BARCELONA, Spain — The recent acquisition of startup Deepfield gives Nokia a whole new angle on network automation and security, as Nokia officials are happily discussing while giving demos here at Mobile World Congress 2017.
Deepfield, acquired in a deal that closed Feb. 1, has spent four years sending out web spiders to map 138 billion IP addresses and counting, stuffing the information into a database called Cloud Genome.
But there’s more. By analyzing the connections and traffic it finds, the startup has figured out where the Internet’s major services live. It can identify the IP addresses that correspond to Netflix, for example, as well as the caches and content delivery networks (CDNs) being used by Netflix.
The result is the first-ever map of the “supply chain of the Internet,” built during the last four years through web-crawling spiders, says Tony Kourlas, director of product marketing for Nokia’s IP and optical business.
Now, at MWC, Nokia is displaying the service in action and starting to explain why the startup made an attractive acquisition.
Click here for SDxCentral’s full coverage of Mobile World Congress 2017.
It has to do with network automation and, in a sense, intent-based networking. The latter term refers to an architecture where the operator would tell the network a desired outcome, and the network would configure itself to make it happen.
In addition to crawling the web, Deepfield gathers network telemetry from routers. That information, correlated with Cloud Genome, creates network insights that haven’t been possible before, Kourlas says.
Sticking to the Netflix example, Deepfield can watch IP addresses to tell if a router port is passing Netflix videos — and how many, and what bandwidth it’s providing to them. That opens up a network automation angle that Nokia could apply: If an ISP’s Netflix score is dropping due to congestion, Deepfield could signal the network to divert some streams to less congested parts of the network.
Another application — the one that the startup’s founders originally wanted to tackle when they left Arbor Networks — is DDoS mitigation. A typical DDoS mitigation appliance like Arbor’s will watch for traffic surges that look like volumetric attacks, then begin shunting that traffic away from the device being attacked.
Deepfield, on the other hand, can avoid some false positives, because its map of the Internet can help it discern an attack from a legitimate surge in traffic. And if an attack is detected, or if traffic is coming from a location known to be malicious, Deepfield can instruct the network to just start ignoring that traffic, rather than deflecting it as it arrives.
“It makes DDoS [mitigation] far more precise than it was before,” Kourlas says.
Another key to Deepfield is that it manages traffic without using deep packet inspection. DPI isn’t suited to scale to cloud-titan numbers of flows, and it can’t penetrate encrypted traffic.
The next steps for Deepfield will involve merging its capabilities with Nokia’s networking portfolio, which includes switches, optical transport, and, through Nuage, network virtualization. Nokia isn’t discussing any specifics yet.
Deepfield is available as a service, but it also can run in customized form. A customer can take what’s essentially a fork of Cloud Genome that will continue to explore and discover the Internet on its own.