Seven tips for choosing intent-based networking

In recent years, intent-based networking (IBN) has attracted widespread attention in the IT field. IBN is the automation of the process of ensuring that the high-level intent and policy requirements of network operators are consistent with the design and configuration of the entire network. After the partial success of software-defined networking (SDN) in simplifying cloud deployment and virtual networks, IBM's vision stems from the need for greater network automation.

By definition, IBN automatically analyzes and fixes network faults and intelligently automates network design and configuration updates.

The main challenge in delivering IBN solutions is the layered intelligence that is required for the system to design error-free networks and map behaviors to high-level requirements. This requires replicating the knowledge of experienced network operators in diagnosing and troubleshooting problems or designing network architectures. Implicit is the heavy use of artificial intelligence/machine learning (AI/ML) in many solutions.

There are generally two methods (subcategories) of IBN:

• Starting with policy requirements and intent, how do you properly design and configure your network?
• Given an existing network, how do you verify that all policy requirements are currently implemented and enforced (or which ones are not)?

[[276267]]

Here are the key trends, use cases, and best practices for enterprises as they think about engaging with emerging IBN technologies.

Data Point 1: Validation of Testing Top

While network testing remains important, it has traditionally been limited to a limited number of test scenarios, limited lab environments, and not at scale. Enterprises using IBN are moving toward more thorough and sound analysis of network validation. Validation is a mathematical analysis of network design and behavior that can derive and detect potential policy violations or vulnerabilities in any potential scenario. If a situation exists that triggers a policy violation, validation can proactively find it. Validation methods are new to networking and are different from validation techniques that have been applied to software, integrated circuits, rocket design, and more.

Data Point No. 2: Behavioral Analysis

What is validated with IBN is the exact alignment of your "intent" with the underlying design of the network. IBN provides the ability to reason about the end-to-end behavior of the network and compare it to defined policy statements (intent). The end-to-end behavior is closely tied to IT's intent, such as what type of traffic can flow on various network segments, which subnets should be validated for isolation, how many redundant paths should be available for specific application flows, and so on. Analysis is never provided by network devices that only understand their local traffic handling responsibilities and how to direct traffic to the nearest neighbor.

Data Point No. 3: Search and Repair

Understanding where the network design deviates from the expected behavior is critical to automating the search for configuration errors and correcting trouble tickets. Rather than looking for a needle in a haystack, searching through potentially hundreds of devices, various configuration files, and lines of code, IBN analytics can frequently identify which devices (or even which lines of code) are causing the deviation from the defined intent.

Data Point No. 4: Compliance Checks and Audits

Similarly, IBN can quickly search through a long list of compliance-related checks to audit the overall health of the network to identify configuration errors that may be difficult to identify before they cause outages. IBN systems have a comprehensive understanding of the complex dynamics of the network and can quickly scan for information such as IP address uniqueness, MTU mismatches, VLAN inconsistencies, downlinks, forwarding loops, etc.

Data Point No. 5: Change Tracking and Documentation

An IBN system must create and maintain a working analytical model of the network in order to reason through the validation process and check policy consistency. It is natural to leverage this network model to track and compare network changes and behaviors over time. Few large enterprise networks have up-to-date detailed accurate documentation for all devices, configurations, topology diagrams, and corresponding intent. Visio diagrams have been state-of-the-art for some time. But now, an IBN system can simply store and record the network design and behavior at that time, allowing not only the latest analysis, but also the ability to roll back the software to a previous date to compare changes in design and behavior.

Data Point No. 6: Predicting the Future

With validation, enterprises are able to proactively head off potential network issues, the first time a thorough and rational network analysis is performed from start to finish. Depending on the IBN system, changes to the network design can be proposed in the IBN software model and analyzed for how these changes will affect future network behavior and consistency with all future defined policies. This is one of the most advanced requirements and IT processes in IBN, as it involves the greatest degree of applied intelligence and reasoning. But for certain changes, this can be a real benefit to the organization, helping to speed up change windows and validate proposed updates, especially for firewall/ACL rules, NAT services, etc.

Data Point No. 7: Open, Scalable Systems

A typical IBN platform consists of at least two major components, an AI/analytics engine and a data model of the underlying network. Because the interesting queries that can be analyzed for large networks (any behavior, network state, operational status) are essentially limitless, enterprises are looking to leverage the underlying software model of the network (essentially a large database) to build their own applications, embed the results into custom dashboards, or define their own custom network health and policy checks. Limiting access to this novel data to the specific capabilities of a single IBN platform is frustrating to many. As a result, leading IBN platforms are able to leverage open and well-defined data models so that enterprises can quickly build their own capabilities, often using scripting languages ​​such as Python, rather than using a normalized, vendor- and device-agnostic data model that represents the current network.