Technology

Intent Based Networking: Expectations vs. Reality

What is Intent-based Networking and why should you care?

Intent-based networking is the hot new concept being discussed in the Networking Industry right now. Intent-based networking also known as Intent Based Networking uses machine learning and advanced orchestration which in result, reduces the complexity of maintaining and managing network policies. However, managing computer networks has always been a complex process. Network administrators have been responsible for managing network equipment, provisioning user access, configuring security policies and above all, ensuring the system is doing what it’s supposed to do. Many Network Admins use command-line interfaces to control their networks, unfortunately, this way of managing the network does not scale very well. The idea behind Intent-based network is that the network administrator simply tells the network what their intent. So, the network automatically implements it. Thereafter, the Intent Based Networking controller configures the network hardware if the network changes.

Think of a School with a network carrying sensitive student information, using an Intent-based networking System, network administrators could dictate their intent that only Teachers are able to interact with sensitive student data and no other users have access. Therefore, Intent Based Networking automatically recognizes the identity of the teacher and enforces the access policy. The security implications of Intent-Based Networking are promising. Moreover, the IBN ingests the intent of the Security Admins and can automatically maintain security policies like ACLs, Access Policies. As a result, this frees up the security admins to focus on instant response rather than implementing policies.

How does Intent based Networking work?

Intent-based networking captures the business intent expressed by the user in user-friendly language and translates this intent into IT policies that can be applied and constantly monitored across the entire network. Below mentioned figure provides examples of the difference between intent and execution.

Every major Intent Based Networking platform works on 3 major functions:

  • Captures the Intent, checks whether it is feasible in the current network Infrastructure and finally, translates it into the respective Policies and Configurations.
  • Automate the deployment of the expressed intent over the network infrastructure.
  • Finally, validates and verify the deployed Policies & Configurations and assure the expressed intent is achieved.

Above mentioned figures the Cisco’s IBN Platform functions.

3 Key functions of Intent-based Networking System

Translation in Intent Based Networking

The translation function is more about the characterization of intent because it enables network administrators to express their intent in a declarative and flexible manner. Network Admins should have the capability to characterize their desired intent. For instance, this may take the form of a user-friendly graphical user interface, flexible model (such as YANG or JSON/XML) that is intuitive or even a predefined syntax or language. In the future, network admins will verbally speak intent and the IBN system executes and provides verbal feedback. Text-to-speech expressions can make it possible. Finally, the translation feature converts the captured intent into a Model-based Policy (MBP) that can be applied across the Network Infrastructure.

Assurance in Intent Based Networking

Assurance is a critical function of Intent Based Networking System because it maintains a continuous validation and verification loop function to check that the expressed intent is honoured by the network or not. Therefore, it continuously verifies the behaviour of IBN system before, during and after deployment. In addition to verifying the current network state and its alignment with the desired intent, assurance function can derive more insights and visibility into the behaviour characteristic of an IBN architecture. Most importantly, it also provides a mechanism to automatically provide the remediation of any intent-based policy violations. As a result, it solves the problem before it creates any impact.

Cisco DNA-ready wireless access points:

• Cisco Catalyst 9100 Access Points

• Cisco Aironet 4800 Access Points

• Cisco Aironet 3800 Series Access Points

• Cisco Aironet 2800 Series Access Points

• Cisco Aironet 1850 Series Access Points

• Cisco Aironet 1830 Series Access Points

• Cisco Aironet 1815 Series Access Points Cisco DNA-ready wireless controllers

• Cisco Catalyst 9800 Series Wireless Controllers

• Cisco 8540 Wireless Controller

• Cisco 5520 Wireless Controller

• Cisco 3504 Wireless Controller

Activation in Intent Based Networking

The Activation function installs the converted policies into the physical and virtual network infrastructure using Automation. In IBN, the IBN controller can correlate the information about the network elements, their capabilities, and the physical topology with the expressed Policies to establish the appropriate device configurations, for instance. To ensure consistency, additional checks at the configuration level may also be applied before programming the network elements. The Intent Based Networking controller may use standards-based APIs such as NETCONF, YANG or REST API.

Cisco Digital Network Architecture

Cisco came with the solution called Digital Network Architecture also known as Cisco DNA for Enterprise-grade Intent based Network Architecture. However, to start using DNA Capabilities on Cisco Enterprise Network Devices like Routers, Switches, Access Points, Wireless Controllers etc. You will need a Cisco DNA Center appliance and DNA subscription licenses for each router, switch and wireless device. Most importantly, below mentioned are the Cisco components which support DNA (Cisco’s IBN architecture) as of now.

Cisco DNA-ready switching products:

• Cisco Catalyst 9000 Family

– Cisco Catalyst 9200 Series Switches

– Cisco Catalyst 9300 Series Switches

– Cisco Catalyst 9400 Series Switches

– Cisco Catalyst 9500 Series Switches

– Cisco Catalyst 9600 Series Switches

• Cisco Catalyst 3650 and 3850 Series Switches

• Cisco Catalyst 4500E Series Switches + Supervisor Engine 8E

• Cisco Catalyst 6500 Series Switches + Supervisor Engine 6T

• Cisco Catalyst 6800 Series Switches

• Cisco Industrial Ethernet 5000 Series Switches

• Cisco Industrial Ethernet 4000 Series Switches

• Cisco Nexus 7700+M3 Card

Cisco Digital Network Architecture Overview – Cisco’s Intent Based Networking platform

The below mentioned figure describes the network-centric view of Cisco DNA, which is Cisco’s Intent Based Networking offering. In the architecture, endpoints including applications connect to the network to seek transport services. However, all endpoints are outside of the network domain and are crossing a user network interface. A transport service in DNA is defined as the transmission of IP flows towards egress UNI, therefore, transport of IP packets making up the flow between applications running on end devices. The Digital Network Architecture is an IBN architecture that provides the inter-connectivity and transport services due to which it allows endpoints or applications to communicate with each other, regardless of whether they are hosted in the enterprise network infrastructure or in the cloud. There is much more to know about Cisco DNA and its architecture. For more information, go to https://www.cisco.com/go/dna. Are you looking for advisory, consulting and professional services that will help you meet your Information Technology goals? Zindagi can help!

Zindagi Technologies is an IT consultancy and professional services organisation based out of New Delhi, India. We’re experts in best practice design, large scale data centre design and deployment, service provider network design, information security, blockchain, IoT, Smart Cities, and Private/Public/Hybrid cloud solutions. Each one of us has years of experience in large scale network design, deployment and automation. Our “customer first” motto drives us forward, and we believe in providing quality services to our clients always. Contact us now, to know how Zindagi can help solve your IT / Information Security related problems. We’re also available on email and phone (India business hours).

Author

Harpreet Singh Batra

Consulting Engineer

Zindagi Technologies Private Limited

Author

Team ZT