Intent-based networking (IBN) is a trend that has been gaining traction in IT in recent years. IBN is the automation of processes that ensure the alignment of network operators’ high-level intent and policy requirements with the design and configuration of the network as a whole. The IBN vision grew out of the need for greater network automation following the partial success of software-defined networking (SDN) to simplify cloud deployments and virtual networking.
As defined, IBN automates the analysis and remediation of network errors, as well as intelligently automates network designs and configuration updates.
The main challenge in delivering an IBN solution is the layered intelligence that is required for the system to reason about designing error-free networks and to map behavior to high-level requirements. This requires replicating the knowledge of seasoned network operators in diagnosing and troubleshooting issues or designing network architectures. Implicit is a good deal of artificial intelligence/machine learning (AI/ML) in many solutions.
Go here to see eWEEK’s list of Top SD-WAN Vendors.
Go here to see eWEEK’s Resource Page on Intent-Based Networking.
There are generally two approaches (subcategories) to IBN: 1) Starting with policy requirements and intent, how do you design and configure the network properly?; and 2) Given an existing network, how do you verify that all of the policy requirements are currently implemented and enforced (or which ones aren’t)?
The following data points, offered to eWEEK readers as industry information from Forward Networks, are some of the key trends, use cases and best practices for organizations thinking of tying the knot with emerging IBN technology.
Data Point No. 1: Verification on Top of Testing
While still important, network testing has traditionally been limited to a finite number of test scenarios, limited lab environments and not at scale. Organizations using IBN are shifting to the more thorough and reasoned analysis of network verification. Verification is a mathematical analysis of the network design and behaviors that can reason through and detect potential policy violations or vulnerabilities under any potential scenario. If there’s a condition that will trigger a policy violation, verification can find it proactively. Verification methodology is new to networking and is not unlike verification techniques that have been applied to software, integrated circuit, rocket design and so on.
Data Point No. 2: Behavior Analysis
What is being verified through IBN is the complete alignment of your “intent” with the underlying design of the network. IBN provides the ability to reason through the end-to-end behavior of the network and compares it to defined policy statements (the intent). End-to-end behaviors are closely correlated with IT’s intent, such as what type of traffic can flow on various network segments, which subnets should be verifiably isolated, how many redundant paths should be available for specific application flows, etc. This level of analysis has never been available through network devices that only understand their local traffic handling responsibilities and how to direct which traffic to their nearest neighbors.
Data Point No. 3: Search and Remediation
Understanding where network designs are deviating from intended behaviors is critical to automating the search for configuration errors and to remediate trouble tickets. Rather than searching for a needle in a haystack through potentially hundreds of devices and various configuration files and lines of code, IBN analysis can frequently identify which device—and even which lines of code—is causing a deviation from defined intent.
Data Point No. 4: Compliance Checks and Audits
Similarly, IBN can quickly search a long list of compliance-related checks to audit the general health of the network to identify configuration errors that may be hard to identify prior to causing an outage. An IBN system, understanding the complex dynamics of the network holistically, can quickly scan for things like IP address uniqueness, MTU mismatches, VLAN inconsistencies, down links, forwarding loops and others.
Data Point No. 5: Change Tracking and Documentation
IBN systems have to create and maintain a working analytical model of the network to reason through the verification process and check for policy alignment. It’s natural to leverage this network model to track and compare network changes and behavior over time. Few large enterprise networks have up-to-date detailed accurate documentation for all devices, configurations, topology maps and corresponding intent. Visio diagrams have been state-of-the-art for a while. But now, IBN systems can simply store and document the then-current network design and behavior for not only an up-to-date analysis but rolling back in software to prior dates to compare changes in design and behavior.
Data Point No. 6: Predict the Future
Verification is allowing organizations to be proactive in heading off potential network issues with a thorough and reasoned network analysis end to end for the first time. Depending on the IBN system, it is possible to propose changes to the network design within the IBN software model and analyze how the changes will affect future network behavior and alignment with all defined policies going forward. This is one of the most advanced requirements and IT processes to be automated within IBN because it involves the greatest degree of applied intelligence and reasoning. But for certain changes, this can be a real boon to organizations to help accelerate change windows and verify proposed updates, particularly for firewall/ACL rules, NAT services, et al.
Data Point No. 7: Open Extensible Systems
A typical IBN platform will often consist of at least two main components, the AI/analytical engine and the data model of the underlying network. Because the interesting queries that can be analyzed (any behavior, network state, operational status) for a large network are essentially limitless, organizations are looking to leverage the underlying software model of the network (essentially a large database) to build their own applications, embed results into custom dashboards, or define their own custom network health and policy checks. Limiting such novel data access to the specific features of the single IBN platform would be frustrating to many. As a result, leading IBN platforms have the ability to leverage an open and well-defined data model so that organizations can build their own features quickly, usually in scripting languages like Python, against a normalized, vendor- and device-neutral data model that represents their current network.
If you have a suggestion for an eWEEK Data Points article, email cpreimesberger@eweek.com.
