration & Operational Status
  In our latest release, track orchestration progresses seamlessly through our intuitive GUI. Gain real-time visibility into the progress of operational validation, empowering you to monitor every stage of your network’s deployment and verification with ease.

Explore the power and versatility of ONES 2.0 for SONiC with these exciting new features and UI enhancements. Elevate your network orchestration and management to new heights!

Conclusion

In summary, ONES 2.0 represents a significant advancement in network operations and management, establishing new standards in visibility, orchestration, and support. Packed with innovative features, an enhanced user interface, and expanded capabilities, ONES 2.0 empowers network teams to streamline operations, gain profound insights, and effortlessly ensure peak performance.

What’s next in our upcoming blog series, stay tuned to know following insightful topics:

• Rule Engine, Alerts, and Notifications
• RoCE Traffic Visibility in AI Fabric
• Detailed Security Compliance with ONES
• In-depth Analysis of NWSLA Measurement

Immerse yourself in the transformative capabilities of ONES 2.0 for SONiC, and join us on a journey toward seamless network monitoring and orchestration. Unlock the ONES 2.0 experience—schedule a demo on your preferred date, and let us show you how it’s done!

ONES (Open Networking Enterprise Suite) stands as a robust network management and supportability solution explicitly designed to tackle the distinctive challenges associated with transitioning to SONiC, an open-source Networking Operating System. Our comprehensive suite serves as a multifaceted Network Orchestration, Visibility, and Assurance platform catering to the complexities of operating multi-vendor and multi-NOS Network Infrastructure.

ONES, initially conceived as a comprehensive solution tailored for the challenges of SONiC migration, has evolved significantly. With the emergence of ONES 2.0, a remarkable milestone is achieved.

Aviz ONES 2.0 release emerges as a beacon, making a significant milestone in becoming a genuine multi-vendor SONiC Deployments, operations and AI-Fabric platform.

6 Key Features that Make Aviz ONES 2.0 a Game Changer:

1. Deep Insights with Enhanced Observability:

• Advanced Topology View: Gain insights into underlay, overlay, and RoCE traffic Visibility in AI Fabric with an advanced topology view.
• Detailed Metrics: Access detailed Protocols, Health and Capacity metrics presented with time series graphs for enhanced visibility.
• Comprehensive Pages: Navigate through enriched pages for Inventory, Analytics, and Software, ensuring a holistic network view.
• Expanded Metrics: Unlock additional metrics for devices and interfaces, enhancing analytical capabilities.
• Quick Access: Swiftly connect with devices through an SSH button in the interface Down Widget.
• Firmware Insights: Gain deeper insights with a Firmware details widget embedded in the Software page.

2. Rule Engine & Integrations:

• Watcher Rules and Alerts: Implement Watcher Rules for devices and interfaces, coupled with configurable metrics.
• Collaborative Integration: Strengthen collaboration with Zendesk and Slack integrations, ensuring seamless notifications.

3. Enhanced Compliance & Device Management:

• Efficient Device Management: Streamline device management with syslog extraction, Console access, and Non-SONiC device controls.
• Firmware Focus: Access comprehensive firmware information directly in the Device details, enhancing inventory management.
• Data Handling: Export or download inventory with ease, simplifying data management.

4. Orchestration:

• YAML Configuration Templates: Simplify configuration with YAML templates supporting features like BGP, L2/L3 MC-LAG, EVPN MultiHoming, and more.
• Config Updates: Incremental updates for L2VNI/L3VNI configurations, ensuring efficiency in managing network changes.
• Backup and Restore: Enjoy enhanced backup and restore options via a user-friendly UI, ensuring network stability.

5. Network SLA:

• Performance Monitoring: Ensure optimal network performance with CLI Backend support for Packet Loss and Latency metrics.
• Endpoint Flexibility: Measure performance between any two end-points using ICMP or TCP, providing flexibility in performance monitoring.

6. Product Security:

Regular security scans, robust certificate management, user account management, RBAC implementation, LDAP integration, mutual TLS certificates.

Conclusion:

Aviz ONES 2.0 signifies a quantum leap in SONiC supportability, offering advanced monitoring, rule-based alerts, orchestrated configuration updates, and NW SLA monitoring with enhanced UI. Embrace the future of networking with Aviz ONES 2.0 – where innovation meets reliability.

Keep an eye on this space for our upcoming blog series covering these insightful topics: 

• ONES 2.0 Release features: Complete guide
• Rulengine, Alerts, and Notifications
• RoCE Traffic Visibility in AI Fabric
• Detailed security compliance with ONES
• In-depth analysis regarding the measurement of NWSLA

‍Contact us for personalized guidance and tailored solutions to optimize your SONiC experience. Our team is here to assist you in navigating the complexities, answering your queries, and exploring the best SONiC solutions suited for your unique requirements.

In today’s fast-paced digital landscape, safeguarding your enterprise is paramount. With cyber threats constantly evolving, having a robust security strategy is non-negotiable.

Securing Your Enterprise with ONES and SONiC (Software for Open Networking in the Cloud): This Comprehensive Guide Talks About

• Focus on Enterprise Product Security: Exploring essential aspects of securing enterprise products
• Fortifying ONES: Detailing how we’ve strengthened ONES for enterprise SONiC customers
• Pivotal Security Elements: Highlighting crucial security components like security scans, Certificate Authorities (CAs), user account management, Role-Based Access Control (RBAC), LDAP, and Mutual TLS (Transport Layer Security)

‍

Fortifying Your Enterprise: 8 Essential Enterprise Security Practices

• Regular Security Scans: Perform frequent security scans to identify vulnerabilities and weaknesses
• Robust Certificate Management: Establish a reliable CA infrastructure to ensure trust in digital certificates
• User Account Hygiene: Enforce strong password policies, implement MFA, and monitor user accounts for suspicious activity
• RBAC Implementation: Assign roles and access permissions based on job responsibilities, and regularly review and update them
• LDAP Integration: Centralize user and resource management with LDAP to improve security and network efficiency
• Implement Mutual TLS: Secure communication between systems and services with mutual TLS for enhanced data protection
• Streaming Telemetry and Continuous Monitoring: Start with collecting data from various sources such as logs, network traffic, and endpoint devices. Advanced analytics and machine learning are employed to identify anomalous behavior and potential security incidents‍
• Security Patches: Must-have tools in the ongoing battle against cyber threats. They are updates released by software vendors to address known vulnerabilities and weaknesses in their products

Aviz Networks commences its journey with customers right from the pre-deployment stages. Our dedicated customer success teams collaborate closely with enterprise security and audit teams to align their strategies and processes with security objectives. 

To learn more about our successful partnership with SONiC, we invite you to explore our case study: “Maximizing Success with SONiC.” Discover firsthand how Aviz Networks delivers reliable and secure solutions to empower your network infrastructure.

Let’s understand how we support multi-vendor SONiC deployments without compromising on the enterprise security requirements.

‍

‍Revolutionize Your Networking with ONES: The Open Networking Enterprise Suite

ONES is a network orchestration, visibility, and assurance solution for multi-vendor and multi-NOS operated network infrastructure. It provides a one-stop solution, right from delivering deep network visibility into your data center networks to extending 24×7 SONiC support. This solution also hosts a powerful analytics engine that assists users in identifying network issues and troubleshooting their networks, in case of common network anomalies and disruptions.

We focused on network security as the primary tenet while building ONES to cater to our enterprise SONiC customers and ensured the product adhered to all the best practices mentioned above. This blog highlights how the best practices are implemented in ONES.

‍

Streamlining Security Measures with Automated Scans

While customers perform security scans on software images, nonetheless, we have integrated and automated security scans within the CICD pipeline to ensure the integrity of software packages. 

Aviz runs security checks, installer scan, SAST/ DAST (Static/Dynamic Application Security Testing) using SynK, SonarQube, etc. to ensure the robustness of the ONES application and identify any vulnerabilities against malicious attacks and potential security risks. ‍

We adopt a CICD framework that integrates security into all phases of the software development lifecycle to reduce the risk of releasing code with security vulnerabilities.

‍

Ensuring Secure Communication with HTTPS CA Certs

ONES strongly enforces HTTPS over standard port 443 coupled with certificates signed by trusted Certificate Authority (CA). We firmly believe that HTTPS with CA certs is the sole method of safeguarding sensitive information and privacy while the data transfers between systems and services in an enterprise environment.

‍

Setting Up User Accounts and Role-Based Access Control

ONES is designed in such a way that every user has an independent ONES account and is never required to share credentials with others. However, we have also created a ‘super admin’ account that can be used for troubleshooting and recovery in case of any individual account issues, for example – a locked account or forgotten password, etc.

In addition to user accounts, ONES provides a fine-grained RBAC to restrict access to special features. It ensures that the individuals have the appropriate level of access based on their roles and responsibilities within the organization.

Ex: Critical Switch operations like reboot, ZTP can be allowed for Vendor staff.

• Super admin
• Enterprise Admin
• Enterprise Staff
• Vendor Staff

‍

Benefits of LDAP for Centralized User Authentication

LDAP simplifies user authentication and directory services in enterprise environments. It centralizes user account information, making it easier to manage access and permissions. Integrating LDAP into your security strategy enhances user management and access control while promoting scalability and efficiency. ONES application extends integrations with customer identity management solutions such as Active Directory and uses LDAP to communicate with Active Directory to authenticate users.

‍

What is Mutual TLS and How Does it Ensure Secure Communication?

ONES is designed to support Mutual TLS (Transport Layer Security), or mTLS, which is a security mechanism that ensures both parties in a communication exchange can trust each other’s identity. It’s particularly valuable for securing data transfer between systems and services in an enterprise environment. ONES utilizes gRPC infrastructure to communicate with switch agents. TLS is the primary security protocol used by gRPC to secure the communication between the client and the server. TLS provides authentication, confidentiality, and integrity of data. Authentication is achieved using digital certificates which verify the identity of the client and the server.

‍

Continuous Compliance Monitoring with ONES: Real-time Metrics and Alert Capabilities

ONES enables streaming telemetry and continuously collects metrics for software compliance such as software versions (NOS, Kernel, and ONIE software versions), EOL (End of Life) licenses, and security vulnerabilities. Also, ONES enables policies and alert capabilities to ensure that organizations remain compliant with regulatory requirements and security policies. It provides a real-time view of compliance status and helps in identifying and remedying compliance issues promptly.

‍

What Are the Benefits of Vulnerability Patching?

Security patches are essential tools in the ongoing battle against cyber threats. They are updates released by software vendors to address known vulnerabilities and weaknesses in their products. These patches are designed to bolster the security of your systems, close potential entry points for attackers, and mitigate the risk of exploitation. ONES is built using cloud-native and microservice design principles. Therefore, it allows container upgrades without impacting the data path or application downtime. It also allows updating security fixes or vulnerability patches without upgrading the whole system. Moreover, ONES continuously monitors for security vulnerabilities and leverages the CICD to timely update the patches to the system.

‍

How to Secure API Endpoints with ONES?

Securing an API with an enterprise product involves a combination of strategies, tools, and best practices. ONES implements user authentication using API tokens or JWT to ensure that only authorized users and applications can access the API. ONES is containerized and all the services are hosted behind an API gateway to rate limit API to endpoints.

‍

Conclusion: Comprehensive Approach to Enterprise Product Security

In an era of evolving cyber threats, fortifying your enterprise is not just a choice – it’s a necessity. By adopting a comprehensive approach to security, leveraging essential practices, and implementing cutting-edge technologies like ONES and SONiC, you can establish a robust defense against potential vulnerabilities.

Key Takeaways:

• Regular security scans, robust certificate management, user account management, RBAC implementation, LDAP integration, and Mutual TLS are fundamental security practices that form the bedrock of a secure enterprise environment.
• Implementing these practices ensures trust, integrity, and confidentiality in data transfer and access control.
• At Aviz Networks, we’re dedicated to support you from pre-deployment to post-deployment, ensuring alignment of strategies with your security goals.

Security Assurance:

Prioritizing security not only shields your organization but also instills trust in your customers and partners. They can rely on you to safeguard their sensitive information and maintain the integrity of your products and services. Our products adhere to best practices during the commissioning of sandbox and production deployments.

Interested in experiencing the power of ONES firsthand? We invite you to request a ONES demo. Our team is ready to connect with you and your team, providing insights and solutions tailored to your specific security requirements.

Stay Vigilant:

Remember, security is an ongoing process. Stay vigilant, regularly update your security measures, and adapt to emerging threats to ensure the ongoing safety of your enterprise.

Gartner just published their Enterprise Networking Hype Cycle for 2023. The first thing I noticed was that Gartner had replaced “Open Networking” with “SONiC” in its 2023 chart. In fact, the report firmly stated “Open networking has been replaced on the Hype Cycle with SONiC, which garners the most client interest of any open networking technology.”   

Gartner not only swapped it, but pulled the timeline from 5-10 years to 2-5 years. This in turn shows SONiC’s acceleration that open networking in general was never able to achieve.

‍Aviz Networks, being a community SONiC leader in the enterprise market, felt that it was time that Gartner sees networking as we see it. We had already predicted this shift and put our thoughts here: “open vs open source networking”.‍

In this blog, I will go over our five-point analysis based on our insights on why this shift has happened and the path forward.

‍

‍

Aviz Networks’ 5 Point Analysis

1. Open networking has become a ​​cliché 

A true open networking model promised that the networks can be open for choosing any hardware or software. The promise was to bring down the TCO (by CapEx and OpEx), increase the choices by removing lock-ins (on hardware and software), and standardize the operating system layer (by enabling standard APIs). 

In the past decade, many open networking companies (such as Cumulus) started with a portion of open networking vision where they focused on disaggregating the hardware and software while keeping the software proprietary. These companies called themselves as open networking companies, but essentially they were disaggregated NOS companies. 

While these Network Operating System (NOS) companies proved that the disaggregated model works, they failed to deliver on the entire vision of open networking because it was simply a disaggregation model, which provided partial promises of open networking.

The eventual sale of most of these NOS companies to specific vendors made it clear that while disaggregated NOS works, it is not open enough – it is not future-proof!

2. Incumbent networking vendors and public cloud competed with open networking

Open networking by definition should have been open for the entire networking ecosystem. Big incumbents who owned more than 90% share of the networking market were not a part of open networking in the past decade, as open networking meaning got reduced to just having a disaggregated proprietary NOS.

Public cloud adoption was another big trend – which was completely missed by open networking vendors. It created a void in the open networking value proposition. Only multi-cloud/hybrid-cloud startups or existing incumbent vendors were able to solve the integration problem via their end-to-end vertical integrated stack.

Open networking vendors (typically start-ups) were not able to survive long enough competing with incumbent giants. These startups were typically focused on the battle of “my BGP is better”. This wrong kind of competition resulted in spending energy on reinventing the wheel instead of real innovation and coming up with a solution that customers needed (open source based control, choices on hardware and software, public cloud enablement, and finally the TCO savings generated from both CapEx and OpEx).

3. Disaggregated NOS (under open networking label) came with a lock-in 

Disaggregated NOS companies often used the term open networking which gave customers an impression that the NOS was open source and there was no lock-in. However, that was not true.

Customers who started with their disaggregated NOS journey later figured out that while some components of the NOS were built on open source, the code itself was not open source. Further, they were slowly getting locked-in to a vertical stack that was not as mature as incumbent vendors—all of that while paying 15-20% less than proven systems from incumbent vendors.

Customers eventually also figured out that if the operating system is owned by a company that’s the worst lock-in you can get into. Time after time it’s been proven that the competition between ASIC vendors has brutally hurt the end customers. Cumulus and Bigswitch are good examples of that. While the companies consolidated, the customers lost on open networking promises and an open network became a locked network.

4. Customers got CapEx savings but OpEx spend did not change

TCO savings was one of the important selling points of disaggregation (under the umbrella of open networking) that came mainly from choosing the cheapest hardware. Customers liked the savings part and the element of choice because it gave them a way to lower their CapEx by reducing the hardware price. 

The incumbent vendors (Industry mainstream vendors) addressed this by lowering the price of their hardware. The customers with huge deployments from incumbent vendors simply used quotes from “open networking” vendors to bring down the prices of hardware. Though the incumbent vendors did not like it, they still did it—as they pushed the margins towards OpEx.

Open networking vendors did not have an OpEx savings story as the disaggregated NOS price and support were essentially OpEx. This approach of doing CapEx-based TCO savings only helped in the beginning but it did not survive for long as the OpEx piece was still not solved.

5. SONiC completes the open networking vision at the right place and time with proven examples

Microsoft had figured out the issue with the disaggregation model way back and worked on a true open networking solution, which they named SONiC. That is open networking done the right way. By the time the disaggregated NOS companies started to consolidate, SONiC was getting steam in the 2018-2019 time frame.

It had all the elements of open networking. It was open sourced and had a thriving community. It was also well supported by all networking vendors and its quality improved to deployment grade. This provided the true benefits to the customers which open networking promised. Here’s a quick summary of SONiC’s advantages:

• Choice: SONiC ecosystem enables any white box or incumbent vendor switches for customers.
• Control: This ground-breaking NOS does not belong to anyone, so there will never be a lock-in. Customers now can standardize their NetOps on top.
• Savings: SONiC not only enables customers to save on CapEx, but also on OpEx (as NOS is free and customers pay only for support).

‍

Gartner’s shifts – aligned with what customers are looking for. The path forward!

In my conversations with customers, before I start talking about SONiC, I often ask – what are the goals they are trying to achieve? Typically every networking team gives us some of these inputs on what they are looking for:

• Latest speeds & feeds and ASIC functionalities for next-generation workloads
• Future-proof networks with zero dependency on a single vendor
• Minimize budget spikes with every refresh (save on TCO in a consistent and predictable manner)
• Network open for in-house control and innovation
• Standardized NOS API layer for any NOS (proprietary or open source) with minimal spend on NetOps

While Microsoft and a few other F100 companies have demonstrated that these problems can be solved with SONiC, enterprise customers have questions about how they can do it exactly like them. Many times, we hear customers asking the following questions and looking for an objective answer or a process that is consistent and predictable:

• How can a customer get incumbent vendors like experience with SONiC?
• How can SONiC be normalized for consistent behavior across multiple vendors, while still being 100% open source?
• How to calculate precise TCO savings over the next few years in the multi-vendor environment (multi-vendor = any hardware and any NOS)?
• How to enable in-house innovation without hiring multiple engineering experts in-house? 
• How to get enterprise-grade support irrespective of a switch or ASIC vendor?
• How to integrate with other applications (be it in private or in public cloud)?

We, at Aviz Networks, are working with our partners, community and customers to accelerate SONiC adoption. Our team has developed the processes, commercial ecosystem and an entire end to end open networking stack that is truly open for any ASIC, any switch, any NOS and any cloud, while future proofing it for SONiC as the foundation.

If you have already started or are thinking about exploring the SONiC path, you can schedule a demo or contact us for a free strategy review session. Being at the forefront of this revolution, I will be happy to host a free demo/call with you and help you maximize your SONiC success while you introduce it in the mix of any other NOS in your existing environments.