NETWORKING as a concept has been around for several decades. Look around you when you are at home or at the office, and you will find that you are surrounded by networking gear of some kind.
Your home’s wireless access point (AP) or router and modem given to you by your Internet Service Provider (ISP) are all part of a seamless tapestry of technology designed to deliver the Internet on demand.
Whole industries, companies, jobs and experiences have sprung up around the advances in computer networking. Technology that makes access to the network ubiquitous has been become increasingly sophisticated and seamless. And this technology is at the cusp of the next major leap that has the potential to transform traditional networking infrastructure as we know it today.
Called intent-based networking, it has the ability to improve a company’s network availability and agility, which are key tenets of any organisation seeking to shift its mode of business online.
Intent-based networking systems, or IBNS, are a new way of building and operating networks by providing life cycle management for network infrastructure.
IBNS is expected to usher in a new era of smart, adaptable networking systems, which uses machine learning and advanced automation to adapt the network according to changing conditions.
Intent-based networking allows for automation at scale, so companies can manage a seemingly unmanageable array of devices and other technologies. Interpreting data with the right context is what enables the network to provide new, more meaningful insights.
“Intent-based networking is not a product, or a market,” says Andrew Lerner, vice president at Gartner Research who covers enterprise networking.
“Instead, it is a piece of networking software that helps to plan, design and implement/operate networks that can improve network availability and agility,” he said.
According to a Gartner report on IBNS, more than 1,000 large enterprises will use IBNS within the next four years, as compared to just 15 today.
How can IBNS improve a company’s competitiveness?
IBNS provides “networking middleware to replace intelligence that was previously only available from networking engineers/architects”, says a Gartner report. The intelligent systems are driven by algorithms which translate business intent into network configurations.
Intent-based networking systems represent a marked contrast between how networks of the future will be managed, versus those of today.
According to Gartner, a complete IBNS provides four key capabilities:
- Translation and validation: The system takes a higher-level business policy as input from end users and converts it into the correct network configuration. The system then generates and validates the resulting design and configuration for correctness.
- Automated implementation: The system can configure the appropriate network changes across existing network infrastructure. This is typically done via network automation and/or network orchestration.
- Awareness of network state: The system ingests real-time network status for systems under its administrative control, and is protocol- and transport-agnostic.
- Assurance and dynamic optimisation/remediation: The system continuously validates (in real time) that the original business intent of the system is being met, and can take corrective actions (such as blocking traffic, modifying network capacity or notifying) when desired intent is not met.
While agility and availability are the high-level benefits, IBNS provides several other specific benefits, including:
- Reduced operating expenditures: IBNS-based networks reduce the operational expense associated with managing networks, freeing up senior level network resources to focus on more important strategic tasks.
- Performance optimisation: Intent-based algorithms can provide better traffic engineering versus traditional approaches, such as routing protocols, resulting in improved application performance.
- Reduction in dedicated tooling costs: Intent tools can circumvent the costs of other related network infrastructure tooling, as automation and orchestration are embedded within IBNS.
- Better documentation: IBNS provides real-time self-documentation, which also includes the rationale (intent) behind design/configuration decisions.
- Improved compliance: Intent-based systems simplify auditing due to algorithmic correctness of configurations, direct mapping to business intent, combined with ongoing dynamic real-time validation.
Cisco Systems, a leading manufacturer of networking hardware, has bet heavily on the potential of intent-based networking systems; they are major proponents of its adoption.
Hot on the heels of recent large scale ransomware attack, WannaCry, which infected more than 300,000 computers in 150 countries, and other widespread phishing attacks, Ciscorolled out its new Digital Network Architecture (DNA), which is designed to work on intent-based networking systems and mitigate cyber attacks.
The multi-product DNA, launched in June this year, is designed to help IT departments rapidly partition off infected parts of their network, and can help them contain the damage inflicted by such cyber attacks, among other things.
Traditional networks are usually hardware-centric, manual and with fragmented security. Cisco’s new network, on the other hand, is software-driven, automated, with built-in security and the ability to turn network data into business insights. Employing machine learning on a major scale, the new network can learn, intuit and predict. The result, according to Cisco, is a fully integrated intent-based networking system.
Scott Harrell, senior VP of product management for Cisco’s Enterprise Networking Group, feels the company is redefining the network with DNA.
“This launch is about the ability to make the network simpler for power users allowing them to deliver sophisticated and dynamic network operations,” Mr Harrell says.
Talking about DNA, he adds that the company has released something that “nobody else in the market can do, which is basically the ability to understand whether or not there’s malicious traffic inside of encrypted traffic without encrypting it”.
“This is the big trick that attackers are realising and leveraging. If they encrypt traffic, they can bypass security tools because of privacy reasons.”
According to a blog post by David Goeckeler, executive vice president and general manager of the networking and security business at Cisco, a small team of data scientists had cracked the problem of identifying malware in encrypted traffic, using Cisco’s IBNS-based architecture and algorithms.
The Encrypted Traffic Analysis, or ETA, is part of Cisco’s DNA product. According to Mr Goeckeler, the system can identify “malware in encrypted traffic”, without compromising user security.
“They even were showing four nines of accuracy in their test cases and no information was being decrypted. The fact that no decryption was involved meant their approach did not come at the expense of privacy,” he said of the breakthrough, which nixed the “security vs privacy” debate.
The intuitive network starts with intent-based infrastructure that is secure – essentially all IP infrastructure, including switches, routers, wireless access points, that provides the connectivity and routes traffic from devices (PCs, tablets, phones, video screens, IoT) within the enterprise and to the Internet, Mr Goeckeler says in his blog post.
To that effect, Cisco has also released Catalyst 9000 enterprise switches, which constitute a mobile, Internet of Things (IoT), and cloud-ready platform with integrated security, including ETA.
With intuitive smarts, Cisco has changed the approach on building traditional network, removing the accumulated complexity and starting afresh, Mr Goeckeler says.
“We have one unified system that spans the entire enterprise access network, covering all types of devices. It acts as a single platform, driven by intent. This intent-based infrastructure is programmable and integrated so that it can be automated. Also, security is built-in with the ability to find threats and automate responses to keep enterprises protected from advanced threats,” Mr Goeckeler adds.