Take network configuration management tools to the next level
Script management systems and intent-based networking are driving the future of network configuration management tools, shifting the paradigm of how networking systems are managed.
The evolution of configuration management software has reduced repetitive and time-consuming network management tasks. Script management software eliminates the need to update command-line interface, or CLI, scripts manually. Software eliminates the need to manually update devices one by one.
These products eliminate a lot of routine and error-prone work, but they only automate manual processes. Network managers must still determine what network resources applications require and then configure the network to support those applications.
intent-based networking (IBN) introduces a fundamental change, streamlining network configuration management tools and business operations. Now, instead of spending time on configuration management details, network managers can focus on business requirements, applications and services.
Prior to intent-based management, managers needed to determine all the parameters for common scenarios in network configuration management tools, among them:
- Providing two groups of users access to some different and some common sets of resources, while keeping the data streams separate; and
- Supporting service-level agreements (SLAs) for each group.
There are multiple ways to ensure separation and meet the SLAs: Separate virtual LANs, separate subnets, VPNs or routing over separate links can all meet the policy goal. With intent-based management, network managers no longer need to invest time determining the right approach and then configure all the detailed parameters.
Instead, intent-based software determines whether the policy can be met, the most efficient method of implementing the policy and then generates the configuration parameters needed to implement the appropriate service.
After choosing and configuring the approach, intent-based software continually monitors operations to ensure the manager's intent is being met. If conditions on the network change -- for example, if the chosen option no longer supports the policy, or a different tact would be more efficient -- the software reconfigures the network without requiring manager input.
Intent-based products entering the market
Several vendors have introduced intent-based software and enhancements to existing products, including Cisco, Jupiter Networks, Apstra, Forward Networks and Veriflow Systems.
Cisco has announced enhancements to its Digital Network Architecture (DNA). Network managers specify policies via the DNA Center component. Automation software then creates the specific directives needed to configure the network to carry out those policies.
Verification components continually monitor the network to ensure policies are still being met. Otherwise, the software reconfigures the network to restore proper operation. The software uses machine learning based on accumulated observations to determine whether there is a more efficient approach; if so, the software reconfigures the network. Cisco hardware is required. The first switches to support Cisco's IBN initiative are the Catalyst 9000 campus series.
Juniper Networks is developing E2, an SDN controller built on its existing Contrail controller. E2 will add intent-based capability, and, like Contrail, it will be maintained as an open source project and not require Juniper hardware.
Apstra has announced its Apstra Operating System (AOS) as a way to greatly reduce the cost of configuring and managing a multivendor network. Network managers specify a policy, and AOS chooses from a set of templates that support that policy.
The choice of template is based on the current condition of the network. AOS then uses the directives in a template to configure the network. Managers can customize templates, if necessary.
Multiple templates are used to specify a strategy. Top-level or retail templates may describe an end-user visible policy, such as an application SLA. Top-level templates invoke lower-level templates to specify the details for the multiple detailed requirements required to satisfy the top-level policy.
Forward Networks offers products that verify intent-based networks are operating correctly. Forward's Essential software collects and organizes network data, while Enterprise creates a mathematical model of network state and uses it to verify the network is operating correctly.
Veriflow software gathers detailed state information from each device in the network and uses a patented formal verification technique to ensure specified policies are being met.
Early adopters need to ask tough questions: Will intent-based software generate correct configurations in all cases? Will managers have enough knowledge of how the network is configured to find and fix the problem if something goes wrong? Can network managers modify configurations without a corresponding vendor fix to the automation software? Finally, if the software determines a more efficient way to operate, will managers be able to understand the reason, and will they need to understand it?
IBN will need some fine-tuning before it becomes widely adopted. But with proper research and planning, it offers significant benefits for the suite of network configuration management tools. Still, network managers should prepare to test products carefully before introducing them into production networks.