Nile Service Block
13min
overview the nile architecture is based on the core principles of core, environment, and context these three pillars form the foundation of the nile network design and management approach the architecture inherently is a deterministic design with built in campus zero trust augmented with the comprehensive data collection enabled by sensors, this is a self managed service and provides performance guarantees lets explore the architecture in more detail core, environment, context core when we talk about 'core' in this context we are referring to the nile service block which provides wired and wireless access infrastructure as a service designing our own hardware means we can embed physical and virtual sensors throughout the nsb in order to gather the deep intelligence required to deliver fully automated infrastructure nile's architecture is designed to ensure maximum uptime and minimize service disruptions we achieve this through built in redundancy at every layer of the nile service block nsb gateway nsb gateway is a role that is assumed by the switch that connects to the customers upstream router/firewall using ospf to dynamically manage path failover, ensuring continuous connectivity even if a hardware component fails whether a large campus with distribution switches or a remote site with only access switching, nsb gateway guarantees service resiliency access two or more nile access switches are deployed per wiring closet, coupled with a "salt & pepper" wifi deployment model where neighboring aps are connected to different switches in the wiring closet should a switch fail, wifi coverage remains unaffected, and only directly connected wired ports on that switch are impacted given that the nile access service does not have any switch or port level config, affected devices can be easily moved from the impacted access switch to a functioning as ospf ensures upstream path redundancy environment an autonomous vehicle uses a variety of sensors to monitor its surroundings, leveraging this data to make decisions and fine tune its driving similarly, nile monitors the environment where nsb is deployed, using a comparable model to automatically fine tune the service physical wi fi sensors and dedicated monitoring radios in our aps provide real time data on the wireless environment, while switches in the nsb monitor for cabling health and power fluctuations context in the nile architecture, context refers to the users and devices connected to the nsb, as well as the services and applications (external to the nsb) being consumed/delivered nile's context monitoring doesn't end with device status, monitoring user/device experience at the point of consumption is vital to our 360 degree view for example; when a wireless user establishes a connection they will be authenticated using radius once authenticated they receive an ip address via dhcp from internal systems or nile dhcp the user accesses enterprise cloud applications, requiring dns nile monitors the availability and response time of these services, building an ongoing 'pattern of life' dataset that our ai tools can use to take action if there are deviations in normal operations the same methodology is used to monitor the user experience across 3,800 automatically identifiable applications this 'outside in' approach is both unique and fundamental to the nile access service monitoring framework nile has developed a comprehensive network monitoring solution that provides a "outside in" view this system utilizes three types of sensors to gather real time data on network performance and security physical sensors these wall pluggable devices connect to the nile network via wi fi and monitor the core network infrastructure (nsb) they automatically connect to the strongest access point, similar to a mobile phone or laptop dedicated 3rd radio ap sensors integrated into all nile access points, these sensors use a dedicated radio to perform the same functions as physical sensors additionally, they are employed for wireless intrusion detection and prevention (wids/wips) these sensors connect to neighboring access points rather than themselves virtual sensors embedded in network switches, these sensors monitor customer infrastructure components such as dhcp, dns, radius, internet connectivity, and the top 10 most used applications the diagram below illustrates how these sensors collectively monitor the nsb, customer infrastructure, and applications physical and ap 3rd radio sensor monitoring capabilities conducted every minute feature details availablity the sensor probes the network every 12 seconds to ensure continuous connectivity coverage to verify adequate signal strength, the sensor collects data every minute, confirming it can receive a signal from at least one access point with a signal strength of 67 dbm or higher (5 bars) capacity the sensor gathers data every minute to verify that the expected number of access points are operational on the floor virtual sensor monitoring capabilities conducted every minute feature details dhcp pings the dhcp server every minute the admin has an option to do an on demand dhcp transaction (udp 67/68) dns dns transaction (udp 53) radius radius transaction (udp 1812) applications https transaction internet cloud connectivity transactions deterministic design within a nile service block, wi fi 6 aps with four radios are installed in salt n pepper redundancy, including an embedded sensor a physical wi fi sensor infrastructure is also installed for continuous evaluation of the service quality access switching with 5 gbps poe+ ports and redundant distribution switching with 40 gbps uplinks act as the backbone the topology and design of each nile service block is automatically generated based on the site survey and performance requirements for the install location at hand here are some of the unique capabilities of the nile service block when it comes to enabling deterministic system design across any campus or branch location no product catalogs for network elements never select skus again no dedicated hardware selection at each site blocks horizontally scale no configuration for network elements eliminating “snowflakes” no console ports or cli blocks are activated with a mobile app no configuration for physical/virtual sensors orchestrated from the cloud no configuration for network protocols dynamic per topology no configuration for traffic forwarding rules dynamic per topology no configuration for network qos automatic with dpi elimination of layer 2 no vlans, stp, trunking or stacking campus zero trust nile service block enforces l3 only isolation (see figure below) on hardened hardware for all user and device sessions eliminating l2 vlan based policy enforcement radically reduces the amount of complexity that’s involved in translating zero trust security policies within the enterprise campus and branch networks by speaking the language of the internet ip its policy management orchestration directly aligns with cloud based security solutions here are the unique capabilities of the nile service block when it comes to enabling campus zero trust security for wired and wireless connectivity tamper proof hardware with secure boot, always with the latest security patch encrypted management and control plane, each network element validating the other ”default deny” every device must be authenticated and authorized, before ip address no vlans or acls for policy enforcement, preventing lateral movement of malware each connected device is completely isolated from any other in layer 3 sessions are continuously verified with first hop security and device fingerprinting centralized encryption and external firewall enforcement protect north south flows microsegmentation within device and user groups protects east west flows comprehensive data collection data is the fuel required to start automating traditional lifecycle management, and it is the secret ingredient that extracts intelligence out of the network nile service blocks are purpose designed to help convert enterprise networks into a collection of data sets to automate its operations nile service blocks make it possible to create an integrated data model across all aspects of the enterprise network deployments in the nile services cloud this includes continuous collection of telemetry data from all types of network elements within the core of the infrastructure, environmental data from external it infrastructure components, and contextual data from users, devices, applications and associated network services here are the unique capabilities of the nile service block when it comes to enabling comprehensive data collection physical sensors and dedicated ap radio to enable continuous and on demand testing virtual sensors in every network element to augment continuous testing user and iot experience as ”sensors” to augment data collection deep instrumentation to collect metrics, events and logs from every network element wi fi air quality data across every rf link, and across sensors and aps environmental data power/voltage fluctuations, cabling issues, rf interference latency and availability data for radius, dhcp, dns network services latency and availability data for popular enterprise and internet applications nile slas nile stands apart from traditional connectivity providers with financially backed slas that guarantee network reliability and a 99 95% uptime commitment this is enabled through the availability, coverage, and capacity monitoring provided by our outside in approach our proactive monitoring allows us to alert you of potential issues before they significantly impact your users if a violation of our 99 95% sla occurs, nile provides financial credits, demonstrating our commitment to exceptional service we calculate sla compliance monthly, per building, based on the percentage of time nile meets the above thresholds