As technology marches on in the telecom world, we are seeing network operators changing the way they scale their networks both in capacity and degree of automation. With 5G, virtual/augmented reality, and IoT looming, the preparations always seem endless. With us today to talk about that backbone and give his perspective on the trends in new technologies, security, and regulation is Michael Wheeler, Head of NTT Com’s Global IP Network Business Unit. NTT Com operates one of the largest IP backbones by any measure, and thus sees these trends from a truly global perspective.
TR: What trends have you been seeing on your international backbone in recent years?
MW: From an IP network perspective, we’ve really been focused on achieving a major uptake in 100G network growth from our customers. We started deploying that across our backbone network about four years ago, but over the last 18 months to 2 years, we have really seen a major uptake in customers migrating from multiple 10G circuits to a much smaller number of 100 Gig circuits. That shift was a little bit delayed because of the hardware cost transition, but once the optics and the hardware pieces got in place it made sense from an economics perspective.
TR: Are you seeing the broader market moving on to the next generation of circuits at 200G, 400G, and beyond yet?
MW: We haven't seen that yet. A couple times a year we do kind of an invitation-only technical customer briefing with a small subset of customers on both coasts, and we've had some conversations about it. Inside data centers, yes, but we are not aware of anybody really doing that from an outbound network point of view. 100 Gig is definitely still the place where people are focused, from a progression point of view. We still have some of our largest customers that are still really predominately interconnected at 10 Gig, so we'll see that shift continue for another couple up to three years. That will then probably capture the bulk of the largest customers followed by a long tail of people who maybe have two or three 10G circuits in a given market who shift over and move to 100 Gig instead of to 5 or 6 10 Gigs. The economics will kind of be a catalyst for that as well.
TR: Where are you seeing the most traffic growth today globally?
MW: Regionally speaking, we've seen traffic growing very well in Latin America in percentage terms. We look at that from a couple different perspectives. Some of that is organic within Latin America but we also have quite a lot of traffic into Latin America from the US from markets that are across the border, so to speak, like Miami, New York, LA, and Dallas. As a total volume of traffic, of course, it's still quite a lot smaller than between the US or Europe or something like that. We still see pretty major growth in regards to traffic in Asia, Europe, and the US, but I wouldn't say that there's a dramatic difference between those three.
TR: How has the rise of the cloud affected NTT’s backbone network approach?
MW: It certainly has created some new opportunities. But at least at this point, from a traffic viewpoint it’s just become additional sources and destinations. Five years ago it was video that was really starting to take a major foothold in regards to volume of traffic, and subsets like gaming and some of those things have had their kind of rise as well in the last five or six years. Cloud is certainly is a major opportunity from an enterprise point of view, and we serve a portion of that segment. Also, we're not a small-to-medium enterprise type of provider outside of Japan, obviously, but we ultimately provide services to those cloud providers who are providing services to those enterprises. So we are a part of that ecosystem but we're not going to be focused on certain segments of that ecosystem.
TR: How has NTT’s approach to network security been evolving?
MW: We try to focus in on network security and how it relates to both our own network and our customers’ requirements. Before we ever offered anything from a security product point of view, we always had focused on making sure that our network was secure and that we had the infrastructure in place to address attacks and to ensure that we can kind of protect our service at a broad level. Six or seven years ago we took what we learned in doing that and deployed some additional infrastructure to offer services to our in customers. That offering grew quite a lot and in ways that we didn't originally anticipate. So a few years ago kind of took a step back looked at our product and really started to establish a set of delineated offerings, It has been a great learning experience , as every customer has a different set of requirements. For example, just think about just home security. Most houses in the United States have a door on the front of the house with a lock on it and a key required to open it. Most houses don't have armed security guards in front of their house. Somewhere between that spectrum of just locking the front door to having an armed 24 by 7 guard in front of your house is what everyone has to establish what their profile is and what their risk concern is. From a network security perspective every company has to kind of identify and establish what they think their risk profile is and what they're going to do about it.
TR: To what extent is network security today a cooperative effort? How important are your relationships with other networks and vendors in keeping data safe?
MW: Many of our customers use multiple sources for security. They may do certain things in-house, they might leverage our DDoS protection services, and they may use other third parties to help provide other needs. I think that our security offer from a network perspective is very solid and is one of the leading ones among tier one ISP providers out there. But we really do feel like it's important to provide a customer a solution that allows them to incorporate other solutions as well. We certainly have some instances of where customer was under a major DDoS attack and part of our work with them wasn't just scrubbing traffic, but was essentially having a joint set of interactions with them and with their other security vendors to work through how to address the issue and prevent it in the future. I think that's where security at least unites service providers against a common enemy. Competition doesn't necessarily go away, but I think for the most part everyone really feels compelled to try to help solve the problem for the customer and I think that's a good thing.
TR: What are the biggest security threats on the horizon for this year?
MW: I think DDoS is an ever-present problem and concern. The ability for somebody to basically go on to a website and start a DDoS attack for a 5 or 10 dollar investment is pretty silly. It certainly has reduced the level of the bit of entry. The flip side of that equation is the level of sophistication and the level of resources that exist for what I would consider a more classic large-scale DDoS and in many cases, organized-crime-related DDoS attacks are really a difficult thing to address. Volume is one thing but precision is a whole other thing. It’s not a perfect analogy, but basically you've got snipers sitting out there with these tools in place that can hit targets from thousands and thousands of miles away, much less a mile or two miles away. They can do it very effectively and that's a difficult thing to contend with. Ten years ago, most companies who were even being attacked from a DDoS perspective would just buy more bandwidth. That was kind of the easiest solution and it seemed to solve things for the most part. It is kind of an ultra-high level sophistication but in many cases now the attacks are being used as a distraction to have a company consume resources somewhere while they're being basically attacked in a different way from another angle. That's really when it becomes no longer a network security problem, it's essentially just a security problem. We haven't seen as many or as much activity around the religious or zealot type of attacks that tend to have occurred at times in the past around kind of civil disobedience or civil disruption or whatever. That's just not been as quite common as of late.
TR: How do you think emerging technologies on the horizon like 5G, AR, VR, and IoT will affect network development, whether your own or the internet as a whole?
MW: For 5G, it doesn't change much about how we deploy the network other than expanding scale and volume, which is always an underlying driver anyway. So we're always watching density, power consumption, cost and economics on the hardware side three to five years down the road, such as for 400G or Terabit Ethernet. I think from a technology point of view, services and applications in the AR and VR space is very interesting for me. The potential effect on the network, both ours and the internet at large, could be pretty massive. It could be comparable to the transition that we saw from email as the most prolific application 20 years ago to video today consuming much larger portion of overall capacity. It's not tomorrow by any means but I think it's something that five years down the road could really start to have some pretty major impact. Part of this is also a generational thing. As the Boomer generation really kind of moves deeper and deeper into retirement mode, you really have the Gen Y group and the Millennials who have grown up with technology. In the next 5-10 years the way in which children today attend college versus how I attended college is going to be dramatically different, not just distance learning but the way in which they actually do their work. As that group moves further into life, how they utilize what applications will become available to them will shape how the internet needs to support them from a bandwidth and a capabilities point of view. That's more of a 5, 10-year kind of timeline. And we don't do much business planning in that kind of timeline, but the three-year stuff around hardware and those progressions, those are more standard for us. But I think we'd again be a little bit naive if we aren't at least thinking and talking, at some level, about what we see a decade down the road.
TR: How important is greater automation to the support of those new technologies?
MW: If you're not running a fairly highly automated network at a global scale today, you're already kind of too late. We really feel like we've been on the forefront of automation. We had automated programmatic configuration of the network since the late '90s long before people were using terms like SDN and NFV. That’s not to say that it can't continue to grow and improve and expand, but we certainly feel like that's been a key part of our success for quite a while. The ‘softwarization’ of businesses that have historically been manual in nature is the only to grow in scale and support those new technologies
TR: The FCC is rolling back the net neutrality framework we have been working under for the last few years, which also addressed peering and interconnection. Do you see any impact on your backbone network?
MW: It doesn't have a ton of effect on us in the US but it didn't have a ton of effect on us before either. We're not defined within the category of the broadband internet access provider bucket of course. For peering, from our point of view it would be considered neutral or slightly positive. Our peering relationships and the interconnections we have with various peers has always been in pretty good shape, so we weren't filing any lawsuits leading up to the net neutrality that the previous FCC put in place, while other carriers had been. We have certainly paid attention to it; we met with the DOJ and we had those conversations. But we haven't been in the thick of it as it relates to some of the real fights that I think that occurred.
TR: How do you expect the implementation of GDPR over in Europe to affect network operators?
MW: We are still getting our hands around that with our legal counsel and we have a couple different groups working on it. We want make sure not just that we are in compliance but that we really understand what the effect will be on our business going. Some of the bigger questions for us relate to what actual data is protected and how is that being identified within GDPR. What are the requirements in regards to managing that data? Let's say you take a large cloud-centric customer that's corporately headquartered in the US but has interconnection with us in Europe. They obviously have their downstream customer data or at least data transacting across their network in Europe. What’s our obligation in that reality? And is there a different obligation for a product like our Layer 2 VPN pseudowire-based product. In that case, essentially, it's a private network that is utilizing public network infrastructure. Are there different implications for us as a provider as it relates to GDPR for that service versus IP Transit, or not? So there are a lot of facts that we want to make sure we don't get wrong. And part of it, quite frankly, is because the penalties are so stiff, and in general terms the EU as a group is pretty willing to pass out large penalties to companies. Ask Facebook, Google, and a few others.
TR: Thank you for talking with Telecom Ramblings!