13 debts of tunnel networks


Tunnels for networking are not good. We see a real-life example taking place with the twelve Thai boys that were stuck at the end of a tunnel with a very narrow section under water preventing passage. The tunnel offered them only one way out, and the particular path was not passable. This is what happens in networks. We’re thankful for the heroic rescue of these brave boys, but networks don’t always fare as well.

You will hear others speak about how a tunnel-based virtual network is the next amazing trend in networking. In fact, an analyst recently told me tunnels are great. And they are, when used for the purpose they were intended. But, using tunnels to get aggregates of packets to go where they wouldn’t go otherwise is dangerous, and will lead to the accumulation of technical debts.

As described below, in many of these new cases, tunnels are used for aggregates of users, flows and applications. Using tunnels this way, we are taking on large amounts of technical debt and I predict there will be a day of reckoning.

1st debt: Routed as an aggregate – only one pathway to use

Secure tunnels look like a singular long-lived network flow to core routers. Routers and switches will “hash” the singular tunnel flow onto a singular path. Not knowing what else is on this path, or the current conditions over time, the tunnel performance will be tied for very long periods of time to a single path. If the pathway gets degraded, you will not have the ability to route around to better pathways.

Leave a Reply

Your email address will not be published. Required fields are marked *