Cisco Assurance services verify intent-based networking
Cisco has advanced its intent-based networking plans with a layer of analytics that verify compliance with policies. The new Cisco Assurance is tied to the company's SDN platform.
Cisco has introduced a policy-centric layer of network analytics for the data center, campus and the wireless LAN, providing customers with additional intelligence to pinpoint problems and fix them. The latest technology represents a significant advancement in Cisco's march toward intent-based networking.
Cisco's Assurance analytics, launched on Tuesday, focuses on the nonpacket data the company's Tetration network monitoring and troubleshooting software doesn't cover. Unlike Tetration, Assurance keeps tabs on policies created in Cisco software to control the network's infrastructure, such as switches, firewalls and load balancers.
Cisco Assurance is the latest step in the company's intent-based networking (IBN) initiative, which is centered around creating policies that tell software what an operator wants the network to do. The application then makes the infrastructure changes.
The engine behind Cisco Assurance services
Cisco's latest layer of analytics for the data center is called the Network Assurance Engine, which Cisco has tied to its software-defined networking (SDN) architecture, called Application Centric Infrastructure (ACI). The new technology is virtualized software that network operators deploy on any server.
Once installed, the software logs into the ACI controller, called the Application Policy Infrastructure Controller (APIC), which shares network policies, switch configurations and the data-plane state with the Assurance Engine.
At that point, the software creates a map of the entire ACI fabric and then builds a mathematical model that spans underlays, overlays and virtualization layers. The model establishes the network state, which Assurance compares to what operators want the network to do based on policies they've created.
"If a network engineer used flawed logic in expressing intent, the Assurance Engine would find that flaw when the intent is translated to network state," said Shamus McGillicuddy, an analyst for Enterprise Management Associates, based in Boulder, Colo.
Other vendors, such as Forward Networks and Veriflow, also build models of network state and then perform analytics to spot discrepancies with a network operator's intent. Cisco's differentiator is the integration with its APIC policy controller, which creates a closed-loop system for ensuring operator intent matches network state, McGillicuddy said.
Knowing where an engineer's policies have "gone off the rails" is a big help in keeping networks running smoothly, said Andrew Froehlich, the president of consulting firm West Gate Networks, based in Loveland, Colo. "For network administrators, this is a huge win, because it will help them to pinpoint where problems are occurring when people start shouting the network is slow."
Cisco has tied the analytics engine to a troubleshooting library of what the company has identified as the most common network failure scenarios. As a result, when an engineer makes a change to the network, the Assurance Engine can determine, based on its knowledge base, where the modification could create a problem.
Initially, the Assurance Engine will cover only the Nexus 9000 switches required for an ACI fabric. Later in the quarter, Cisco plans to extend the software's capabilities to firewalls, load balancers and other network services from Cisco or partners.
Cisco Assurance services for the campus
For the campus, Cisco has added its new analytics engine to version 1.1 of the Digital Network Architecture (DNA) Center -- Cisco's software console for distributing policy-based configurations across wired and wireless campus networks. DNA Center, which costs $77,000, requires the use of Cisco Catalyst switches and Aironet access points. Companies using DNA Center have to buy a subscription license for each network device attached to the software.
The Assurance analytics in the latest release of DNA Center draws network telemetry data from the APIC-EM controller, the campus network version of the ACI controller used in the data center. The model created from the data lets operators monitor applications, switches, routers, access points and end-user devices manufactured by Cisco partners, such as Apple.
As the data center software, the Cisco Assurance services for the campus are focused on troubleshooting and remediation. Later in the quarter, Cisco will add similar features to the cloud-based management console of the Meraki wireless LAN. Problems the Meraki analytics will help solve will include dropped traffic, latency and access-point congestion.
Today, most operators manage networks by programming switches and scores of other devices manually, usually via a command-line interface. Proponents of IBN claim the new paradigm is more flexible and agile in accommodating the needs of modern business applications. In the future, Cisco, Juniper Networks and others want to use machine learning and artificial intelligence to have networks fix common problems without operator involvement.
Despite progress vendors have made in developing IBN systems, enterprises are just beginning to roll out the methodology in their operations. Gartner predicted the number of commercial deployments will be in the hundreds through mid-2018, increasing to more than 1,000 by the end of next year.