Creating Network Digital Twins

June 9, 2020 by Leslie Provenzano

What is a Network Digital Twin and How Can It Be Useful?

A network digital twin is a virtual representation of a communication network which accurately models the devices, communication links, operating environment, and applications running on the network. By replicating different environments in a lab and running multiple “what if” scenarios, digital twins offer an efficient, cost-effective way to assess the system’s performance under different conditions, which may include cyber threats.

Network Digital Twins can provide multiple benefits throughout the lifecycle of the physical networks they represent, including:

  • Improved performance by adjusting network configuration based on evaluating different options
  • Benefit analysis for upgrades
  • Safe environment for cyber security testing without affecting the physical twin
  • Safe environment for operational or cyber defense training
  • Evaluation of network performance, scalability, and cyber resilience prior to the large-scale rollout of new and evolving technologies such as 5G, IoT, and V2X.

Thus, network operators can use digital twins to adapt to evolving traffic and resource demands as well as to changes in protocols and technologies. Operators and planners can safely experiment with different solutions and determine the optimal configuration for their networks.

Requirements of a Network Digital Twin

In order to provide value to network planners and operators, the network digital twin must meet the following requirements:

Fidelity: The network digital twin must capture the specific configuration, topology, traffic load, cyber threats, and dynamics of the physical network at sufficient fidelity such that the digital twin can accurately reproduce the behavior of the physical twin.

Ease of Use: Creation and maintenance of high-fidelity models can be a time-consuming and resource-intensive process.  Thus, the modeling software must provide a set of models of network components which can be easily customized and used to build digital twins for a variety of physical networks.  It should also have the ability to create a representative model of the physical network using intermediate representations of the network topology and configuration, that are preferably generated in an automated manner (e.g., by network management software) using standardized formats (e.g., Visio).

Ease of Integration: The network digital twin should be able to integrate with live software (e.g., network manager or physical component controller). This will allow the digital twin to be used to assess realistic operational scenarios.

Real-time and Faster than Real-time Execution: In order to enable the evaluation of a number of realistic “what-if” scenarios, the network digital twin should employ advanced simulation techniques which provide faster than real-time execution speeds. To provide an integrated testbed with live equipment, the network digital twin should be able to run in real time so that the live and simulated components can run in sync.

Visualization and Analysis Capability: The network digital twin should include tools to visualize network traffic so that analysts can gain an insight into network operations. It should also generate comprehensive statistics and reports which can be used to evaluate different options.

Creating Network Digital Twins Using EXata

Given the complexity of most networks, creating a faithful digital twin, which accurately represents the topology, configuration, and traffic of an existing physical network, can be challenging. SCALABLE’s emulation platform, EXata, provides several automated tools which facilitate the creation of high-fidelity digital twins of existing networks. These tools can be used to create an “initial” digital twin of a network which can then be refined or extended to suit the analyst’s needs.

  • Topology Converters: These tools import a network topology specified in a standard format and create a simulation model of the network based on the topology information. TC-Visio can import Visio files generated by SolarWinds Network Topology Mapper or created directly in Visio. TC-Nmap can import XML files created by Network Mapper (Nmap), which is a free, open source utility for network discovery and security auditing. These utilities can handle Layer 2 and Layer 3 switches, VLAN configurations, hubs, gateways, bridges, routers, servers, firewalls, and many more network objects.
  • Interfaces with Network Managers: These tools interface with commercial network managers to extract topology information and create equivalent EXata models of the networks. TC-NA is an interface to the Network Automation (formerly Hewlett-Packard Network Automation) server, which extracts device, topology, and configuration information on the network being monitored. This information is used to automatically create accurate simulation models of the network. Similarly, TC-SolarWinds extracts information on networks managed by the SolarWinds network configuration manager and creates EXata models using that information. In addition to device topology and configuration details, SolarWinds can also provide details of the characteristics of traffic flows, which can be used to accurately represent the network traffic in the simulation model.

The EXata interfaces to network managers using a common framework which can be easily extended to support other network managers. As long as a network manager supports an API to provide the information that it collects to third-party software, a new interface can be easily developed in EXata to extract relevant information from that network manager and build equivalent EXata models of the network.

  • Router Configuration Importer: This tool imports the actual configuration files used to configure physical routers from popular vendors, such as Cisco, and uses them to directly configure the corresponding routers in the simulation models.
  • Traffic Profile Importers: These tools create accurate models of real network traffic, which can be used in EXata simulations to analyze network performance. The Packet Capture (PCAP) Traffic Mapper utility converts traffic captured from a real network, with a tool such as Wireshark, into equivalent simulated application traffic. The NetFlow Importer utility also creates simulation models of real network traffic, but instead of using information from captured packets, it uses traffic flow statistics advertised in NetFlow packets.

Network digital twins created using these tools can be further refined or customized by adding additional network elements (devices and communication links), background traffic, mobility patterns, and terrain and environmental factors. EXata provides easy-to-use and configurable models for these elements. By changing one or more of these factors and/or modifying configuration parameters, different “what-if” scenarios can be easily analyzed.

Enhancing Network Digital Twins for Evaluating Cyber Resiliency

Network digital twins provide a convenient, zero-risk environment to evaluate the cyber resiliency of networks. Network digital twins created with automated and semi-automated tools can be enhanced by adding representations of hardware characteristics, such as memory capacity and CPU speed, and vulnerabilities that may be present in the software running on the devices. Automated tools can be used to scan the devices in a physical network to discover vulnerabilities. These can be mapped to abstract vulnerabilities in simulation models of the devices, which can be exploited by the EXata cyber attack models in the same manner as real cyber attacks exploit vulnerabilities in the physical network, and the effects of these attacks on network performance can be studied.

Example of a Network Digital Twin in EXata

To illustrate EXata’s network digital twin capabilities, we will use a typical military enterprise network as an example.

Network Description: Military enterprise networks typically include a worldwide network of networks which can include unclassified and classified components, afloat and ashore platforms, applications, data centers, and enterprise services. To study the impacts of changes to a typical military enterprise network, testing is required since these impacts cannot be calculated a-priori. However, the number of dynamic connections, applications, services, and data traffic makes analysis and testing labor intensive and time consuming.

Tools Used to Create the Digital Twin: We used the following utilities to minimize the manual effort needed to create network models. They have the additional benefit that updates to the network can be directly incorporated into the digital twin.

  • TC-Visio and TC-NA: The topology was recreated by importing Visio™ diagrams and data available from standard network analysis tools such as Network Automation (NA) to directly create executable models of the networks within EXata. Using these utilities, an executable model of the network could be directly created (see figure below).

Automatic Conversion of Network Representation to Executable Network Digital Twin

  • Router Configuration Importer: Router configuration files from various manufacturers were directly imported and used to automatically configure the EXata router models.
  • PCAP Traffic Mapper: Application analysis tools were used to infer traffic models from packet capture traffic, both cumulatively and by traffic type. The parametric baseline traffic models were fit to existing data and could be scaled up to represent “to be” traffic loads.

Benefits of the Network Digital Twin: Use of the network digital twin using EXata will reduce recurring costs and lead times and provide an easier way to perform analysis, testing, and optimization.

  • The automated and semi-automated interfaces support rapid creation of digital twins of physical networks. The built-in analysis tools provide measures of performance substantially beyond aggregate metrics, which can help gain deep insight into both network and application performance.
  • The framework enables testing of a large number of networks in a low-cost, lab-based setting with a small hardware footprint while reducing risk in fielding frequently changing network devices and programs.
  • The network digital twin’s ability to respond exactly like a live network can play a key role in testing cybersecurity and helping to defend the networked systems against evolving cyber threats.

For more information on EXata or on SCALABLE Network Technologies please contact us.