If you haven’t heard about the benefits of intent-based networking, they include helping networking pros bolster user experience and reduce network management headaches.
We’ve heard about it, but do we really understand it? What is intent-based networking, and what are the benefits of intent-based networking for infrastructure management and the business as a whole?
Could intent-based networking (IBN) be the answer to the strain of managing network infrastructure? In what follows, we will explore what IBN is. Then we will cover how IBN can help your business innovate, be more flexible and escape the chains of hardware-based network management.
Let’s begin with a story. It’s 2 a.m. and you’re asleep comfortably in bed when your phone texts a series of alerts about your company’s network. Now you’re awake. As the on-call network engineer, it’s your responsibility to ensure the security and performance of the network. It turns out the primary link in one of your remote branches has reached 100% capacity. All the traffic must be rerouted to the backup link that is sitting idle, waiting for a moment like this. You manually change the routes to the backup link, which incidentally has four times the bandwidth of your primary wide area network (WAN) link. Things are stabilizing, applications are up and running, and you verify that the network is functioning properly. But frequent network alerts lead you to question whether the network is operating optimally. There’s got to be a way to exploit all available links and bandwidth to ensure that applications are working and that users have the best possible experience.
This is where software-defined WAN (SD-WAN) comes into play. SD-WAN gives us the flexibility to exploit all available bandwidth and links. This allows us to change the focus from routing packets to protecting applications. It provides greater flexibility to build policies that safeguard the applications, which ultimately affect an end user’s experience. This reflects an industry-wide shift to protect and enhance the user’s experience. Now we’re getting closer to understanding the true, strategic benefits of intent-based networking.
But let’s explore this through another scenario. On Monday morning, you are at your desk. Suddenly a colleague appears, complaining that the wireless network isn’t working. Upon further investigation, you learn that only a single user has been affected. And that issue was last Tuesday at 3 p.m. Typically, we receive such network alerts and have to chase the chain of possibilities. This means we usually log in to a wireless access point or controller, then hop over to a switch and then possibly to another switch or two, looking through the logs and interface statistics to try to determine the cause of the trouble. Often, the issue is fleeting, which means it’s hard to replicate, troubleshoot and resolve. Instead of going through all this labor-intensive and time-consuming troubleshooting, imagine if we could immediately identify the problem and automatically resolve it.
“Imagine if we could immediately identify the problem and automatically resolve it.”
A common example of a workflow in an IBN environment is this: A help desk ticket comes in, describing what was affected from the perspectives of the user, device and building. Using the tools available, we can see that the user was unable to get onto the wireless network because there were was no Dynamic Host Configuration Protocol (DHCP) address available. It turns out that this was due to the DHCP scope being full and not having available IP addresses to hand out. Guided remediation steps are now automatically provided to fix the issues. In this case, one remediation step is as simple as expanding the DHCP scope. Automatic remediation of problems prevents this kind of issue from affecting user experience in the first place.
One of the most common use cases for IBN is simplifying security within the campus LAN environment. Myriad devices join a network every day. With this influx of devices, security must be taken seriously. It is imperative to properly segment a network such that certain devices cannot have access to other devices in the environment. A great example is the segmentation of manufacturing plant floor devices (Internet of Things devices) from employee finance or human resources records. This type of segmentation is necessary for regulatory compliance as well as a safety net to prevent the network from being compromised. Network security is not easy—another reason why intent-based networking has become a critical network management tool.
Layer 3 security is often handled through extensive access list entries. These entries grow complex and untenable, sometimes ranging into multiple thousands of lines of configuration. What if we could stop relying on IP addresses and subnets to build our security policies? What if, instead, we could build our next generation security policies based on identity? Now we can.
Today we can signify the intent of our policy in software and based on the identity of a device, user or group, and a policy can be enforced dynamically across the entire environment. This end-to-end policy can stretch across a campus local area network, WAN and even extend into an on-premises data center.
With intent-based networking, gone are the days of relying on IP addresses or VLANs to construct critical policies. The difficulty of keeping track of all the IP addresses and their mappings was one of the most complicated parts of creating and managing network policies.
This concept also applies to the fair treatment of our applications. The ability to classify applications based on business relevance and apply preferential treatment to specific applications, changes how we think about quality of service (QoS) throughout the network. Within this new environment, we can protect business-relevant applications, such as voice, by ensuring that the application is protected throughout an entire environment, all with a single-configuration transaction. This means that QoS can be configured automatically based on the application on all the different components in a campus LAN environment. This includes routers, switches and wireless components.
The benefits of intent-based networking are really about making our lives easier—as networking engineers, but also as users. It’s about simplifying operations, freeing time spent on complex troubleshooting and automating the mundane daily tasks to manage the network. With IBN, customers will find that they can spend more time focusing on strategic matters such as innovation, competitive differentiation and how to exploit technology to innovate.
Jason Gooley is a technical solutions architect at Cisco.