• Done with SDN?

Done with SDN? Tired of Dealing with Snowflake Network Complexity? Concerned about digitization and IOT scale? Change the Game with a Simple TXT String

Application
Visibility

How can you keep unambiguous visibility if the majority of traffic is encrypted?

Metadata
Driven

How can you holistically program the network like a self driving car.

Centralized
Control

How to use DNS as a cross domain application intent policy controller?

Problem Statement

Application Visibility

Today many applications operate in clear text and therefore it is possible to identify these by the use of Deep Packet Inspection (DPI) methods. Tomorrow applications communicate in a confidential way by the use of end2end encryption which renders DPI methods ineffective as a means of application identification and Application Visibility and Control. [read more]

Metadata Driven

Metadata is information about applications that describes them. Instead of guessing device by device we holistically program the network via metadata, no matter if the traffic is encrypted or not. Suddenly your network behaves like a self-driving car. [read more]

Centralized Control

The Promise of SDN had been “Decoupling Policy from Configuration” in means of Policy Intent Networking. While the industry is busy trying to agree on Cross Domain Policy (NIC, GBP, NEMO) we simply utilize the most scalable and proven controller out there which is already available across all admin domain boundaries.
The DNS infrastructure!

Control without admin access

Furthermore, customers may no longer own a network at all as everything is up in the cloud and they may just have a small network inside the data-center which needs to take control over network devices spread across the whole internet which may not be under direct administrative control of them. With the proliferation of digitization in the context of IOT and IOE with thousands to millions of devices and sensors it becomes apparent that present controller approaches cannot scale to such exceptional numbers. [read more]

What is DNS-AS?

DNS-AS leverages DNS as an Authoritative Source
to publish metadata as a key for common policy across networks
without the need for a dedicated (SDN) controller.

DNS-AS is control and data plane separation solution where we leverage the Domain Name System as an Authoritative Source to publish metadata and policy intent at large scale as a key for common policy across enterprise and worldwide distributed networks without the need for a dedicated (SDN) controller.

While the application of policies to network devices, applications and services stays local to the device, DNS-AS is able to simplify network operations at large scale without the need of steady reconfiguration of these. Not all network devices have to be capable of supporting DNS-AS which enables phased deployment.

DNS-AS-Client addresses how we enable network elements or applications to retrieve metadata from the DNS Database. We use this metadata to express policy intent and associate this metadata locally and leverage it for local policy enforcement and decision making.

DNS-AS-Proxy generates metadata in case an authoritative DNS Server is unable to provide metadata or not being considered as a trustworthy source.

The Tenets of DNS-AS - Application Visibility Application Control Metadata Driven Centralized Control

BLOG Posts

CoreDNS - Support for AVC Resource Record

I am more then happy to announce that Miek Gieben took a stab…

EFT - Early Field Test

Testing the waters? We're looking for interested early adopters…