Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Cisco Solutions for Intent-Based Networking (IBN) Solution Overview

Networking Solutions Island of Content Event

Available Languages

Download Options

  • PDF
    (656.4 KB)
    View with Adobe Reader on a variety of devices
Updated:June 10, 2019

Available Languages

Download Options

  • PDF
    (656.4 KB)
    View with Adobe Reader on a variety of devices
Updated:June 10, 2019


The next era of enterprise networking – continuously aligning the network to changing business needs with intent-based networking solutions.

The changing landscape

In today’s world, the emergence of artificial intelligence, the Internet of Things (IoT), the cloud, ever-expanding amounts of data, and increasingly complex cybersecurity threats are changing the technology landscape at breakneck speed. Applications and services are moving everywhere in the enterprise – from the remote edge to branch offices, to HQ, and all the way to data centers in public-, private-, and hybrid-cloud environments. As a result, the data center is no longer a place but instead is defined as wherever the data is created, processed, and used. The expanding use of diverse IoT devices, apps, and accompanying data is resulting in new distributed compute models, together with exponentially greater levels of scale and complexity. Mobile users expect immediate and high-performance connectivity at all times, everywhere, and on any device over Wi-Fi and public 4G (and soon 5G) networks. Cybersecurity threats are becoming increasingly sophisticated and dangerous across a broader attack surface that is no longer contained within well-defined perimeters. This dynamic technology landscape is a reality for all organizations, their employees, and their customers, and is the engine for the digital economy. So IT is feeling the pressure to address all these trends, typically with a constrained budget and limited talent pool.

The need for a new kind of network

In this environment, it is critical for IT leaders to adopt a radically new approach to networking. The current rigid and largely manual lifecycle management approach is no longer sustainable for deploying, maintaining, and updating networks, and it cannot scale to meet the growing complexity. For an organization to flourish in the digital economy, the network needs to be able to adapt quickly to changing business requirements or “intent.” The network needs to support an increasingly diverse and fast-changing set of users, devices, applications, and services. It needs to ensure fast and secure access to and between workloads wherever they reside. And for the network to work optimally, all this needs to be achieved from end to end, between users, devices, apps, and services across each network domain – campus, branch, WAN, data center, hybrid cloud, and multicloud. Which means that organizations need a new, integrated architecture for each domain and also a way to align to application performance and security needs across domains of the enterprise network.

Digital demands

The new network needs to:

     Align to the business

Enable new digital business initiatives, not hold them back. The network needs the agility to quickly and dynamically realign with rapidly changing business objectives.

     Deal with growing complexity

Be easier to configure, operate, and maintain in the face of growing scale and complexity. Current operational models are not scalable or sustainable.

     Assure service performance

Provide full visibility into how the network is operating and provide assurance that the network is supporting the desired business initiatives and achieving compliance. It also needs to identify any discrepancies and recommend fixes.

     Reduce risk

Identify and neutralize security threats before they cause harm. Multicloud, IoT, and mobile adoption open up new threat vectors that the network needs to constantly protect against.

Intent-based networking

How do you get there? With Intent-Based Networking (IBN), the emerging industry model for the next generation of networking. IBN builds on Software-Defined Networking (SDN), transforming from a hardware-centric and manual approach to designing and operating networks to a software-centric and fully automated one that adds context, learning, and assurance capabilities. Your intent-based network captures business intent and uses analytics, machine learning, and automation to align the network continuously and dynamically to changing business needs. That means continuously applying and assuring application performance requirements and automating user, security, compliance, and IT operations policies across the whole network.

How does intent-based networking work?

Intent-based networking captures and translates business intent into network policies that can be automated and applied consistently across the network. The end goal is for the network to continuously monitor and adjust network performance to assure the desired business outcome. Ultimately, this is achieved through a closed-loop system with the following functional building blocks - translation, activation and assurance.

For intent-based networking to achieve its full potential, these three functions build on a programmable network infrastructure (Figure 1):


Figure 1.           

Intent-based networking

     Translation: Capabilities that tell the network what to do to achieve the desired business outcome (intent), based on a consistent and verified policy the network can act upon.

     Example: Translate a business intent that the finance department needs highly-secure and uninterrupted service levels for its month-end reporting application into network-relevant policies. These policies may define the segmentation, security, and application service-levels for the network to implement.

     Activation: Deployment of the expressed policies throughout the network infrastructure, by automating systemwide changes to all relevant network and security devices.

     Example: Apply priority service levels for all users and applications on the secure finance reporting segment across network and security devices in each network domain (data center, campus, WAN, and branch).

     Assurance: Continuous monitoring and verification that the desired intent has been applied and business outcome has been achieved. This can include remediation through recommended corrective actions and ongoing optimization through predictive analytics.

     Example: Use network telemetry to monitor and analyze the finance application performance against desired outcomes, including remediation, optimization, and corrective actions as appropriate.


Cisco’s strategy for intent-based networking

Cisco has a complete architecture and solution suite to deliver on the vision of applying and assuring intent from client to application by using intent-based networking across all networking domains: data center, campus, branch, WAN, and multicloud (Figure 2). Now you can bridge the gap between what your business needs and what your network delivers. Cisco’s intent-based networking solutions connect users from anywhere to applications and services wherever they are hosted.


Figure 2.           

Architecture and solution suite for Cisco intent-based networking

Table 1.             Cisco’s intent-based solutions

For the campus, branch, and extended enterprise

Use case

IBN solution/products



Automate your network

Solution: Cisco DNA Automation

Product: Cisco DNA Center

  Policy-based onboarding
  Zero-touch provisioning
  Software image management
  Process integrations with IT Service Management (ITSM) and IP Address Management (IPAM)
  Reduced human error and provide greater uniformity
  Quickly and simply onboard new devices
  Provide consistency for better network performance
  Streamlined operations

Assure network performance

Solution: Cisco DNA Assurance

Product: Cisco DNA Center

  Streaming telemetry and contextual data
  Complex event processing with analytics engines
  Correlated insights and contextual cognitive analytics
  Guided remediation
  Enable complete visibility into all network devices
  Troubleshoot and find anomalies instantly
  Accurately pinpoint root cause
  Provide single-click resolution and automation

Detect and mitigate threats

Solution: Cisco DNA Security

Products: Cisco® Identity Services Engine (ISE) and Cisco Stealthwatch®

  Enforced policy and compliance
  Multilayered machine learning
  Monitored streaming telemetry
  Encrypted Traffic Analytics
  Network Security Analytics
  Trustworthy systems
  Simpler and more secure user access
  Detection of advanced persistent threats
  Instant detection of zero-day malware
  Identification of security threats in encrypted traffic

Provide consistent wired and wireless policy from the edge to the cloud

Solution: Cisco SD-Access

Products: Cisco DNA Center and Cisco ISE

  Network and user segmentation
  Consistent management of wired and wireless network provisioning and policy
  Contextual data on users, devices, and network
  Network-to-IoT environments extended through policy segmentation
  Branch and data center integrations for end-to-end policy management
  Ability to secure users, devices, and applications with identity-based policy, regardless of location
  Anytime, anywhere workforce
  Reduced troubleshooting time and access to insights for decision making
  Deliver consistent user experience, whether wired or wireless, and across domains

For the WAN

Use case

IBN solution/products



Automate rollout of your network

Solution: Cisco SD-WAN with vManage

  Tamper-proof chips that enable zero-trust authentication
  Zero-touch provisioning for self-configuration
  Templatized configurations
  Centralized dashboard for monitoring the bring-up process
  Minimize need for advanced technology requirements
  Reduce burden on IT or avoid advanced technology requirements
  Eliminate rogue devices, with zero trust authentication
  Help large enterprises roll out thousands of sites in months

Assure network performance through visibility and intelligence

Solution: Cisco SD-WAN with vManage and vAnalytics

  Centralized monitoring and advanced analytics
  What-if analysis for different application scenarios
  App QoE scoring for priority applications
  Historic references for troubleshooting and correlating app SLA with network issues
  Policy recommendations for more intelligent handling of network traffic
  Use a centralized dashboard for management
  Rapidly troubleshoot and correlate problems
  Understand the context for underperforming apps, sites, and links

Provide corporate security and compliance

Solution: Cisco SD-WAN Security with vManage

  Ability to define corporate and other segments
  Definition of policies for mapping entities to segments and for moving across segments
  Monitoring of networkwide traffic analytics within segments
  Isolate corporate infrastructure from business partners
  Protect connectivity during M&A and divestitures
  Segment lines of business, subsidiaries, etc.
  Isolate guest wireless

Comply with application SLAs

Solution: Cisco SD-WAN with vManage and Cloud OnRamp

  Redundancy that mitigates failure correlation
  Centralized policies that specify SLAs for critical apps
  Continuous monitoring of link telemetry
  Direct Internet Access (DIA) with real-time optimization for critical SaaS apps
  Efficient access and optimization for SaaS
  Resiliency of critical apps during extreme failure scenarios
  Central visibility of critical apps and failure correlation

For the data center network and multicloud

Use case

IBN solution/products



Assure network availability

Product: Cisco Network Assurance Engine

  Continuous analysis and verification of the data center network against intent and policy
  Patented network verification technology to mathematically model and verify networks, and thousands of codified failure scenarios that run right out of the box
  Assures network security policies and checks for compliance against business rules
  Provides continuous verification, insights and visibility, and corrective actions

Provide policy compliance and enforcement

Solution: Data Center Analytics and Assurance

Product: Cisco Tetration and Cisco Network Assurance Engine

  Real-time awareness through streaming telemetry for policy violations
  Application and network policies defined with coarse and fine-grained segmentation
  Historical playback of detected deviations in network, servers, VMs, or remote sites
  Minimize operational and security risks
  Ensure fast and accurate policy compliance auditing

Enhance change management

Solution: Cisco Application Centric Infrastructure (Cisco ACI®)

Product: Cisco Network Assurance Engine

  Policy-based automation for reduced human error and greater uniformity
  Pre-change staging that predicts the impact of a change
  Post-change verification to help assure compliance with the desired state
  Simulated application behavior that predicts incidents that affect service
  Minimize risk of business-impacting outages
  Significant time reduction for IT operations
  Accurate migrations
  Assurance of change

Perform guided troubleshooting and remediation

Solution: Cisco ACI

Product: Cisco Tetration

  Continuous mathematical modeling alerts for more than 5000 codified failure scenarios
  Intuitive user dashboard that logs human-readable smart events of failed checks
  AI recommendation engine that highlights the exact problem and steps to fix it
  Faster mean time to detect and remediate
  Reduces number of low-quality IT help desk tickets


The Cisco difference

Only Cisco provides a complete intent-based network architecture with built-in network security, policy-based automation, and assurance across all domains, including data center, campus, WAN, branch, and cloud environments.

     Business agility. Through automation and open APIs, Cisco’s intent-based networking solutions are responsive to the changing dynamics expected in the digital economy. New business requirements can be captured and translated into network policy, so users and applications are quickly and securely onboarded.

     Simplified operations. Cisco’s intent-based networking solutions increase operational efficiencies and reduce operating expenses. Network operators can reduce the time spent on network design, implementation, testing, and troubleshooting. After network operators express intent, translation into policy and configurations is fully automated, with consistency and integrity checks.

     Continuous alignment of network to business intent. By using context and analytics to drive network assurance, Cisco’s solutions continuously validate policy alignment and otherwise recommend adjustments accordingly. By aligning policy across network domains we can activate intent end-to-end from users anywhere to applications anywhere.

     Compliance and security. The sophisticated security capabilities integrated throughout Cisco’s solutions provide advanced segmentation, consistent policy enforcement and rapid threat detection and containment even for encrypted attacks.

     Reduced risk. The abstractions, automation, and assurance available with Cisco’s solutions reduce operational risks, inconsistencies in the network, and network outages. Manual, error-prone processes are no longer the norm.

Multidomain integration

Campus. Branch. WAN. Data center. Cloud. With these traditionally siloed domains, organizations need a holistic network infrastructure strategy across the entire enterprise network.

It should be possible for IT and business intent to be expressed in one domain and then exchanged, enforced, and monitored across all of them. Today, Cisco provides a number of policy integrations between access, WAN, data center and multicloud domains.

For example, Cisco ACI and Cisco SD-Access policy integration maps Cisco ACI’s application-based micro-segmentation in the data center with Cisco SD-Access’s user group-based segmentation across the campus and branch. Now security administrators can automate and manage end-to-end segmentation seamlessly with uniform access policies – from the user to the application. With such segmentation, policies can be set that allow IoT devices to access specific applications in the data center or allow only financial executives and auditors to access confidential data. This is just one example of how Cisco solutions are enabling consistent multidomain policy segmentation and assurance for end-to-end alignment to business intent.

Getting started with intent-based networking

IT teams can begin their journey to a complete intent-based networking model by deploying solutions that address their most pressing use cases in one or more network domains. This could mean getting started with any one of the use cases described in this document, or any other use case that drives clear IT and business outcomes. To find out more about intent-based networking and the associated Cisco solutions go to https://www.cisco.com/go/ibn.

Cisco Services

Cisco Services help you accelerate network assurance, gain analytical insight, improve productivity, and lower risk by leveraging Cisco’s unique expertise, best practices, innovative tools, and business and IT insights.

Learn more

     Get started on your intent-based networking journey at cisco.com/go/ibn.

     Ask your sales representative for intent-based networking demos.

Learn more