How can you keep unambiguous visibility if the majority of traffic is encrypted?
How can you holistically program the network like a self driving car.
How to use DNS as a cross domain application intent policy controller?
Application Visibility
Today many applications operate in clear text and therefore it is possible to identify these by the use of Deep Packet Inspection (DPI) methods. Tomorrow applications communicate in a confidential way by the use of end2end encryption which renders DPI methods ineffective as a means of application identification and Application Visibility and Control. [read more]
Metadata Driven
Metadata is information about applications that describes them. Instead of guessing device by device we holistically program the network via metadata, no matter if the traffic is encrypted or not. Suddenly your network behaves like a self-driving car. [read more]
Centralized Control
The Promise of SDN had been “Decoupling Policy from Configuration” in means of Policy Intent Networking. While the industry is busy trying to agree on Cross Domain Policy (NIC, GBP, NEMO) we simply utilize the most scalable and proven controller out there which is already available across all admin domain boundaries.
The DNS infrastructure!
Control without admin access
Furthermore, customers may no longer own a network at all as everything is up in the cloud and they may just have a small network inside the data-center which needs to take control over network devices spread across the whole internet which may not be under direct administrative control of them. With the proliferation of digitization in the context of IOT and IOE with thousands to millions of devices and sensors it becomes apparent that present controller approaches cannot scale to such exceptional numbers. [read more]
DNS-AS is control and data plane separation solution where we leverage the Domain Name System as an Authoritative Source to publish metadata and policy intent at large scale as a key for common policy across enterprise and worldwide distributed networks without the need for a dedicated (SDN) controller.
While the application of policies to network devices, applications and services stays local to the device, DNS-AS is able to simplify network operations at large scale without the need of steady reconfiguration of these. Not all network devices have to be capable of supporting DNS-AS which enables phased deployment.
DNS-AS-Client addresses how we enable network elements or applications to retrieve metadata from the DNS Database. We use this metadata to express policy intent and associate this metadata locally and leverage it for local policy enforcement and decision making.
DNS-AS-Proxy generates metadata in case an authoritative DNS Server is unable to provide metadata or not being considered as a trustworthy source.
