The more networks have evolved and the more complex data center architectures have become, organizations are realizing they’ve got time bombs latent in their network, just waiting for the right set of circumstances to take down critical portions of their infrastructure. In the past, a configuration error might cause a blip in the network that went unnoticed. With today’s networks so intimately tied to business, each error can cost many millions of dollars and become front-page news.

A surprisingly simple way out of this dilemma is network verification. With this new search, analysis and certification approach, it’s possible to analyze any network today in minutes to quickly find and eradicate these potential risks.

Network operators have seen configuration errors that are as simple as a maximum transmission unit (MTU) size mismatch cause nearly catastrophic degradation at inconsistent times. Such latent errors may not appear for months, but are particularly difficult to isolate, like a needle in a haystack. Not only can these problems cause downtime and lost business, but can also lead to unidentified inefficiencies that go on for months and years, degrading performance, service quality and driving up costs. They are almost always missed in straightforward testing and lab environments.

Why do these problems persist despite the costs? Chalk it up to frequent changes, network complexity, poor documentation, inconsistencies across vendors, overloaded admins and the rush to keep up with business. But, the main culprit has to be that we’ve been taking the wrong approach to find, isolate and head off faults in the first place!

The process for network updates and change windows to align new policies and services with network behavior usually involves a great deal of testing. However, problems arise when a real-world scenario doesn’t align with our test case: did you test a connection with a ping (ICMP packet), when the connection may behave differently for normal TCP traffic? Did you test reachability but not across every alternate path? Did you test configurations box-by-box, but not consider every possible interaction of protocols, on all paths, under all packet sizes?

“Pretty Sure” may be the status quo, but it will never be good enough. “Pretty sure” has cost enterprises millions of dollars in downtime, and kept many network admins at the office over a long weekend. Instead, we want “Absolutely Sure”.

“Absolutely Sure” means taking a leap from testing basic connectivity and policies, to confirming that every behavior in the network is intended. There’s even a name for new processes that moves us towards network nirvana: ‘Verification’.

A verification system doesn’t merely test a finite number of specific scenarios. It runs a mathematical and logical analysis of the behavior of the network under all possible conditions, all device configurations, all forwarding states, and all end-to-end traffic paths – holistically. It doesn’t rely on explicit packets or a single path, but will model all packet types under all possible paths to expose latent configuration problems, unexpected routes and open vulnerabilities. In essence, network verification can assure that your network is indeed a reflection of your business and policy intent (or not!).

With a real verification platform, not only can network admins accelerate their workflows, but they can automate reports that can verify compliance to target audit requirements. If a verification system can understand network behavior, it can make that available to the network admins or application and security teams to speed up tasks for each trouble ticket, while making hours-long diagnoses a quick search away.

And perhaps the best part: Network Verification is available today. It doesn’t have to be a disruptive technology to your environment. It can also run on any existing network.

There should be no agents to install. No upgrades to the infrastructure. It’s completely nonintrusive because verification can be done away from the live network, eliminating any risk. Installation of a verification platform can take minutes, so you can start deriving benefits from day one, as soon as your topology and device configurations are collected. At Forward Networks we believe that network verification will become the single source of truth for all things networking, driving the entire network lifecycle, from design to implementation to maintenance and change windows.