IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
Networking is experiencing a paradigm shift due to IBN
Tue, 31st Jul 2018
FYI, this story is more than a year old

Networking is on the brink of a paradigm shift with the introduction of Intent-Based Networking (IBN). This technology promises to deliver more agile networks with fewer issues across heterogeneous devices, which in turn offers benefits of reduced opex, continuously optimised performance, better compliance and better user experience. IBN can do this because it drives the network configuration algorithmically so it can respond faster and scale larger than a human operator.     

IBN is an automated tool that helps network engineers plan, design and operate networks to improve agility and availability. It allows the administrator to move away from configuring their desired outcomes in esoteric device-specific command lines, and instead use a natural language or graphical interface to express their intent.

For example, they may want to prevent members of the engineering group from accessing sales data, or they may want to ensure there are always two separate paths between servers. Recent advances in formal verification techniques and modelling languages such as YANG have enabled IBN to become a practical solution to answer the question, “Is my network configured correctly?

The key to IBN is the continuous cycle of verification and remediation that constantly checks the configuration meets the intent and makes corrections in real-time.

IBN consists of a number of components, each of which delivers benefits:

  • Management Dashboard to configure the system (express the intent) and monitor operation. Although IBN's purpose is to run the network autonomously, human intervention will be required (and desired) for some time to come.
  • Intent Translation takes the “what” and translates it into the “how”. Typical interfaces are either menu-driven graphical or a more sophisticated natural language option.
  • Network Verification proves that that translated configuration will deliver the desired intent with no security or reliability issues. This component uses formal verification tools to mathematically test and exhaustively prove that the configuration is correct.
  • Remediation reacts to changes in real-time (e.g. if a link fails, or a device goes offline). Capable of learning from past incidents and network best practices, using Machine learning (ML), it is able to apply corrective actions to a wide variety of network issues. This is the newest area for IBN development and although great progress has been made, experts agree that for some time, humans will still be required to approve the corrective actions suggested by a remediation engine.

Ultimately technology is required to deliver IBN and examples of technology that is intended to make networking easy, reduce cost and improve security include Secure Enterprise SDN and Software-Defined WAN's (SD-WAN).

  • Secure Enterprise SDN (SES) is a smart application that blocks security threats right at the edge of the network. It works in tandem with the corporate firewall to identify the source of internal threats and isolate suspect devices before they can infect other parts of the network. SES integrates with AMF to enable direct control of edge devices.
  • Software-Defined WAN (SD-WAN) is becoming an accepted solution to automatically manage and aggregate multiple WAN connections, and save costs as a result. It enables the network to be defined in terms of applications and priorities, rather than network protocols, which makes it partly “intent-based”. As such, it is easier to configure than other WAN technologies, and because it monitors and reconfigures connections automatically, it is able to optimise WAN links for the best experience and the lowest cost.

Arguably, the largest benefit of the IBN solution comes from the formal verification of the network configuration by the Network Verification component. This verifies that the network configuration meets the intent and ensures there are no security breaches or policy violations (e.g. no single points of failure).

Article by Allied Telesis contributor