young-man-wearing-vr-glasses-with-neon-light-futu-2021-12-17-19-01-47-utc

Intent-Based Networking

by Blog

Intent Based Networking

In today's rapidly advancing technological landscape, the demand for efficient and intelligent networking solutions continues to rise. Intent-Based Networking (IBN) has emerged as a transformative approach that simplifies network management, enhances security, and enables businesses to align their network operations with their overall objectives.

Intent-Based Networking represents a paradigm shift in the way networks are designed, deployed, and managed. At its core, IBN leverages automation, artificial intelligence (AI), and machine learning (ML) to interpret high-level business policies and translate them into automated network configurations. By abstracting network complexity, IBN empowers organizations with greater control, visibility, and agility.

1. Policy Definition: IBN relies on a declarative approach, where network administrators define policies based on business intent rather than dealing with low-level configurations. This simplifies the process of managing networks and reduces human errors.

2. Real-Time Analytics: By continuously gathering and analyzing network data, IBN platforms provide actionable insights that enable proactive network optimization, troubleshooting, and security threat detection. This real-time visibility empowers IT teams to make informed decisions and respond swiftly to network events.

3. Automation and Orchestration: IBN leverages automation to dynamically adjust network configurations based on intent. It automates routine tasks, such as device provisioning, policy enforcement, and network provisioning, freeing up IT resources for more strategic initiatives.

1. Enhanced Network Security: IBN's ability to enforce policies consistently across the network enhances security by minimizing vulnerabilities and ensuring compliance. It enables organizations to swiftly identify and respond to security threats, reducing the risk of data breaches.

2. Improved Network Efficiency: IBN's automation capabilities streamline network operations, reducing manual errors and optimizing performance. Through dynamic network provisioning and configuration, organizations can adapt to changing business needs, ensuring efficient resource utilization.

3. Simplified Network Management: The abstraction of network complexity and the use of high-level policies simplify network management tasks. This reduces the learning curve for IT professionals and accelerates the deployment of new network services.

Conclusion: Intent-Based Networking represents a major leap forward in network management, offering organizations unprecedented levels of control, agility, and security. By embracing the power of automation, AI, and intent-driven policies, businesses can unlock the full potential of their networks and position themselves for future success

Matt Conran

Highlights: Intent Based Networking

Intent-Based Networking can only be understood if we understand what Intent is. Purpose makes the definition of intent easier to understand because it is a synonym. Intentions or purposes vary from person to person, department to department, and organization to organization. It is possible for an organization to provide the best in class software to schools or to provide the best phones available. The purpose of a business process can be to fulfill the described task as efficiently as possible. It is, of course, potential for a person to have multiple intentions or purposes. Generally, intent or purpose describes a goal to be achieved.

Example: Cisco DNA

As a network infrastructure built on Cisco DNA, IBN describes how to manage, operate, and enable a digital business using the network. An intent within the industry is translated into a network configuration that fulfills that intent. This is accomplished by defining the intent utilizing a set of (repetitive) steps. Cisco DNA is used to approach networks using all aspects of IBN (design principles, concepts, etc.).

The lack of Agility

Intent-based networking is not just hype; we see many intent-driven networks already with many SD WAN overlay roll-outs. It is a necessary development; from a technology standpoint, it has arrived. However, cultural acceptance will take a little longer. Organizations are looking to modernize their business processes and their networks.

Yet, traditional vertically integrated monolithic networking solutions prohibit the network from achieving agility. This is why we need intent-based networking systems. So, what is intent-based networking? Intent-based networking is where an end-user describes what the network should do, and the system automatically configures the policy. It uses declarative statements instead of imperative statements. 

Converts the What into How

You are telling the network what you want to accomplish, not precisely what to do and how to do it, i.e., tell me what you want, not how to do it, all of which gets translated behind the scenes. Essentially, intent-based networking is a piece of open networking software that takes the “what” and converts it into the “how.” The system generates the resulting configuration for design and device implementation.

The system is provided with algorithms that translate business intent into network configurations. Humans can not match the speed of algorithms, and this is key. The system is aware of the network state and can ingest real-time network status from multiple sources in a transport and protocol-agnostic way.

The Desired State

It adds the final piece of the puzzle by validating in real time that the intent is being met. The system continuously compares the actual to the desired state of the running network. If the desired state is unmet, corrective actions such as modifying a QoS policy or applying an access control list (ACL) can occur. This allows for a closer alignment between the network infrastructure and business initiatives and maintains the network’s correctness.

Related: Before you proceed, you may find the following posts helpful.

  1. Network Configuration Automation
  2. Distributed Systems Observability
  3. Reliability in Distributed Systems
  4. Container Networking
  5. Overlay Virtual Networking



Kubernetes Attack Vectors

Key Kubernetes Security Best Practice Discussion points:


  • The issues with traditional security constructs.

  • The growing hacker sophistication.

  • Recap on the Kubernetes architecture.

  • Details on the Kubernetes security best practice.

  • Security 101 for containers and Kubernetes.

Back to basics: Intent-Based Networking

Learning more about intent-based networking is essential to understanding it. An intent is a brief description of the purpose and a concrete, predetermined set of steps that must be executed to (successfully) achieve the Intent. This principle can also be applied to the operation of a network infrastructure. The Intent and its steps precisely describe what needs to be done on the network to accomplish a specific task. 

For example, the application is migrating to the cloud. In this case, the Intent or steps may include the following. First, take the existing access policy for that application from the data center policy, transform the policy into an application policy for Internet access, deploy the procedure on all perimeter firewalls, and change the routing for that application to the cloud.

Intent Based Networking

Main Intent Based Networking Components

Intent Based Networking 

  • Translates high-level business objectives into network policies and configurations

  • Automating routine network tasks, such as provisioning, configuration, and troubleshooting.

  • Continuous monitoring and verification of network behavior against the intended state

Critical Principles of Intent-Based Networking:

1. Translation: Intent-based networking automatically translates high-level business objectives into network policies and configurations. By understanding the desired intent, the network infrastructure can autonomously make the necessary adjustments to align with the organization’s goals.

2. Automation: Automation is a fundamental aspect of IBN. By automating routine network tasks, such as provisioning, configuration, and troubleshooting, network administrators can focus on strategic activities that add value to the organization. Automation also reduces the risk of human error, leading to improved network reliability and security.

3. Assurance: IBN provides continuous monitoring and verification of network behavior against the intended state. By constantly comparing the network’s current state with the desired intent, IBN can promptly identify and mitigate any configuration drift or anomalies. This proactive approach enhances network visibility, performance, and compliance.

Data Center

Intent-based Networking

Key Benefits

  • Simplified Network Management

  • Enhanced Agility and Scalability

  • Improved Network Security

  • Optimized Performance

Benefits of Intent-Based Networking:

1. Simplified Network Management: With IBN, network administrators can easily manage complex networks. By abstracting the complexity of individual devices and focusing on business intent, IBN simplifies network operations, reducing the need for manual configuration and troubleshooting.

2. Enhanced Agility and Scalability: IBN enables organizations to respond quickly to changing business requirements and effortlessly scale their networks. By automating network provisioning and configuration, IBN supports rapid deployment and seamless integration of new services and devices.

3. Improved Network Security: Security is a top concern for modern networks. IBN offers enhanced security by continuously monitoring network behavior and enforcing security policies. This proactive approach reduces the risk of security breaches and enables faster threat detection and response.

4. Optimized Performance: IBN leverages real-time analytics and machine learning to optimize network performance. By dynamically adjusting network configurations based on traffic patterns and user behavior, IBN ensures optimal performance and user experience.

Example Solution: Cisco SD-Access

The Cisco SD-Access digital network evolution transforms traditional campus LANs into intent-driven, programmable networks. Campus Fabric and DNA Center are Cisco SD-Access’ two main components. Creating and monitoring the Cisco Campus Fabric is automated and assured through the Cisco DNA Center.

Cisco Campus Fabric Architecture
In Cisco SD-Access, fabric roles and terminology differ from those in traditional three-tier hierarchical networks. To create a logical topology, Cisco SD-Access implements fabric technology using overlay networks running on a physical network (underlay network).

Underlay networks are traditional physical networks that connect LAN devices such as routers and switches. Their primary function is to provide IP connectivity for traffic to travel from one point to another. Due to the IP-based underlay, any interior gateway protocol (IGP) can be utilized.

Overlay and Underlay Networking

Fabrics are overlay networks. In the IT world, Internet Protocol Security (IPsec), Generic Routing Encapsulation (GRE), Dynamic Multipoint Virtual Private Networks (DMVPN), Multiprotocol Label Switching (MPLS), Location Identifier Separation Protocol (LISP), and others are commonly used with overlay networks to connect devices virtually. An overlay network is a logical topology that connects devices over a topology-independent physical underlay network.

MPLS forwarding
Diagram: MPLS forwarding

Forwarding and control planes are separated in overlay networks, resulting in a flexible, programmable, and scalable network. To simplify the underlay, the control plane and data plane are separated. As the control plane becomes the network’s brain, it allows faster forwarding and optimizes packets and network reliability. As an underlay for the centralized controller, Cisco SD-Access supports building a fabric using an existing network.

Underlay networks can be automated with Cisco DNA Center. As a result, it is helpful for new implementations or infrastructure growth since it eliminates the hassle of setting up the underlay. For differentiation, segmentation, and mobility, overlay networks often use alternate forwarding attributes in an additional header.

Cisco SD AccessNetworking Complexity

Networks continue to get more complex as traffic demands increase. While software-defined networking (SDN) can abstract the underlying complexities, we must consider how we orchestrate the policy and intent across multi-vendor, multi-domain elements.

To overcome complexity, you have to abstract. We have been doing this with tunneling for decades. However, different abstractions are used at the business and infrastructure resource levels.

At a business level, you need to be flexible as rules will change and must be approached differently from how the operating system comes modeling resources. We must make new architecture decisions for this, as it’s not just about configuration management and orchestrations. None of these can look at the network state, which we need to do.

For this, we need network intelligence. Networks are built and managed today using a manual approach without algorithmic validation. The manual process of networking will not be viable in the future.  Let’s face it: humans make mistakes.

There are many reasons for network outages, ranging from software bugs and hardware/power failure to security breaches. All of which comes from a lack of implementing network security. But human error is still the number one cause. We are inhibited by manual configuration. Intent-based networking eliminates this inhibition.

 

intent-based networking
Diagram: Intent-Driven Network.

 

The traditional approach to networking

In the traditional network model, there is a gap between the architect’s intent and what’s achieved. Not just for device configuration but also for achieved runtime behavior. Until now, there has not been a way to validate the original intent or to have a continuous verification mechanism.

Once you have achieved this level of assurance, you can focus on business needs and not be constrained by managing a legacy network. For example, Netflix moved its control plane to the cloud and now focuses all its time on its customer base.

We have gone halfway and spent billions of dollars on computing storage and applications, but the network still lags. The architecture and protocols have become more complex, but the management tools have not kept pace. Fortunately, now, this is beginning to change.

Software-defined networking; slow deployments

SDN shows great promise that could release networking, but deployments have been slow. Primarily down to large cloud-scale organizations with ample resources and dollars. But what can the rest of the industry do if we do not have that level of business maturity?  Intent-based networking is a natural successor to SDN, as many intent-based vendors have borrowed the same principles and common architectures.

The systems are built on the divide between the application and the network infrastructure. However, SDN operates at the network architecture level, where the control plane instructs the data plane forwarding node. Intent-based systems work higher at the application level to offer true brownfield network automation.

SDN and SD-WAN have made considerable leaps in network programmability, but intent-based networking is a further leap to zero-touch self-healing networks. For additional information on SD-WAN, including the challenges with existing WANs, such as lack of agility with BGP ( what is BGP protocol in networking ) and the core features of SD-WAN, check out this SDWAN tutorial.

Intent-Based Networking Use Case

The wide-area network (WAN) edge consists of several network infrastructure devices, including Layer 3 routers, SD-WAN appliances such as Viptela SD-WAN, and WAN optimization controllers. These devices could send diagnostic information for the intent-based system to ingest. The system can ingest from multiple sources, including a monitoring system and network telemetry.

As a result, the system can track application performance over various links. Suppose there is a performance-related problem, the policies are unmet, and application performance degrades.

In that case, the system can take action, such as rerouting the traffic over a less congested link or notifying a network team member. The intent-based system does not have to take corrective action, similar to how IDS/IPS is deployed. These devices can take disciplinary action if necessary, but many use IDS/IPS to alert.

Looking deeper on intent-based networking systems

The intent-based architecture combines machine learning (ML), cognitive computing, and deep analytics, providing enhanced levels of automation and programmability through an easy-to-use GUI. Combining these technologies allows you to move from a reactive to a proactive system.

ML, a sub-application of artificial intelligence (AI), allows intent-based systems to analyze and learn from data automatically without explicit programming. Therefore, it enables systems to understand and predict the data for autonomous behavior. Intent-based networking represents a radical new approach to network architecture and takes networking to the next level in intelligence.

It is not a technology that is going to be accepted overnight. Its adoption will be slow as, to some, a fully automated network can sound daunting, placing the faith of your business, which for many organizations is the network.

However, deploying intent-based networking systems offers a new way to build and operate networks, which increases agility, availability, and security compared to traditional networking.

Intent-based networking (IBN) is transforming the way networks are managed. By shifting the focus from device-centric configurations to intent-driven outcomes, IBN simplifies network management, enhances agility and scalability, improves security, and optimizes network performance. As organizations strive to meet the demands of the digital age, embracing this innovative approach can pave the way for a more efficient and intelligent network infrastructure.

Summary: Intent Based Networking

In today’s rapidly evolving digital landscape, traditional networking approaches often struggle to keep pace with the dynamic needs of modern organizations. This is where intent-based networking (IBN) steps in, revolutionizing how networks are designed, managed, and optimized. By leveraging automation, artificial intelligence, and machine learning, IBN empowers businesses to align their network infrastructure with their intent, enhancing efficiency, agility, and security.

Section 1: Understanding Intent-Based Networking

Intent-based networking goes beyond traditional methods by enabling businesses to articulate their desired outcomes to the network rather than manually configuring every network device. This approach allows network administrators to focus on strategic decision-making and policy creation while the underlying network infrastructure dynamically adapts to fulfill the intent.

Section 2: Key Components of Intent-Based Networking

1. Policy Definition: Intent-based networking relies on clear policies that define the network’s intended behavior. These policies can be based on business objectives, security requirements, or application-specific needs. By translating high-level business intent into actionable policies, IBN streamlines network management.

2. Automation and Orchestration: Automation lies at the heart of IBN. Network automation tools automate routine tasks like configuration, provisioning, and troubleshooting, freeing up valuable time for IT teams to focus on critical initiatives. Orchestration ensures seamless coordination and integration between various network elements.

3. Artificial Intelligence and Machine Learning: IBN leverages AI and ML technologies to continuously monitor, analyze, and optimize network performance. These intelligent systems can detect anomalies, predict potential issues, and self-heal network problems in real time, enhancing network reliability and uptime.

Section 3: Benefits of Intent-Based Networking

1. Enhanced Network Agility: IBN enables organizations to quickly adapt to changing business requirements and market dynamics. By abstracting the complexity of network configurations, businesses can scale their networks, deploy new services, and implement changes with ease and speed.

2. Improved Security and Compliance: Intent-based networking incorporates security policies directly into network design and management. By automating security measures and continuously monitoring network behavior, IBN helps identify and respond to threats promptly, reducing the risk of data breaches and ensuring compliance with industry regulations.

3. Optimal Resource Utilization: IBN helps organizations optimize resource allocation across the network through AI-driven insights and analytics. By dynamically adjusting network resources based on real-time demands, businesses can ensure optimal performance, minimize latency, and reduce operational costs.

Conclusion:

Intent-based networking represents a paradigm shift in network management, offering a holistic approach to meet the ever-evolving demands of modern businesses. By aligning network behavior with business intent, automating configuration and management tasks, and leveraging AI-driven insights, IBN empowers organizations to unlock new levels of agility, security, and efficiency in their network infrastructure.

with safety.3D rendering

Brownfield Network Automation

by Blog

Brownfield Network Automation

In today's rapidly advancing technological landscape, the efficient management and automation of networks has become crucial for businesses to thrive. While greenfield networks are often designed with automation in mind, brownfield networks present a unique set of challenges. In this blog post, we will explore the world of brownfield network automation, its benefits, implementation strategies, and the future it holds.

Brownfield networks refer to existing networks that have been established over time, typically with a mix of legacy and modern infrastructure. These networks often lack the built-in automation capabilities of newer networks, making the implementation of automation a complex endeavor.

Automating brownfield networks brings forth numerous advantages. Firstly, it enhances operational efficiency by reducing manual interventions and human errors. Secondly, it enables faster troubleshooting and improves network reliability. Additionally, automation allows for better scalability and prepares networks for future advancements.

Implementing automation in brownfield networks requires a systematic approach. Firstly, a comprehensive network assessment should be conducted to identify existing infrastructure, equipment, and protocols. Next, a phased approach can be taken, starting with low-risk areas and gradually expanding automation to critical components. It is crucial to ensure seamless integration with existing systems and thorough testing before deployment.

Automation in brownfield networks can face challenges such as outdated equipment, incompatible protocols, and lack of standardized documentation. To overcome these obstacles, a combination of hardware and software upgrades, protocol conversions, and meticulous planning is essential. Collaboration among network engineers, IT teams, and vendors is also crucial to address these challenges effectively.

As technologies like Software-Defined Networking (SDN) and Network Function Virtualization (NFV) continue to evolve, brownfield network automation is poised for significant advancements. The integration of artificial intelligence and machine learning will further streamline network operations, predictive maintenance, and intelligent decision-making.

Conclusion: In conclusion, brownfield network automation opens up a world of possibilities for businesses seeking to optimize their existing networks. Despite the challenges, the benefits are substantial, ranging from increased efficiency and reliability to future-proofing the infrastructure. By embracing automation, organizations can unlock the full potential of their brownfield networks and stay ahead in the ever-evolving digital landscape.

Matt Conran

Highlights: Brownfield Network Automation

Role of automation

As a result, network devices are still configured like snowflakes (having many one-off, nonstandard configurations), and network engineers take pride in solving transport and application problems by making one-time network changes that ultimately make the network harder to maintain, manage, and automate.

Automation and management of network infrastructure should not be treated as add-ons or secondary projects. Budgeting for personnel and tools is crucial. It is common for tooling to be cut first during budget shortages.

Deterministic outcomes

An enterprise organization’s change review meeting examines upcoming network changes, their impacts on external systems, and rollback plans. Typing the wrong command can have catastrophic consequences in a world where humans use the CLI. Many different teams can work together, whether they are three-person teams, four-person teams, or fifty-person teams. Every engineer can implement that upcoming change differently. A CLI and GUI do not eliminate or reduce the possibility of error during a change control window.

The executive team will be able to achieve deterministic outcomes by automating the network, which increases the chances that the task will be completed correctly the first time by making changes manually rather than automating the network. Changing VLANs to onboard a new customer may be necessary, which requires several network changes.

The Traditional CLI

Software companies that build automation for network components have an assumption that traditional management platforms don’t apply to what is considered to be the modern network. Networks are complex and contain many moving parts and ways to be configured. So, what does it mean to automate the contemporary network when considering brownfield network automation? Innovation in this area has been lacking for so long until now with ansible automation.

If you have multi-vendor equipment and can’t connect to all those devices, breaking into the automation space is complex, and the command line interface (CLI) will live a long life. This has been a natural barrier to entry for innovation in the automation domain.

Automation with Ansible

But now we have the Ansible architecture using Ansible variables, NETCONF, and many other standard modeling structures that allow automation vendors to communicate to all types of networks, such as brownfield networks, greenfield networks, multi-vendor networks, etc. These data modeling tools and techniques enable an agnostic programmable viewpoint into the network.

The network elements still need to move to a NETCONF-type infrastructure, but we see all major vendors, such as Cisco, moving in this direction. Moving off the CLI and building programmable interfaces is a massive move for network programmability and open networking.

For pre-information, visit the following.

  1. Network Configuration Automation
  2. CASB Tools
  3. Blockchain-Based Applications

Back to basics with Brownfield Network Automation

Network devices have massive static and transient data buried inside, and using open-source tools or building your own gets you access to this data. Examples of this type of data include active entries in the BGP table, OSPF adjacencies, active neighbors, interface statistics, specific counters and resets, and even counters from application-specific integrated circuits (ASICs) themselves on newer platforms. So, how do we get the best of this data, and how can automation help you here?

  • A key point: Ansible Tower

To operationalize your environment and drive automation to production, you need everything centrally managed and better role-based access. For this, you could use Ansible Tower, which has several Ansible features, such as scheduling, job templates, and a project, that help you safely enable automation in the enterprise at scale.

Ansible Red Hat

Challenges of Brownfield Automation:

Implementing network automation in a brownfield environment poses unique challenges. Legacy systems, diverse hardware, and complex configurations often hinder the seamless integration of automation tools. Additionally, inadequate documentation and a lack of standardized processes can make it challenging to streamline the automation process. However, with careful planning and a systematic approach, these challenges can be overcome, leading to significant improvements in network efficiency.

Benefits of Brownfield Network Automation:

1. Enhanced Efficiency: Brownfield Network Automation enables organizations to automate repetitive manual tasks, reducing the risk of human errors and increasing operational efficiency. Network engineers can focus on more strategic initiatives by eliminating the need for manual configuration changes.

2. Improved Agility: Automating an existing network allows businesses to respond quickly to changing requirements. With automation, network changes can be made swiftly, enabling organizations to adapt to evolving business needs and market demands.

3. Cost Savings: By automating existing networks, organizations can optimize resource utilization, reduce downtime, and improve troubleshooting capabilities. This leads to substantial cost savings regarding operational expenses and increased return on investment.

4. Seamless Integration: Brownfield Network Automation allows for integrating new technologies and services with existing network infrastructure. Businesses can seamlessly introduce new applications, services, and security measures by leveraging automation without disrupting existing operations.

5. Enhanced Network Security: Automation enables consistent enforcement of security policies, ensuring compliance and reducing the risk of human error. By automating security configurations, organizations can strengthen their network defenses and safeguard critical data.

Best Practices for Brownfield Network Automation:

1. Comprehensive Network Assessment: Conduct a thorough assessment of the existing network infrastructure, identifying areas that can benefit from automation and potential obstacles.

2. Standardization and Documentation: Establish standardized processes and documentation to ensure consistency across the network. This helps in streamlining the automation process and simplifying troubleshooting.

3. Gradual Implementation: Adopt a phased approach to brownfield automation, starting with low-risk tasks and gradually expanding to more critical areas. This minimizes disruption and allows for easy troubleshooting.

4. Collaboration and Training: Foster collaboration between network engineers and automation specialists. Training the network team on automation tools and techniques is crucial to ensure successful implementation and ongoing maintenance.

5. Continuous Monitoring and Optimization: Regularly monitor and fine-tune automated processes to optimize network performance. This includes identifying and addressing any bottlenecks or issues

Brownfield Network Automation; DevOps Tools

Generally, you have to use DevOps tools, orchestrators, and controllers to do the jobs you have always done yourself. However, customers are struggling with the adoption of these tools. How do I do the jobs I used to do on the network with these new tools? That’s basically what some software companies are focused on. From a technical perspective, some vendors don’t talk to network elements directly.

This is because you could have over 15 tools touching the network, and part of the problem is that everyone is talking to the network with their CLI. As a result, inventory is out of date, network errors are common, and CMD is entirely off, so the ability to automate is restricted based on all these prebuilt silo legacy applications. For automation to work, a limited number of elements should be talking to the network. With the advent of controllers and orchestrators, we will see a market transition.

DevOps vs. Traditional

If you look back, when we went from time-division multiplexing (TDM) to Internet Protocol (IP) address, the belief is that network automation will eventually have the same impact. The ability to go from non-programmability to programmability will represent the most significant shift we will see in the networking domain.

Occasionally, architects design something complicated when it can be done in a less complicated manner with a more straightforward handover. The architectural approach is never modeled or in a database. The design process is uncontrolled, yet the network is an essential centerpiece.

There is a significant use case for automating and controlling the design process. Automation is an actual use case that needs to be filled, and vendors have approached this in various ways. It’s not a fuzzy buzzword coming out of Silicon Valley. Intent-based networking? I’m sometimes falling victim to this myself. Is intent-based networking a new concept?

OpenDaylight (ODL)

I spoke to one vendor building an intent-based API on top of OpenDaylight (ODL). An intent-based interface has existed for five years, so it’s not a new concept to some. However, there are some core requirements for this to work: It has to be federated, programmable, and modeled.

Some have hijacked intent-based to a very restricted definition, and an intent-based network has to consist of highly complex mathematical algorithms. Depending on who you talk to, these mathematical algorithms are potentially secondary for intent-based networking.

OpenDaylight (ODL)

Diagram: OpenDaylight (ODL): Network Automation.

One example of an architectural automation design is connecting to the northbound interface like Ansible. These act as trustworthy sources for the components under their management. You can then federate the application programming interface (API) and speak NETCONF, JSON, and YAML types. This information is then federated into a centralized platform that can provide a single set of APIs into the IT infrastructure.

So if you are using ServiceNow, you can request a through a catalog task. That task will then be patched down into the different subsystems that tie together that service management or device configuration. It’s a combination of API federation data modeling and performing automation.

The number one competitor of these automation companies is users who still want to use the CLI or vendors offering an adapter into a system. Yet these are built on the foundation of CLIs. These adapters can call a representational state transfer (REST) interface but can’t federate it.

This will eventually break. You need to make an API call to the subsystem in real time. As networking becomes increasingly dynamic and programmable, federated API is a suitable automation solution.

Brownfield Automation

Brownfield Network Automation offers a powerful opportunity for organizations to unlock the full potential of existing network infrastructure. By embracing automation, businesses can enhance operational efficiency, improve agility, and achieve cost savings. While challenges may exist, implementing best practices and taking a systematic approach can pave the way for a successful brownfield automation journey. Embrace the power of automation and revolutionize your network for a brighter future.

Summary: Brownfield Network Automation

In the ever-evolving world of technology, network automation has emerged as a game-changer, revolutionizing the way organizations manage and optimize their networks. While greenfield networks have been quick to adopt automation, brownfield networks present unique challenges with their existing infrastructure and complexities. This blog post explored the importance of brownfield network automation, its benefits, and practical strategies for successful implementation.

Understanding Brownfield Networks

Brownfield networks refer to existing network infrastructures that have been operating for some time. These networks often comprise a mix of legacy systems, diverse hardware and software vendors, and complex configurations. Unlike greenfield networks, which start from scratch, brownfield networks require a thoughtful approach to automation that considers their specific characteristics and limitations.

The Benefits of Brownfield Network Automation

Automating brownfield networks brings a plethora of benefits to organizations. Firstly, it enhances operational efficiency by reducing manual tasks, minimizing human errors, and streamlining network configurations. Automation also enables faster deployment of network services and facilitates scalability, allowing businesses to adapt swiftly to changing demands. Moreover, it improves network reliability and security by enforcing consistent configurations and proactively detecting and mitigating potential vulnerabilities.

Strategies for Successful Brownfield Network Automation

Successfully automating brownfield networks requires a well-planned approach. Here are some key strategies to consider:

1. Comprehensive Network Assessment: Begin by conducting a thorough assessment of the existing network infrastructure, identifying potential bottlenecks, legacy systems, and areas for improvement.

2. Define Clear Objectives: Establish specific automation goals and define key performance indicators (KPIs) to measure the effectiveness of the automation efforts. This clarity will guide the automation process and ensure alignment with business objectives.

3. Prioritize and Start Small: Identify critical network functions or processes that can benefit the most from automation. Start with smaller projects to build confidence, gain experience, and demonstrate the value of automation to stakeholders.

4. Choose the Right Automation Tools: Select automation tools compatible with the existing network infrastructure and provide the required functionality. Integration capabilities, ease of use, and vendor support should be key factors in the selection process.

5. Collaboration and Training: Foster collaboration between network operations and IT teams to ensure a smooth transition towards automation. Provide comprehensive training to enhance the skills of network engineers and equip them with the knowledge needed to manage and maintain automated processes effectively.

Conclusion:

In conclusion, brownfield network automation holds immense potential for organizations seeking to optimize their network infrastructure. By understanding the unique challenges of brownfield networks, recognizing the benefits of automation, and implementing the right strategies, businesses can unlock improved operational efficiency, enhanced reliability, and increased agility. Embracing automation is not just a trend but a crucial step towards achieving a future-ready network infrastructure.

Tech Brief Video Series – Enterprise Networking

by Blog

Hello,

I have created an “Enterprise Networking Tech Brief” Series. Kindly click on the link to view the video. I’m trying out a few videos styles.

Enterprise Networking A –  LISP Components & DEMO – > https://youtu.be/PBYvIhxwrSc

Enterprise Networking B – SD-Access & Intent-based networking – > https://youtu.be/WKoGSBw5_tc

” In campus networking, there are a number of different trends that are impacting the way networks will be built in the future. Mobility, pretty much every user that is getting onto the campus is a mobile device. It used to be only company-owned devices, nows it is about BYOD and wearables. It is believed that the average user will bring about 2.7 devices to the workplace – a watch, and intelligent wearables. This aspect access to printers or collaboration systems. They also expect the same type of access to cloud workloads and application workloads in private DC. 

All this to be seamless across all devices. Iot – the corporate IoT within a campus network-connected light, card readers, all the things you would like to find in an office building. How do you make sure these cannot compromise your networks. Every attack we have seen in 12 – 19 has involved an insecure IoT device that is not managed or produced by I.T., In some cases, this IoT Device has access to the Internet, and the company network cause issues with malware and hacks. The source from Matt Conran Network World

Enterprise Networking CHands-on configuration for LISP introduction – > https://youtu.be/T1AZKK5p9PY

Enterprise Networking DIntroducing load balancing – > https://youtu.be/znhdUOFzEoM

” Load balancers operate at different Open Systems Interconnection ( OSI ) Layers from one data center to another; common operation is between Layer 4 and Layer 7. This is because each data centers hosts-unique applications with different requirements. Every application is unique with respect to the number of sockets, TCP connections ( short-lived or long-lived ), idle time-out, and activities in each session in terms of packets per second. One of the most important elements of designing a load-balancing solution is to understand fully the application structure and protocols”

Enterprise Networking E –  Hand-on configuration for LISP Debugging – > https://youtu.be/h7axIhyu1Bs

Enterprise Networking FTypes of load balancing – > https://youtu.be/ThCX03JYoL8

“Application-Level Load Balancing: Load balancing is implemented between tiers in the applications stack and is carried out within the application. Used in scenarios where applications are coded correctly making it possible to configure load balancing in the application. Designers can use open source tools with DNS or some other method to track flows between tiers of the application stack. Network-Level Load Balancing: Network-level load balancing includes DNS round-robin, Anycast, and L4 – L7 load balancers. Web browser clients do not usually have built-in application layer redundancy, which pushes designers to look at the network layer for load balancing services. If applications were designed correctly, load balancing would not be a network-layer function.”

Enterprise Networking HIntroducing application performance and buffer sizes – > https://youtu.be/d36fPso1rZg

“Today’s data centers have a mixture of applications and workloads all with different consistency requirements. Some applications require predictable latency while others sustained throughput. It’s usually the case that the slowest flow is the ultimate determining factor affecting the end-to-end performance. So to try to satisfy varied conditions and achieve predictable application performance we must focus on consistent bandwidth and unified latency for ALL flows types and workloads.”

Enterprise Networking IApplication performance: small vs large buffer sizes – > https://youtu.be/JJxjlWTJbQU

“Both small and large buffer sizes have different effects on application flow types. Some sources claim that small buffers sizes optimize performance, while other claims that larger buffers are better. Many of the web giants including Facebook, Amazon, and Microsoft use small buffer switches. It depends on your environment. Understanding your application traffic pattern and testing optimizations techniques are essential to finding the sweet spot. Most out-of-the-box applications are not going to be fine-tuned for your environment, and the only rule of thumb is to lab test.

Complications arise when the congestion control behavior of TCP interacts with the network device buffer. The two have different purposes. TCP congestion control continuously monitors available network bandwidth by using packet drops as the metric. On the other hand buffering is used to avoid packet loss. In a congestion scenario, the TCP is buffered, but the sender and receiver have no way of knowing that there is congestion and the TCP congestion behavior is never initiated. So the two mechanisms that are used to improve application performance don’t compliment each other and require careful testing for your environment.”

Enterprise Networking J – TCP Congestion Control – > https://youtu.be/ycPTlTksszs

“The discrepancy and uneven bandwidth allocation for flow boil down to the natural behavior of how TCP reacts and interacts with insufficient packet buffers and the resulting packet drops. The behavior is known as the TCP/IP bandwidth capture effect. The TCP/IP bandwidth capture effect does not affect the overall bandwidth but more individual Query Completion Times and Flow Completion Times (FCT) for applications. The QCT and FCT are prime metrics for measuring TCP-based application performance. A TCP stream’s pace of transmission is based on a built-in feedback mechanism. The ACK packets from the receiver adjust the sender’s bandwidth to match the available network bandwidth. With each ACK received, the sender’s TCP starts to incrementally increase the pace of sending packets to use all available bandwidth. On the other hand, it takes 3 duplicate ACK messages for TCP to conclude packet loss on the connection and start the process of retransmission.”

Enterprise Networking K – Mice and Elephant flows – > https://youtu.be/vCB_JH2o1nk

” There are two types of flows in data center environments. We have a large, elephant and smaller mice flow. Elephant flows might only represent a low proportion of the number of flows but consume most of the total data volume. Mice flows are, for example, control and alarm/control messages and usually pretty significant. As a result, they should be given priority over larger elephant flows, but this is sometimes not the case with simple buffer types that don’t distinguish between flow types. Priority can be given by somehow regulating the elephant flows with intelligent switch buffers. Mice flows are often bursty flows where one query is sent to many servers. This results in many small queries getting sent back to the single originating host. These messages are often small only requiring 3 to 5 TCP packets. As a result, the TCP congestion control mechanism may not even be evoked as the congestion mechanisms take 3 duplicate ACK messages. Due to the size of elephant flows they will invoke the TCP congestion control mechanism (mice flows don’t as they are too small).

Enterprise Networking LMultipath TCP – > https://youtu.be/Dfykc40oWzI

“Transmission Control Protocol (TCP) applications offer reliable byte stream with congestion control mechanisms adjusting flows to current network load. Designed in the 70s, TCP is the most widely used protocol and remains largely unchanged, unlike the networks it operates within. Back in those days the designers understood there could be link failure and decided to decouple the network layer (IP) from the transport layer (TCP). This enables the routing with IP around link failures without breaking the end-to-end TCP connection. Dynamic routing protocols do this automatically without the need for transport layer knowledge. Even Though it has wide adoption, it does not fully align with the multipath characteristics of today’s networks. TCP’s main drawback is that it’s a single path per connection protocol. A single path means once the stream is placed on a path ( endpoints of the connection) it can not be moved to another path even though multiple paths may exist between peers. This characteristic is suboptimal as the majority of today’s networks, and end hosts have multipath characteristics for better performance and robustness.”

Enterprise Networking MMultipath TCP use cases – > https://youtu.be/KkL_yLNhK_E

“Multipath TCP is particularly useful in the multipath data center and mobile phone environments. All mobiles allow you to connect via WiFi and a 3G network. MPTCP enables either the combined throughput and the switching of interfaces ( Wifi / 3G ) without disrupting the end-to-end TCP connection. For example, if you are currently on a 3G network with an active TCP stream, the TCP stream is bound to that interface. If you want to move to the Wifi network you need to reset the connection and all ongoing TCP connections will, therefore, get reset. With MPTCP the swapping of interfaces is transparent. Next-generation leaf and spine data center networks are built with Equal-Cost Multipath (ECMP). Within the data center, any two endpoints are equidistant. For one endpoint to communicate to another, a TCP flow is placed on a single link, not spread over multiple links. As a result, single-path TCP collisions may occur, reducing the throughput available to that flow. This is commonly seen for large flows and not small mice flow.”

Enterprise Networking N – > Multipath TCP connection setup – > https://youtu.be/ALAPKcOouAA

“The aim of the connection is to have a single TCP connection with many subflows. The two endpoints using MPTCP are synchronized and have connection identifiers for each of the subflows. MPTCP starts the same as regular TCP. If additional paths are available additional TCP subflow sessions are combined into the existing TCP session. The original TCP session and other subflow sessions appear as one to the application, and the main Multipath TCP connection seems like a regular TCP connection. The identification of additional paths boils down to the number of IP addresses on the hosts. The TCP handshake starts as normal, but within the first SYN, there is a new MP_CAPABLE option ( value 0x0 ) and a unique connection identifier. This allows the client to indicate they want to do MPTCP. At this stage, the application layer just creates a standard TCP socket with additional variables indicating that it wants to do MPTCP. If the receiving server end is MP_CAPABLE it will reply with the SYN/ACK MP_CAPABLE along with its connection identifier. Once the connection is agreed the client and server will set upstate. Inside the kernel, this creates a Meta socket acting as the layer between the application and all the TCP subflows.”

More Videos to come!

Additional Enterprise Networking information can be found at the following: