The software-defined approach to Network management and implementation relies on the creation of an abstraction layer, to provide a virtual overlay on the physical infrastructure of servers, switches, routers, and wireless access points.
Historically, the creation and management of these virtual network layers has been accomplished through a combination of virtual Local Area Networks (VLANs), Virtual Private Networks (VPNs), and network segmentation rules.
But technologies being pioneered by Cisco and a number of startup companies are providing an alternative framework for software-defined infrastructure management, in the form of a strategy known as intent-based networking.
What Is Intent-based Networking?
An intent-based network (IBN) uses machine learning and advanced automation for management and monitoring.
The idea itself isn’t particularly new, but it’s only in recent years that technology has developed to the stage where intent-based networking systems (IBNS) can become a practical reality. Today’s machine learning algorithms may allow network administrators to set policies which define a desired state for the network, then deploy automated network orchestration software to implement those policies.
According to Gartner Research Vice President Andrew Lerner: “Intent-based networking systems monitor, identify and react in real time to changing network conditions.”
Lerner defines four characteristics of the intent-based network:
1. Translation and validation: Commands issued by network administrators may be translated into actions performed via software platforms. Managers and administrators can develop high-level business, networking, and security policies, in the knowledge that the IBNS can verify whether or not these policies may be executed.
2. Automated implementation: Once a human network manager has defined the desired state of a system, the intent-based networking software manipulates available resources to create that desired state, and enforce all defined policies.
3. Awareness of state: Intent-based networking systems are “self-aware”, to the extent that they continuously gather information on the network and monitor its state.
4. Assurance and dynamic optimization/remediation: An IBNS employs machine learning to select the best ways to implement desired network states, and can automatically take remedial actions to maintain a network state and optimize network operations.
In theory, an IBN solution would enable administrators to easily and automatically manage multi-vendor and multi-device environments, with policies that treat the network in aggregate terms, but with the fine-grained control needed to address the issues and requirements of specific business units and/or hardware sets.
Though no fully market-ready solutions have yet been released, Cisco and a handful of startup companies have laid out road-maps for the creation of IBNS platforms and related products, and it’s on the basis of these that we may look at some of the principles and practices involved.
Managing The IBN
Fundamental to the IBN philosophy is the ability of human network administrators to create policies tailored toward their particular enterprise, and then define network states corresponding to the conditions spelled out by these policies.
In managing the intent-based network, this approach demands a command post or nerve center providing deep insight and granular control over the various network elements. Cisco has addressed this need through its DNA Center interface for managing software-defined access(SD-Access) intent-based networks.
Such a control interface takes on the task of creating the virtual overlay network, which can segment the network into various layers, each having specific policies – but allowing all the segments to be centrally managed. User names, passwords, and IP addresses may all be managed from this central point.
Designing The Network
From the administration console, managers of the IBN should be able to configure settings for every device in the network. This facilitates the process of network design, whereby administrators can not only create definitions for all the sites comprising the extended corporate campus (central office, branch divisions, remote sites, etc.), but also define how each device in every domain should be configured.
Using the design tool-set, administrators may create the necessary definitions to establish host protocols, set domain names, establish syslog files and configure management protocols. Each time a new device is deployed at a particular site, the IBN software automatically retrieves the configuration settings for that location, and installs them on the device.
Policy management for the intent-based network requires administrators to create and manage profiles for their virtual network overlays. In principle, all the users and devices assigned to one virtual network remain logically confined to it, so a firewall would be required to gain access to a different virtual network.
A combination of firewalls, MPLS deployments and virtual reference stations could in theory be used to execute similar policy controls over different classes of devices, but in practice this would require a fair amount of manual labor and human intervention.
But the virtualized approach allows segmentation to occur within network segments, providing very fine levels of granular control. So for example, within a virtual network created for employees, each division may be assigned its own network segment and rules specific to each business unit. This degree of micro-segmentation also makes it easier for security managers to limit the spread of potential damage, if a single segment is breached.
The provisioning tool-set of the IBN provides the functions needed to implement the rules defined by the network policy and configuration settings. And the management software provides simple drag-and-drop mechanisms for network managers to dictate which devices should be specific to which domain, and the policies that should be enforced on those devices.
Policy enforcement on the intent-based network is an ongoing and dynamic process. Software tools within the management center collect network operations data, while monitoring tools and prescriptive algorithms map observed performance against benchmarks, to determine which activities, applications, or processes currently active on the network are behaving as expected. In some instances, the software may even be able to provide remedial suggestions or troubleshooting procedures.
The Way Of The Future?
It should be stressed that intent-based networking is still very much in its infancy. The 1.1 release of Cisco’s DNA Center is expected to be available in January 2018. Other names to watch for include Anuta Networks, which is offering a solution aimed at separating network services from hardware components, so as to facilitate highly automated processes, and Apstra, which is floating the idea of a vendor-agnostic network operating system which can be used to deliver IBN.
But industry analysts don’t expect IBN to become a mainstream offering until at least 2020.
This post first appeared on Network Wrangler - Tech Blog | IT Tips, Tricks, Tu, please read the originial post: here