young-man-wearing-vr-glasses-with-neon-light-futu-2021-12-17-19-01-47-utc

Intent-Based Networking

 

 

Intent-Based Networking

In today’s fast-paced digital world, networks connect people, devices, and services. However, managing these networks efficiently and effectively has become increasingly complex. This is where Intent-Based Networking (IBN) comes in. This blog post will explore what IBN is, how it differs from traditional network management approaches, and why it revolutionizes how networks are managed.

Intent-Based Networking is a paradigm shift in network management that leverages automation, artificial intelligence, and machine learning to simplify network operations. Instead of configuring individual devices manually, IBN focuses on defining the desired outcome or intent and allows the network infrastructure to configure and optimize itself accordingly. This intent-driven approach enables organizations to manage their networks more agile, responsive, and scalable.

 

Highlights: Intent-Based Networking

  • The lack of Agility

Intent-based networking is not just hype; we see many intent-driven networks already with many SD WAN overlay roll-outs. It is a necessary development; from a technology standpoint, it has arrived. However, cultural acceptance will take a little longer. Organizations are looking to modernize their business processes and their networks.

Yet, the traditional vertically integrated monolithic networking solutions prohibit the network from achieving agility. This is why we need intent-based networking systems. So, what is intent-based networking? Intent-based networking is where an end-user describes what the network should do, and the system automatically configures the policy. It uses declarative statements, i.e., what the network should do, instead of imperative statements. 

  • Converts the What into How

You are telling the network what you want to accomplish, not precisely what to do and how to do it, i.e., tell me what you want, not how to do it, all of which gets translated behind the scenes. Essentially, intent-based networking is a piece of open networking software that takes the “what” and converts it into the “how.” The system generates the resulting configuration for design and device implementation.

The system is provided with algorithms that translate business intent into network configurations. Humans can not match the speed of algorithms, and this is key. The system is aware of the network state and can ingest real-time network status from multiple sources in a transport and protocol-agnostic way.

  • The Desired State

It adds the final piece of the puzzle by validating in real time that the intent is being met. The system continuously compares the actual to the desired state of the running network. If the desired state is unmet, corrective actions such as modifying a QoS policy or applying an access control list (ACL) can occur. This allows for a closer alignment between the network infrastructure and business initiatives and maintains the network’s correctness.

 

Related: Before you proceed, you may find the following posts helpful.

  1. Network Configuration Automation
  2. Distributed Systems Observability
  3. Reliability in Distributed Systems
  4. Container Networking
  5. Overlay Virtual Networking

 



Kubernetes Attack Vectors

Key Kubernetes Security Best Practice Discussion points:


  • The issues with traditional security constructs.

  • The growing hacker sophistication.

  • Recap on the Kubernetes architecture.

  • Details on the Kubernetes security best practice.

  • Security 101 for containers and Kubernetes.

 

  • A key point: Video on intent-based networking

In this video, we will discuss the basics of intent-based networking: informing the controller about the end goal and allowing the controller-based network to figure out the low-level device and configuration details. Finally, as a product reference, we discuss Cisco SD-Access.

 

Tech Brief Video Series - Enterprise Networking | SD-Access & Intent-based networking
Prev 1 of 1 Next
Prev 1 of 1 Next

 

Back to basics: Intent-Based Networking

To understand what Intent-Based Networking is, learning more about what Intent encompasses is essential. An intent is a brief description of the purpose and a concrete predetermined set of steps that must be executed to (successfully) achieve the Intent. This principle can also be applied to the operation of a network infrastructure. The Intent and its steps precisely describe what needs to be done on the network to accomplish a specific task. 

For example, the application is migrating to the cloud. In this case, the Intent or steps may include the following. First, take the existing access policy for that application from the data center policy, transform the policy into an application policy for Internet access, deploy the procedure on all perimeter firewalls, and change the routing for that application to the cloud.

Intent Based Networking

Main Intent Based Networking Components

Intent Based Networking 

  • Translates high-level business objectives into network policies and configurations

  • Automating routine network tasks, such as provisioning, configuration, and troubleshooting.

  • Continuous monitoring and verification of network behavior against the intended state

Key Principles of Intent-Based Networking:

1. Translation: Intent-based networking automatically translates high-level business objectives into network policies and configurations. By understanding the desired intent, the network infrastructure can autonomously make the necessary adjustments to align with the organization’s goals.

2. Automation: Automation is a fundamental aspect of IBN. By automating routine network tasks, such as provisioning, configuration, and troubleshooting, network administrators can focus on strategic activities that add value to the organization. Automation also reduces the risk of human error, leading to improved network reliability and security.

3. Assurance: IBN provides continuous monitoring and verification of network behavior against the intended state. By constantly comparing the network’s current state with the desired intent, IBN can promptly identify and mitigate any configuration drift or anomalies. This proactive approach enhances network visibility, performance, and compliance.

Data Center

Intent-based Networking

Key Benefits

  • Simplified Network Management

  • Enhanced Agility and Scalability

  • Improved Network Security

  • Optimized Performance

Benefits of Intent-Based Networking:

1. Simplified Network Management: With IBN, network administrators can easily manage complex networks. By abstracting the complexity of individual devices and focusing on business intent, IBN simplifies network operations, reducing the need for manual configuration and troubleshooting.

2. Enhanced Agility and Scalability: IBN enables organizations to respond quickly to changing business requirements and scale their networks effortlessly. By automating network provisioning and configuration, IBN supports rapid deployment and seamless integration of new services and devices.

3. Improved Network Security: Security is a top concern for modern networks. IBN offers enhanced security by continuously monitoring network behavior and enforcing security policies. This proactive approach reduces the risk of security breaches and enables faster threat detection and response.

4. Optimized Performance: IBN leverages real-time analytics and machine learning to optimize network performance. By dynamically adjusting network configurations based on traffic patterns and user behavior, IBN ensures optimal performance and user experience.

 

Example Solution: Cisco SD-Access

The Cisco SD-Access digital network evolution transforms traditional campus LANs into intent-driven, programmable networks. Campus Fabric and DNA Center are Cisco SD-Access’ two main components. Creating and monitoring the Cisco Campus Fabric is automated and assured through the Cisco DNA Center.

Cisco Campus Fabric Architecture
In Cisco SD-Access, fabric roles and terminology differ from those in traditional three-tier hierarchical networks. To create a logical topology, Cisco SD-Access uses overlay networks running on a physical network (underlay network) to implement fabric technology.

Underlay networks are the traditional physical networks that connect LAN devices such as routers and switches. A primary function of an underlay network is to provide IP connectivity for traffic to travel from one point to another. Due to the IP-based underlay, any interior gateway protocol (IGP) can be utilized.

Overlay and Underlay Networking

Fabrics are overlay networks. Internet Protocol Security (IPsec), Generic Routing Encapsulation (GRE), Dynamic Multipoint Virtual Private Networks (DMVPN), Multiprotocol Label Switching (MPLS), Location Identifier Separation Protocol (LISP), and others are commonly used with overlay networks in the IT world to virtual connect devices. Virtually connecting devices over a topology-independent physical underlay network, an overlay network is a logical topology.

MPLS forwarding
Diagram: MPLS forwarding

Forwarding and control planes are separated in overlay networks, resulting in a flexible, programmable, and scalable network. To simplify the underlay, the control plane and data plane are separated. As the control plane becomes the network’s brain, it allows faster forwarding and optimizes packets and network reliability. As an underlay for the centralized controller, Cisco SD-Access supports building a fabric using an existing network.

Underlay networks can be automated with Cisco DNA Center. As a result, it is helpful for new implementations or infrastructure growth since it eliminates the hassle of setting up the underlay. For differentiation, segmentation, and mobility, overlay networks often use alternate forwarding attributes in an additional header.

Cisco SD AccessNetworking Complexity

Networks continue to get more complex as traffic demands increase. While software-defined networking (SDN) can abstract the underlying complexities, we must consider how we orchestrate the policy and intent across multi-vendor, multi-domain elements.

To overcome complexity, you have to abstract. We have been doing this with tunneling for decades. However, different abstractions are used at the business and infrastructure resource levels.

At a business level, you need to be flexible as rules will change and must be approached differently from how the operating system comes modeling resources. We must make new architecture decisions for this, as it’s not just about configuration management and orchestrations. None of these can look at the network state, which we need to do.

For this, we need network intelligence. How networks are built and managed today uses a manual approach without algorithmic validation. The manual process of networking is not viable in the future.  Let’s face it: humans make mistakes.

There are many reasons for network outages, ranging from software bugs and hardware/power failure to security breaches. All of which comes from a lack of implementing network security. But human error is still the number one cause. We are inhibited by manual configuration. Intent-based networking eliminates this inhibition.

 

intent-based networking
Diagram: Intent-Driven Network.

 

The traditional approach to networking

In the traditional network model, there is a gap between the architect’s intent and what’s achieved. Not just for device configuration but also for achieved runtime behavior. Until now, there has not been a way to validate the original intent or to have a continuous verification mechanism.

Once you have achieved this level of assurance, you can focus on business needs and not be constrained by managing a legacy network. For example, Netflix moved its control plane to the cloud and now focuses all its time on its customer base.

We have gone halfway and spent billions of dollars on the compute, storage, and applications, but the network still lags. The architecture and protocols have become more complex, but the management tools have not kept pace. Fortunately, now, this is beginning to change.

 

Software-defined networking; slow deployments

SDN shows great promise that could release networking, but deployments have been slow. Primarily down to large cloud-scale organizations with ample resources and dollars. But what can the rest of the industry do if we do not have that level of business maturity?  Intent-based networking is a natural successor to SDN, as many intent-based vendors have borrowed the same principles and common architectures.

The systems are built on the divide between the application and the network infrastructure. However, SDN operates at the network architecture level, where the control plane instructs the data plane forwarding node. Intent-based systems work higher at the application level to offer true brownfield network automation.

SDN and SD-WAN have made considerable leaps in network programmability, but intent-based networking is a further leap to zero-touch self-healing networks. For additional information on SD-WAN, including the challenges with existing WANs, such as lack of agility with BGP ( what is BGP protocol in networking ) and the core features of SD-WAN, check out this SDWAN tutorial.

 

  • A key point: Video on BGP in the data center

In this whiteboard session, we will address the basics of BGP. A network exists specifically to serve the connectivity requirements of applications, and these applications are to serve business needs. So, these applications must run on stable networks and stable networks are built from stable routing protocols.

Routing Protocols are a set of predefined rules used by the routers that interconnect your network to maintain the communication between the source and the destination. These routing protocols help to find the routes between two nodes on the computer network.

 

BGP in the Data Center
Prev 1 of 1 Next
Prev 1 of 1 Next

 

Intent-Based Networking Use Case

The wide-area network (WAN) edge consists of several network infrastructure devices, including Layer 3 routers, SD-WAN appliances such as Viptela SD-WAN, and WAN optimization controllers. These devices could send diagnostic information for the intent-based system to ingest. The system can ingest from multiple sources, including a monitoring system and network telemetry.

As a result, the system can keep track of application performance over a variety of links. Suppose there is a performance-related problem, the policies are unmet, and application performance degrades.

In that case, the system can take action, such as to re-route the traffic over a less congested link or notify a network team member. The intent-based system does not have to take corrective action, similar to how IDS/IPS is deployed. These devices can take disciplinary action if necessary, but many use IDS/IPS to alert.

Looking deeper on intent based networking systems

The intent-based architecture combines machine learning (ML), cognitive computing, and deep analytics, providing enhanced levels of automation and programmability through an easy-to-use GUI. Combining these technologies allows you to move from a reactive to a proactive system.

ML, a sub-application of artificial intelligence (AI), allows intent-based systems to analyze and learn from data without explicit programming automatically. Therefore, it enables systems to understand and predict the data for autonomous behavior. Intent-based networking represents a radical new approach to network architecture and takes networking to the next level in intelligence.

It is not a technology that is going to be accepted overnight. Its adoption will be slow as, to some, a fully automated network can sound daunting, placing the faith of your business, which for many organizations is the network.

However, deploying intent-based networking systems offers a new way to build and operate networks, which increases agility, availability, and security compared to traditional networking.

Conclusion: Intent-Based Networking is transforming the way networks are managed. By shifting the focus from device-centric configurations to intent-driven outcomes, IBN simplifies network management, enhances agility and scalability, improves security, and optimizes network performance. As organizations strive to meet the demands of the digital age, embracing this innovative approach can pave the way for a more efficient and intelligent network infrastructure.

 

 

Matt Conran
Latest posts by Matt Conran (see all)

Comments are closed.