A network like a boyfriend: A study of intent-based networking systems from Gartner

Intent-based networking is just getting started, but it could be the next big thing in networking because it promises to improve network availability and flexibility, playing a key role as organizations transition to digital business.

[[240628]]

1. Overview

1. Key points

• Compared with traditional methods, intent-based networking systems (IBNS) provide a new way to build and operate networks that improves network availability and flexibility.
• IBNS provides lifecycle management for network infrastructure, including design, implementation, operation and assurance.
• Intent-based networking systems provide mathematical verification that business intent and network configuration are in sync, and can dynamically take real-time actions when they are out of sync, which enables a tighter alignment between network infrastructure and business initiatives.
• IBNS is a very early technology with few real implementations showing results quantitatively. It won’t become mainstream before 2020, but solutions are emerging that can provide value to businesses today.

2. Recommendations

I&O *** Planning, procuring, and managing network infrastructure should:

• When purchasing new network infrastructure, it needs to support open RESTful APIs to enable integration in intent-based systems.
• Pilot intent-based network solutions by deploying them in phases over time rather than implementing them all at once.
• Budgets for intent-based networking solutions need to be invested in improved network flexibility and increased network uptime.

2. Strategic Planning Concept

By 2020, more than 1,000 large enterprises will use intent-based networking systems in production, up from fewer than 15 today.

1. Definition

A complete intent-based networking system provides four functions:

• Transformation and Validation - The system takes higher-level business policies as input from the end user and transforms them into the necessary network configuration. The system then validates the correctness of the generated design and configuration.
• Automated implementation - The system can configure the appropriate network across the existing network infrastructure. This is usually done through network automation or network orchestration.
• Awareness of network status - The system provides real-time network status for systems under its management control and is protocol and transport agnostic.
• Assurance and Dynamic Optimization - The system continuously verifies (in real time) that the original business intent of the system is being met, and can take corrective action (such as blocking communications, modifying network capacity, or notifications) when the desired intent is not being met.

Ideally, an intent-based system is agnostic to vendors and network architectures. However, some vendors implement specialized intent-based solutions that work only with their own components. A complete intent-based networking system (IBNS) should include these four components. It should be noted that:

• Implementation does not require all of these features to be enabled at the same time. In fact, we recommend implementing these features incrementally on Day 1 rather than all at once.
• A particular vendor might only address some of these four capabilities but still be an intent-based system.

2. A new way to network

IBNS is a radical departure from the way enterprise networks are managed today. Currently, conversions are manual and lack algorithmic validation. Furthermore, the percentage of automation for network changes is well below 26%. Furthermore, network reliability is also a highly manual process, while dynamic optimization of network infrastructure is rarely observed.

3. Description

Intent-based networking systems can monitor, identify, and respond to changing network conditions in real time (see Figure 1). We expect intent-based networking systems to be delivered as software-based products that can be run on-premises or via SaaS. High-level business intent can be entered into IBNS directly through a portal or through third-party systems that leverage APIs to IBNS.

IBN is a process that converts business intent into whether and how changes are made on the network. Before deployment, it generates the network and proves the "correctness" of the network configuration through algorithms.

Next, if necessary, IBNS can make necessary changes to the underlying network. Meanwhile, throughout the process, IBNS obtains information about the network through multiple sources (such as monitoring systems) and constantly understands the current state of the network. Therefore, the system constantly compares the actual status of network operation with the expected state. If the network status is inconsistent with the original intention, IBNS can take corrective measures.

Figure 1. How IBNS works

4. Network middleware vs Human middleware

Essentially, IBNS provides network middleware to replace the intelligence that was previously available only from network engineer architects. Intent-based networking systems are driven by complex algorithms that translate business intent into network configuration. Algorithms are key to this process because they "capture knowledge efficiently and work at a speed and scale that humans cannot match."

Therefore, IBNS differs from traditional design and implementation approaches because they do not rely entirely on senior network personnel, such as architects or engineers, to translate business requirements into high-level designs and detailed implementation plans.

3. Benefits and Uses

Gartner believes that the biggest benefit of IBNS is improved network flexibility and availability, and support for unified intent and policy across multiple infrastructures. This is because IBNS generates the following configurations:

• Algorithm validation is performed before deployment to ensure correctness. This reduces errors and misconfigurations that lead to network outages.
• Automated orchestration reduces errors and is faster than today’s largely manual configuration processes.
• Continuous validation in real time allows for detection of outages, leading to faster problem resolution.
• Maintain consistency across heterogeneous infrastructures, including on-premises, colocation facilities, and cloud provider infrastructure.

We believe that a full IBNS implementation can reduce network infrastructure delivery time by 50% to 90%, while reducing the number and duration of outages by at least 50%.

In addition, IBNS provides several other specific benefits, including:

• Reduced operating expenses (opex) - The operational expenses associated with managing the network can be reduced and can free up senior network resources to focus on more important strategic tasks.
• Performance Optimization - Intent-based algorithms can provide better traffic engineering compared to traditional approaches such as routing protocols. This can improve application performance.
• Reduced dedicated tool costs - Intent tools can circumvent the costs of other related network infrastructure tools because automation and orchestration are embedded in IBNS.
• Better documentation - IBNS provides real-time self-documentation, which also includes the rationale behind design and configuration decisions.
• Improved compliance - Intent-based systems simplify the audit process due to algorithmic correctness of configuration, direct mapping to business intent, combined with dynamic real-time validation.

The concept of an intent-based networking system is abstract. Here is a practical example of how it can be implemented.

1. Example 1: Real-time application-centric WAN performance based on existing WAN

In this case, the business requirements for branch applications are as follows:

• From a usability perspective, the point of sale (POS) is the most important traffic.
• Voice quality is very important and the best WAN path should always be used.
• All business applications take priority over recreational Internet browsing.
• In case of congestion, POS, voice and inventory management systems must be prioritized.

These policies are fed into a UI that converts them into network policies. These policies are then configured on the organization's WAN infrastructure. At the same time, the organization's WAN edge infrastructure (routers, SD-WAN, WAN optimization controllers, etc.) sends diagnostic information (such as current network conditions and circuit status on branch devices) to the intent-based system. Therefore, the system will track the current status of the WAN path as well as application performance. The system can then continuously verify in real time that the policies/SLAs determined above are met. Due to network conditions, such as power outages, congestion, etc., if the above policies are not met, IBNS can take corrective actions, such as rerouting traffic, abandoning all entertainment traffic.

2. Example 2: Data Center Network - New Leaf/Spine Network

In this scenario, the business requirements are:

• The 1,200 production servers had to be highly available, even during network outages and maintenance.

The resulting technical requirements are:

• All production servers will be configured with the Class 1 availability profile.
• Single points of failure in the network switching infrastructure do not impact availability or performance.

Based on the technical strategy, the resulting Leaf/Spine configuration has a 3:1 oversubscription with N+2 spine switches. Equal-cost multipath (ECMP) routing will provide multipathing and failover. Each server is connected to two spine switches with sufficient links/bandwidth to carry all traffic in the event of a Leaf switch or network interface card failure. All server port access control lists comply with the required segmentation rules. The system will then generate a bill of materials, cabling guides, and device profiles for each device. Once implemented, IBNS will test the network to verify that it has been deployed correctly, and will then monitor continuously to ensure continued compliance with business policies.

3. Adoption rate

We anticipate that it will be a practical move to tie the adoption of intent-based networking to a network refresh plan. Early rollouts may only apply to well-defined, specific use cases, such as Leaf/Spine data center structures or WAN edge infrastructure. Furthermore, we recommend enabling different intent subcomponents gradually.

Similar to IBNS is IDS/IPS technology. In early IDS/IPS deployments, while traffic reduction is possible, most organizations start by implementing only detection capabilities and then gradually add prevention/blocking measures. Similarly, for early IBNS implementations, organizations can start by only verifying policy/intent. The next step may be human approval of the policy (and perhaps automation after approval), followed by long-term acceptance of some form of dynamic, automated self-remediation.

We expect the number of commercial enterprise deployments to remain in the tens through the first half of 2017 and to be in the hundreds by mid-2018. By the end of 2019, we estimate that more than 1,000 enterprises will be using intent-based networking systems in production.

4. Why?

For 15 years, IT vendors have been promising dynamic, self-configuring/self-optimizing infrastructure. However, for most enterprises, this promise has remained largely unfulfilled. That said, Gartner believes that intent-based networking systems will gain adoption in the next two to three years for the following reasons:

• Technological advances in computing power, algorithm development, and machine learning have made advanced algorithmic learning/modeling more feasible than in previous years
• Limiting the problem to the network scope reduces the scope of the problem compared to previous iterations that attempted a broader IT-wide or datacenter-wide solution.
• The growing need for network flexibility in digital transformation initiatives is driving enterprise demand for this capability
• Increased competition for traditional IT in the form of cloud providers, which can deliver services to enterprises faster than enterprise IT can

5. Arguments against adoption

The contrarian view that intent-based networking will never reach mainstream adoption is based primarily on:

• The technology may not be feasible in mainstream technology - that is, the product may not work properly.
• A 15+ year history of mostly incremental change in enterprise networking does not bode well for major paradigm shifts.
• Network automation alone may provide “enough” network flexibility/availability to bypass the need for on-premises enterprise services or reduce the value of IBNS.

IV. Risks

There are multiple risks associated with this technology, many of which are immature. As of Q1 2017, we estimate that fewer than 15 organizations worldwide have deployed a complete intent-based system in production. As such, it remains unproven. These factors could limit adoption and cause vendors to not continue to invest in solutions in the long term. Specific risk factors are described below.

1. Technical feasibility

IBNS relies heavily on algorithms to understand enterprise networks as well as human intent. These algorithms have not been proven in a variety of enterprise network implementations or use cases. As a result, IBNS may not be able to address scaling issues across a variety of scenarios.

2. Suppliers are immature

Many of today’s pure-play intent-based networking vendors are smaller startups that may lack the financial resources to sustain themselves in the market over the long term.

3. Risk avoidance

Intent-based networking is radically different from traditional networking practices, requiring network personnel to “trust” machine-generated algorithms. However, the risk-averse culture ingrained in network teams promotes a preference for incremental changes that are deemed “safe.” As a result, IBNS may never be deemed secure enough to gain traction in the market. Furthermore, early implementations may fail, increasing avoidance of intent-based systems.

4. Intention Cleansing

We expect to see significant "intent washing" just as we see cloud and SDN vendors looking for ways to create continued word-of-mouth about existing products. In this case, vendors sell products as intent without having the necessary functionality. As a result, enterprises invest in them but may not get the full benefits of IBNS.

5. Network Center

IBNS is inherently focused on the networking domain. IBNS has limited (or no) awareness and control over storage and compute infrastructure, which are key components of application infrastructure. This may limit the value of IBNS and slow the adoption of the technology. However, intent-based server and storage systems may emerge in the next two to three years, perhaps applying transformation capabilities to dynamic optimization technologies.

V. Evaluation Factors

When evaluating vendors that provide intent-based networking capabilities, enterprises should consider the following criteria:

• Ease of use – How smart is the intent engine at understanding business policy? Is the product easy to install and use on a day-to-day basis? Is the user interface intuitive? Are there pre-built use cases that would be helpful in my environment?
• Flexibility - Can the system be customized to meet specific business needs in your environment? Or will the system require you to modify existing processes or technology?
• Integration/interoperability – How well does the IBNS interact with existing infrastructure, systems, and tools (e.g., help desk, billing, and/or provisioning systems)?
• Openness - Does the vendor's solution operate in a multi-vendor environment, or does it require all network infrastructure to come from a single vendor? Does the solution use open interfaces and APIs? Does it comply with industry standards?
• Migration/Deployment Options - Does the system have a monitor and learn mode or a demo mode to gradually enable and/or "burn in" and learn the environment?
• Network scope – What parts of the network are covered? Is it just the data center network, the WAN, the campus, the wireless LAN (WLAN), or multiple? Does the vendor’s solution extend to public cloud infrastructure?
• Completeness – Does the vendor’s solution cover all four aspects of IBNS (conversion, implementation, state awareness, and assurance), or just some of them?
• Cost – How much does the solution cost and how will it be licensed (financial, operational)?

6. Technological Alternatives

Intent is a new way to plan, design, implement, operate, and optimize networks, and there is no direct alternative that solves the problem in the same way. However, there are many alternatives that can provide some of the benefits of IBNS, including:

• Middleware - The status quo is that high-level network resources manually translate business intent into designs and drive configurations.
• Network Automation - Network automation tools automatically maintain virtual and physical network device configurations, thereby reducing costs, reducing human error, and improving configuration policy rationality.
• Network Orchestration − Network orchestration entails modifying or coordinating network components in a centrally managed, policy-driven, workflow-based, and automated manner.
• SDN - Software Defined Networking is a network architecture that brings a level of flexibility to the network similar to the flexibility that abstraction, virtualization, and orchestration bring to server infrastructure. IBNS can be the application that drives the SDN controller.

It should be noted that IBNS supports automation, orchestration, and SDN capabilities; therefore, these are also complementary technologies. Outside of the networking realm, there is a related technology known as dynamic optimization.

Figure 2. Intent-based and alternative approaches

VII. Representative Provider

Several companies offer intent-based capabilities, ranging from complete systems to key components of intent. Over the next 18 months, we expect several vendors to enhance their offerings to address a wider range of IBNS capabilities. Here are a few relevant players in this space:

• Apstra addresses several aspects of intent in multi-vendor data center network environments with the Apstra Operating System (AOS).
• Cisco – We expect Cisco to deliver intent-based capabilities across its product portfolio, including Cisco ACI, CloudCenter, and Tetration.
• Forward Networks has a platform that ingests data, builds models of network status, and provides assurance to business policies.
• Juniper Networks has described its vision for delivering self-driving networks based on its Contrail orchestration software, which we expect will provide IBNS capabilities.
• Veriflow addresses the use case of improving network uptime and network security and can be a key component of intent-based networking systems.
• Waltz Networks addresses several aspects of intent, focusing on WAN use cases.
• SD-WAN Vendors - Multiple SD-WAN solutions offer a variety of capabilities that can be used as part of an intent-based networking system. Most SD-WAN solutions offer automated enforcement, network status awareness, and dynamic optimization/remediation capabilities, and we expect vendors to add business transformation services over the next 18 months.
• Network management/orchestration vendors – We expect a portion of existing network management/orchestration specialty vendors to either deeply integrate their products with the broader IBNS or focus on creating broader IBNS offerings.
• Communications Service Providers (CSPs) and Open Source - A number of CSP companies and open source projects are developing IBNS that can go directly into enterprise accounts or be embedded into CSP service offerings.