Nokia is acquiring startup Deepfield, hoping to gain better insight into performance and security issues by digging through all the network telemetry that's now available.
In announcing the deal today, Nokia isn't saying much about its plans for Ann Arbor, Michigan-based Deepfield, other than to note that the startup's technology will be melded with Nokia's software-defined networking (SDN) efforts in the IP/Optical Networks business group.
Terms of the deal, expected to close in the first quarter of 2017, were not disclosed. Deepfield, founded in 2011, employs 65 and has never revealed how much funding it's raised.
Deepfield's software examines traffic flows by sifting through all the real-time data that's available from switches, routers, and other network devices. In other words, the company doesn't provide probes; its expertise lies in navigating the forest of available data.
The information gets sent to a cluster of servers, where Deepfield's software interprets the data and draws conclusions.
It's a more thorough way of finding out what's wrong. If the network is congested, for example, it might not be clear where the culprit is. The old-fashioned way of finding out would be to use the SNMP protocol to, in a sense, ask the switches and routers what's wrong.
At today's network scale, that isn't practical. At the same time, switches, routers, and probes are able to deliver plenty of real-time data—which is nice, but it's more than a human operator can absorb.
People kind of piecemeal this data together," says Manish Gulyani, a Nokia vice president of product marketing. "It's very hard to correlate where the problem is, where the network is congested, or what the data rate is of a Netflix stream."
Deepfield isn't the only company using big data to interpret network performance. Startup Jolata takes a similar approach, watching the entire network at the packet level in order to interpret what's happening to data flows. Likewise, Cisco’s Tetration, launched in June, monitors every packet in the network.
Deepfield has been applying its software mostly to the content-delivery world. Its customers have included service providers and content providers as well as the enterprises that would be on the consuming end of content.
That's part of the attraction for Nokia. The company plans to apply Deepfield, coupled with SDN, to enable automatic changes to the wide area network (WAN) and to data-center networks.
Deepfield can also be used to catch distributed denial-of-service (DDoS) attacks unfolding. In that setting, the company resembles Vectra, a security startup that amasses a real-time record of all network activity.
Tracking Cyber-SupplyPart of what's made it hard to diagnose the WAN is the tangle of service providers and networks that a data flow has to cross. Craig Labovitz, Deepfield's founder and CEO, calls this the cyber supply chain.
"If you're watching Netflix, that traffic may not be coming from servers that are owned by Netflix," he says. "People don't realize how complicated the cyber supply chain has become. The only time it makes the press is when something like Amazon [Web Services (AWS)] goes down."
Deepfield provides insight into that supply chain through a service called the Cloud Genome, a real-time snapshot of the "shape" of the Internet. Built by web crawlers, the type Google uses, the genome tracks traffic flows handled by the likes of AWS and Netflix.
Labovitz has watched the cyber supply chain grow up. He was working on the Internet backbone in 1991, the days before the World Wide Web even existed.
"When I started my career, it was easy: www.netscape.com went to a single server," he says.
Photo: Scott Webb, via Pexels.