In today's corporate networks there are wide deployments of common systems, each with nearly identical software. As a result, common flaws are increasing found within these 'standardised' systems.
Companies waste $15 billion per year on a global basis 'sole-sourcing' their networks to a single vendor, according to Gartner.
The research company says most organisations, when making a corporate network infrastructure investment, tend to opt for a 'safe choice' - usually the market leader - and then give this vendor carte blanche to install all backup and redundant systems throughout the enterprise.
Gartner says 'putting all your eggs in one vendor's basket' isn't the best route to take, especially if all layers of network redundancy are sourced from one vendor.
The hard way
Many times the safe choice isn't the best choice, especially if it is the only choice, says Gartner. It's a lesson many organisations learn the hard way.
Take, for example, the well-publicised Nippon Telegraph and Telephone (NTT) disaster of May last year (2007).
The Japanese service provider suffered a massive Internet outage when between 2 000 and 4 000 routers went offline for more than seven hours, impacting nearly three million customers.
Evidently 'experimentation' in the data centre caused the routing tables in these devices to overflow. Although the routers should have been able to handle the overflow, they did not, and the traffic forwarding path in the routers stopped working, resulting in the outage.
Market watchers quickly pointed to the need for better redundancy in NTT's 'homogenous' infrastructure. Some went as far as suggesting that a 'two vendor' strategy would have prevented the costly outage.
The main weakness associated with any homogenous infrastructure is that all parts of the infrastructure will show exactly the same flaws and when stressed - either accidentally or maliciously - they will fail in exactly the same way.
The concept of dissimilarity
The main weakness associated with any homogenous infrastructure is that all parts of the infrastructure will show exactly the same flaws and when stressed.
Andy Robb is CTO of Duxbury Networking.
Perhaps the answer lies in the adoption of the concept of 'dissimilarity' or system diversity.
It is a strategy designed to prevent common mode failures and vulnerabilities such as those described in the NTT catastrophe.
On a global scale, much less in South Africa, few companies have adopted the concept, the premise of which is that diverse systems are inherently stronger than homogeneous ones, since the probability of a common flaw is mitigated.
An example from the aerospace industry shows how this concept can be taken to the extreme.
The Boeing 777 airplane uses a fly-by-wire system for the flight control systems of the aircraft. The pilot moves a control lever and a computer receives this action as 'input' and actuates the control surfaces on the wings and tail plane appropriately.
Given the potential of software or hardware failures, this is a frightening proposition.
Obviously, this worried the Boeing designers too. In addition to making the flight control computer system triple redundant, Boeing introduced system diversity by specifying three completely unique computer architectures for each of the three redundant computers, including mandating the use of different microprocessors.
They also specified the use of three different software compilers from three different vendors.
Taking the concept a step further, they insisted on having three distinct 'clean room' teams implement the flight control software.
Finally, they located the equipment in physically separate locations within the aircraft and used completely independent and physically separate power distribution sources.
Lessons
What Boeing did was ensure the vulnerability of a common bug was virtually eliminated. Although extreme, there are a number of lessons that can be learned from the Boeing example.
First, mission critical systems should be implemented with a diverse set of best-in-class suppliers' equipment rather than from a single source.
By emphasising the need to choose the right device, based on its 'best-of-breed' capabilities, it is acceptable if one vendor is selected - provided that all options have been thoroughly examined.
This avoids the risk of common mode failures, and helps thwart attackers at the same time. It also helps avoid the risk of having an entire infrastructure adversely affected by the spread of a single vulnerability.
In addition, when a vulnerability is found, it reduces the impact - fewer machines need to be patched, which means the probability and pace of the patch being applied is greater.
Using different equipment from different vendors means a software or hardware vulnerability that exists in path 'A' likely won't exist in path 'B'.
This is where a vendor's commitment to standards-based interoperability adds value through certified testing that proves interoperability for Layer 2 and Layer 3 fast path recovery and link-aggregation technologies.
The lesson is: every organisation needs to have an alternative networking supplier. It's a strategy that can save an organisation the cost of downtime and the embarrassment of critical system failure.
As Gartner advocates, it's now time to exploit the strength of diversity, based on the need for multiple network suppliers and best-of-breed product selection.
* Andy Robb is CTO of Duxbury Networking.
Share