The first lecture we will talk about network functions and introduce network functions. And the lecture itself is broken down into five segments. The first segment would be on understanding what these network functions are and why do organizations need these network functions as part of the computing fabric. The next thing that we'll talk about is how these network functions are realized using middleboxes as stand-alone services. And then we will talk about the nightmare it creates for network management, with the proliferation of these middleboxes. And then we will segue into how we can move these network services as software entities that run on commodity servers. And and in the process, we'll talk about how to virtualize these functions so that they can run on a virtualized platform. So what are network functions? These are terminologies that I'm sure that all of you have heard time and again. Firewall, which is really a way by which you can filter the traffic that is coming into an organization based on predefined rules. And the rules have to be simple enough because filtering is in the critical path of the packet flow into the organization. And the second thing that you may have heard of also is, in this day and age of malware, is intrusion detection systems and intrusion prevention systems. And what they do is something more complicated than simply filtering the network traffic because they have to analyze the packet traffic to see if there is any vulnerability that is being exploited by the incoming packet traffic. And so there may be complicated patterns in the network traffic belonging to a particular attack or suspicious activity. And so usually intrusion detection works offline meaning that, not in the critical path, it is taking the packets and analyzing it more leisurely as opposed to your firewall. So network address translation is the third thing that you may have heard of, and I'm sure that every one of you have in your home a facility that allows several devices that may be within your home environment to talk to the wider area Internet. And what NAT does is an address translation, so that it can it can take this private IP addresses into public IP address space. And this is true for a home environment and that is true for an organization as well because in an organization you may have more number of computers than the number of IP addresses that are being assigned to a particular organization. And therefore, network address translation is something that is super important in an organization, and it is especially useful for small organizations, which have a limited number of public IP network presence. The next thing, which is important from an organization's point of view is what is called WAN optimizers or wide area network optimizers. And the idea is that you want to reduce the amount of bandwidth consumption that an enterprise is using on the wide area Internet. There are several techniques that are being used in order to do this WAN optimization, including caching of the incoming packets, compression of traffic traffic. And all of these are from the point of view of reducing the traffic and therefore the battery bandwidth consumption by the organization and the latency. And also eventually, it comes back to dollars and cents as well because the the reduction in the network bandwidth consumption also pays off in terms of reducing the cost of running a particular organization. Another entity that is important is load balancer. And this is in order to distribute the traffic that is coming into an organization to a pool of backend services, so that you can scale up and down, in terms of catering to the demand that is coming in from the outside world into a particular organization. And the last thing that I'll also mention is a virtual private network gateway. And this provides an abstraction of the same IP address space for networks that are physically separate, and it is pretty straightforward to think about why you need this. You know, in this day and age, employees of an organisation are accessing the corporate network through the private devices from outside or cuz they could be accessing it from home. And when you do that, you want to make sure that they have the rights and privileges for accessing information within the enterprise. And the virtual private network, what it does is it is very basically pretending as though this particular device that is coming from the outside is part of the organization's network. And this way, multiple sites can communicate over a wide area network using tunnels between the gateways. So now, let's segue into thinking about why do enterprises need these network functions. Some of this is pretty obvious from the description I've given you of some of these network functions. And by the way, the set of network functions that I described is not an exhaustive list. It's just to give you a feel for the kinds of network functions that may be necessary in an organization. There are many more network functions that that are being deployed in enterprises. But let's talk about why do enterprises need these network functions. First of all, when you think about what is the user's view of an enterprise. You and I, when we access the Internet for a particular service, maybe you wanna access eBay or Google for email or searches or Amazon to buy something, all of these are things that we do as a natural thing in our everyday life. And this is the view of an enterprise that the enterprise is something that you reach into the cloud. And there is one monolithic thing called Google that you that you access. But in fact, if you look at the internal view of an enterprise and the computing environment within the enterprise, what you have is a whole bunch of machines or clusters of machines, which are doing several different functions that are necessary in an organization. For instance, dealing with sales, marketing, inventory control, purchasing and so on and so forth. And all of these are functions that are being carried out which are internal to the enterprise. And, but of course, the employees that are accessing the services, they may be on prem or they could be coming from the outside, right? So this is something that you have to worry about. And the other thing that happens is that an enterprise may have several points of presence. For instance, if you take at Google, it may have an office in New York, it may have an office in the Bay Area, Chicago, Atlanta, and so on and so forth. And so the regional offices at several places, they could also be head offices and so on. And then of course, I already mentioned the access to these computers that are in an organization can come from mobile devices from outside the presence of these offices, and all of them have to come through the wide area Internet to access Information in a particular regional office or head office and so on and so forth. And they're all interconnected, as you can see, by a wide area network. Now, adding to this is the fact that enterprises may need to interoperate. So all of a sudden, you have one enterprise, which is Microsoft, that needs to talk to Intel because in order to make the devices that the platforms that they that they build, they need to contact Intel. And you may have heard about this terminology called supply chain, where one particular entity is not making all the things, but there is a core competency for a particular enterprise. And we rely on other enterprises to provide the other things that go into making a final product for a particular enterprise. And therefore, the enterprises need to interoperate and that is also happening through the Internet. So the wide area Internet is the vehicle through which all of these things are happening, whether it is employees within a particular organization accessing the information in the organization, either on prem or remotely, and also when you have several different points of presence, and then finally when enterprises have to talk to one another. So these are the reasons that you need network functions, and network functions give the necessary safeguards and facilitate certain things for the enterprises. What are these things? Well, I already mentioned some of the things. For instance, intrusion prevention performs inspection of packet that is coming in to identify any suspicious traffic that may be coming into an organization. Firewalls are filtering out packets based on the source and destination IPs and ports and protocols, so that you can make sure that any packet that is coming into an organization is something that is intended for the organization that is being blessed by the organization. And load balancer, I already mentioned that if you have a Google and if you're having several different users accessing your information, then you want to make sure that you can evenly distribute the incoming connections to one of the backend servers, and that is something that load balancing would do. WAN accelerator, as you mentioned before, it reduces the bandwidth consumption, the wide area network bandwidth consumption, by techniques such as data duplication and compression. And similarly, if you think about a virtual private network, it is giving you the illusion of the same network address space across multiple sites. And it also may provide ways by which we can obfuscate the data when it is going out on the wide area Internet by providing encryption for inter-site traffic and things like that. So these are the reasons why enterprises need these different network functions. And you can see that all of these network functions are generic, in the sense that they are not dealing with the core competency of a particular enterprise. It has to do with the fact that the packets that are coming into an organization or leaving an organization is using wide area Internet and they have to be in some way authenticated and analyzed in order to make sure that the right things happen. So those are the reasons why network functions are needed by enterprises.
