Introduction to Intent-Based Networking
Intent-Based Networking has emerged as a new paradigm in network automation, promising to simplify network configurations, reduce cost and ensure agility in managing complex enterprise networks. The idea is to allow the IT user to express an “intent” as what they want the network to do, and rely on an Intent-Based Networking System to execute network configuration changes based on that intent and verify that the intent was executed properly. However, not all Intent-Based Networking Systems are the same and many only deliver on a portion of this promise.
Only GluwareⓇ Intelligent Network Automation’s orchestration engine is able to consume abstracted network “intent”, configure multi-vendor, multi-domain networks, and verify that the correct changes with verification.
Defining Intent-Based Networking
While there is no true single standard specification for Intent-based Networking Systems, use the term to describe their offerings and the networking community is left to sort of the differences between the reality and the hype. To help bring clarity to the cause, Gartner produced an “Innovation Insight: Intent-Based Networking Systems” paper on the topic, published in February 2017 ID: G00323513. Gartner defined an Intent-based Networking System as one that provides four capabilities:
Translation and Validation – The system takes a higher-level business policy (what) as input from end users and converts it to the necessary network configuration (how). The system then generates and validates the resulting design and configuration for accuracy.
Automated Implementation – The system can configure the appropriate network changes (how) across existing network infrastructure. This is typically done via network automation and/or network orchestration.
Awareness of Network State – The system ingests real-time network status for systems under its administrative control, and is protocol- and transport-agnostic.
Assurance and Dynamic Optimization/Remediation – The system continuously validates (in real-time) that the original business intent of the system is being met, and can take corrective actions (such as blocking traffic, modifying network capacity or generating notifications) when the desired intent is not met.
Most industry coverage on the topic seems to agree on these four main attributes, yet many of the current solutions do not address all four. Also, there is some debate as to “how high” the level of intent should be – is it really a business requirement/policy or is it more specific network requirements that are automatically executed.
What is the current state of Intent-Based Networking systems?
Many solutions coming to market are using “intent-based” in their marketing material, but are not living up to the capabilities. Solutions are falling into three main categories:
- Data-plane and control-plane validation solutions They analyze the current state of the network using device configuration and drive the operational state, or pull state tables like Forwarding Information Base (FIB), Routing Information Base (RIB) and others. Using this information the validation solutions can predict the network forwarding behavior and perform various “what if” scenarios to check changes before implementing on the network. Most solutions in this category are “read-only” and do not actually implement automated changes on the network.
- Greenfield Intent-Based Networking systems They are generally narrow in scope, like a data center-specific solution, or a SD-WAN solution and are very prescriptive. While they meet the criteria of IBN, the practicality of implementation is limited due to the narrow focus and need to rip-and-replace the existing network or completely re-write the configuration on every network device which is highly disruptive.
- Intelligent Intent-Based Networking systems Gluware, as an example, provides the ability to ingest the current network device information, configured features along with the policies. The ability to automate the “brownfield” network is critical to large enterprises who are supporting multi-vendor, multi-platform networks that evolve over time. Gluware provides the ability to abstract configuration information, automate the implementation, understand the current configuration state and only apply the required changes and validate the configuration and operational state.
How Gluware measures up
Gartner IBNS Capability
|Translation and Validation||Gluware can abstract to the demands of any use-case, from a business intent, to a low-level configuration variable. Gluware takes input from the user and is able to validate the resulting feature/change and upon provisioning dynamically generates the required CLI/API to achieve the desired network configuration state.|
|Automated Implementation||Gluware leverages a powerful orchestration engine to perform discovery (current state), analysis, validation and provisioning of the feature/solution across all (multi-vendor, multi-domain) network nodes. Gluware can supports variables and conditionals to automate complex scenarios.,|
|Awareness of Network State||Gluware has two features to capture the real-time status of the network state: Discovery engine is run for each network node before provisioning – to determine the current configuration state and perform declarative provisioning to align to run-time configuration with the desired state; and an optional State Assessment, which can run any “show” command to examine and validate the state of a device, protocol or interface.|
|Assurance and Dynamic Optimization/Remediation||Gluware is vendor-agnostic and is able to model any network feature including those for traffic control and others that implement assurance so that dynamic remediation is achieved at the network level. Gluware Config Modeling can be triggered to restore the network to the desired state at any point, and run Config Drift and Audit on an ongoing basis to ensure the network is as expected and in policy.|
How Gluware Intent-based Networking makes everyone's job easier
- Meet strategic business goals
- Stay ahead of ever-changing business demands
- Reduce costs and avoid unnecessary expenses
- Reduce or eliminate outsourcing costs
- Reduce training costs and the need to make every network engineer a programmer
- Leverage existing work and skillset
- Automate low-level tasks and end-to-end processes
- Deliver innovation with security and agility
- Roll out and democratize automation across entire IT team
- Move past basic CLI and time-consuming scripts
- Tailor automation and orchestration to your specific networks
- Trust the insights you derive from your network discovery
- Make the most of DevOps resources
- Improve your overall ability to manage complex networks
- Avoid team RGEs (resume-generating events)
- Stay on top of your network from Day0, Day1…
- Better experience with the network
- Confidence in using the network
A Deeper Dive Into Gluware Intent-Based Networking
The following capabilities make Gluware uniquely qualified to solve the network automation challenges for the largest enterprise networks in the world:
- Network Discovery Seeded with one network device, Gluware is able to crawl the ARP, CDP and LLDP tables to discover and learn the IP addresses of all devices connected to the network. It then interrogates each device imports the details into the Gluware Device Manager app and begins automating the devices. Devices can also be imported, added manually, or added via RESTful API.
- Configuration Drift Monitoring Gluware has the ability to monitor network devices for configuration changes and highlight exactly what changes have been made. This can help to minimize troubleshooting when asking “what changed”, but more importantly it gives network operations the insight to know what is changing most often and should be automated to minimize manual errors.
- Configuration Audit Using Gluware’s Config Audit, policies made up of required commands or forbidden commands can easily be created with vendor native CLI and regex. First performing some extensive audits of the configuration state of the network will help to highlight the need for the definition and implementation of consistent policy-based automation.
- Data-model driven Every data set within Gluware is stored in a data-model. This enables Gluware to treat the network infrastructure as code and perform network-wide policy-based enforcement to establish and maintain the desired state.
- Declarative The Gluware orchestration engine has the ability to read the current state of each feature being automated, compare current state to the desired state and make the changes necessary to result in the desired state. This includes only making the changes necessary as well as removing configuration statements that are not in policy.
- Config Modeling A powerful capability Gluware offers is the ability to break-down and convert existing CLI based configuration and convert them to data-models for policy-based automation. Config Modeling enables the ability to automate a minimal set of protocols, like AAA, DNS, SYSLOG, SNMP, NTP – or the entire network configuration. Config Modeling is capable of automating highly complex network configurations including SD-WAN and EVPN which involve network-wide policies for underlays, overlays, certificate management and more.
- Intelligent Model Discovery A Gluware automated workflow which enables a user to connect to a reference networking device, like a branch router, or top of rack switch, and read in all the configured features and the configuration policy. Once in the Gluware, these features and policies can be used to automate policies of like devices network wide.
- State Assessment Using Gluware, operators can define any “show” command to look at any operational state including any protocol state or interface state. Once captured, a query can be defined to check the output for validation. State assessments can be used for troubleshooting procedures, pre-checks and post-checks for automating configuration changes and operating system changes.
- RESTful API Gluware provides a published RESTul API called GluAPI which enables programmatic interface for the Device Manager, Config Drift and Audit and Config Modeling.