In June, Cisco announced it plans to deliver on “intent-based” networking, which has the potential to be the biggest change ever in the way networks are managed.
Cisco’s intent-based networking is fueled by contextual information and then acted upon by machine learning based “intuition”.
The pervasiveness of Cisco infrastructure allows it to collect network traffic but also contextual information such as who users are, what resources they are accessing, where they may be located and how endpoints are connected. This information can be used to create customized experiences and improve security. Machine learning is used to analyze what the contextual information means, gather new insights and then predict outcomes. This is critical in being able to turn data into actionable insights.
Intent based networking systems (IBNS) have four components:
- An end user can express desired policies and state of the network, either through commands, a graphic interface or through application programming interfaces (APIs). The IBNS can verify whether the intent of the network can be met. Lerner likened this to entering the destination address into a GPS.
- The IBNS has automated abilities to configure the network based on the policies and desired state. For example, a user could specify that a certain level of security be applied to specific applications, and the IBNS could assign specific security policies based on user role, device or time. The IBNS has the ability to configure the necessary firewalls, vLANs and other technologies within the network to satisfy the request.
- IBNS collect a repository of network data, including logs of traffic and streaming telemetry so that the system can constantly assess the state of the network and determine the best way to implement the desired state.
- The IBNS has the ability to dynamically optimize and remediate the state of the network to ensure policies are enforced. For example, if a certain segment of the network is down, the IBNS would have the ability to automatically re-route traffic to ensure the policy is enforced appropriately. In the GPS analogy, this would be like the system rerouting a driver around a closed road or traffic jam.
A key component of an IBNS is that it provides mathematical validation that the expressed intent of the network can be and is implemented within the network, and that it has the ability to take real-time action if the desired state of the network is misaligned with the actual state.
An IBNS is, in theory, a software platform that can be agnostic to the hardware that it runs on.
To support its new network model, Cisco announced more new technologies:
- DNA Center is a centralized management platform that lets IT teams put intent-based operations into action. The product encompasses all aspects of the network life cycle including design, provisioning, policy and assurance. DNA Center also manages hardware and software life cycles to keep the routers, switches, access points and other infrastructure up to date.
- Software Defined Access automates policy enforcement and network segmentation across the network fabric. The process of on-boarding users can be time consuming and tedious leading to errors and creating security risks. The ability to automate this process becomes critical for IoT as network operations is often not even aware of when an endpoint is attached to the network. In the press release Cisco claims network provisioning time can be reduced by 67%, and the impact of a security breach lowered by 48%. I’m uncertain of how these were calculated but from my research into automation, these numbers seem realistic.
- Network analytics platform categorizes and correlates the massive amount of data traversing the Cisco network. It uses machine learning to convert data into actions and then delivers the information to DNA Center.
- Encrypted traffic analytics enables Cisco to “see” and analyze encrypted traffic. Hackers are smarter than ever and are hiding their threats in the growing amount of encrypted traffic. Cisco’s Talos security intelligence and machine learning is used to analyze traffic patterns to infer threats in encrypted traffic.
- For all you fans of the Catalyst family, it lives on. The new Cisco Catalyst 9000 Switching Portfolio is a new series of switches built specifically for the digital era to handle the unique demands of mobility, cloud, IoT and integrated security. Like all Catalysts before this, the 9Ks are powered by Cisco’s own silicon. These will run IOS XE for software. The combination of hardware, software and silicon has always given Cisco a competitive edge and these new products will provide similar differentiation. The fixed form factor 9Ks (9300 and 9500) will be orderable in June and the chassis based 9400 in July.
All of the new technologies and intent-based systems are supported by a set of services Cisco is calling “DNA Services”. These can be used to help customers get the technologies deployed faster in a way that can meet their needs best. Not everyone will adopt intent-based networking overnight and Cisco Services are in place to help build a road map that includes all the critical components including software, security, analytics and automation. Historically, Cisco has had a number of technologies that were lightly adopted (TrustSec, ISE) because many customers didn’t have the best practices or the know how to deploy them without creating risks. The DNA services should alleviate those concerns.
Lastly Cisco is releasing a new DNA Developer Center that falls under the DevNet umbrella. This is used to help software developers and IT pros create applications that interface with the network. DNA Developer Center includes a number of learning tracks, sandboxes, APIs and developer support.
Read more from the original article: https://www.networkworld.com/article/3202105/software-defined-networking/cisco-brings-intent-based-networking-to-the-end-to-end-network.html
Get a Quote for the Cisco Catalyst 9000 Series/Cat9500/Cat9400/Cat9300
Cisco’s New Line of Catalyst 9000 Switches
Cisco’s newest line of Catalyst 9000 switches, including the 9300, 9400 and 9500 have some of the most advanced programmability features of any Cisco products to date, and are part of Cisco’s initial rollout of intent-based networking.
More Topics: Why Migrate to Cisco Catalyst 9500 Switches?
Why Migrate to the Cisco Catalyst 9400 Series Switches?
Why Migrate to Cisco Catalyst 9300 Switches?
The new switches include a custom ASIC that allows it to support protocols of today and the future.
The Catalyst 9000 Series is designed to do more tasks in less time. With Cisco DNA and SD-Access, these switches can be part of a network that brings together and learns from information across the network to create a simpler, more fluid experience. By automating mundane day-to-day operations you can shift IT time and money to focus on creativity and design.
The Cisco Catalyst 9000 Series is based on the Cisco UADP ASIC, which continually evolves to anticipate customer needs with exponential results, driving new industries and fostering innovations that have yet to be envisioned.
Expansive security and intelligence
Cisco DNA casts a wide net. It gathers information from a constellation of data points, connecting more devices and device types, making correlations and applying insights. It sees invisible threats and automates security responses. And it constantly adapts and protects by learning about threats across the world to stay ahead of the threats you face.