• 06/30/2017
    2:39 PM
  • Rating: 
    0 votes
    Vote up!
    Vote down!

Cisco Intent-Based Networking Brings SDN to the Enterprise

Automation platform promises to make software-defined networking a reality for campus networks.

At Cisco Live, networking pros heard a lot about Cisco's new intent-based networking strategy and technologies. On the surface, the technologies look like an evolution of Cisco's existing enterprise network products. Intent-based networking was actually available with Cisco's ACI platform, Digital Network Architecture (DNA) was announced in March 2016, and the Catalyst 9000 family of switches is a version of the venerable switch. New technologies include software-defined access and encrypted traffic analytics.

However, we need to focus on the bigger picture rather than looking at the individual products. Altogether, they're actually a long-awaited realization of software-defined networking branching out beyond the data center and finding its way into the enterprise.

Cisco's new intent-based platform brings modern elements such as automation, security and analytics to work together in a unified system. With intent-based networking, you define what you want done in the network instead of how it’s done.

This represents a major shift on how networks will be provisioned, monitored and operated. I expect Cisco to extend this model to many parts of its networking portfolio such as wireless access or WAN. Thus, all Cisco networking practitioners need to pay careful attention and plan for this eventual change.

SDN in the enterprise

Early ambitious attempts at SDN by many enterprise and data center vendors have not proven to be successful both technically and in its market acceptance. Providing a measured approach that is compatible with existing technologies is important for Cisco, and SDN especially difficult to do in complex enterprise networks compared to the data center networks, where deployment and design is uniform.

Moving away from box-by-box control is important. You currently manage the traditional wired enterprise network, wireless access points, and WAN systems independently by configuring each box while manually trying to keep policies consistent. An automated system goes a long way towards reducing rote work and errors and saves time for network engineers to do more worthwhile design work.


Caption Text: 

(Image: geralt/Pixabay)

DNA Center is a management tool that implements design, provisioning, policy and assurance. Sitting underneath is APIC-EM, an SDN controller that does the work of policy-based automation of the network devices. But the core switching function still resides in the switch. Given there are open APIs, it’s possible to write custom DNA applications. I expect skilled enterprises and ISVs will create tools that exploit the APIs to augment DNA Center. I think this is very promising in the long-term.

With intent-based networks, the system can automatically group end points with similar security needs and apply common policies to them, or apply machine learning to identify threats and automatically quarantine them. But rather than configuring it by CLI, network pros will manage this with the assistance of a controller that’s in the private or public cloud. I discussed this trend of moving away from CLI in a blog post last year.

What do some network pros think?

At Cisco Live, I spoke with some customers about the new technologies. They are generally positive, but acknowledge that enterprise networking equipment like campus switches have long life spans so it may take a long time for companies to fully adopt the new switches and related management tools. But they are eager to try them out in proof of concept labs. After all, a Catalyst switch is familiar equipment, so incorporating it into an existing infrastructure isn't daunting.. As long as the adoption can be made incrementally, customers seem to be willing to check it out.

My recommendation? This is the start of a shift in Cisco’s enterprising networking, and is worth your time to examine it and to try it out. Will it make the network intuitive? If it relieves you from drudgery and makes the network behave more intelligently, yes it can.

Note: Security is an important part of Cisco's intent-based networking strategy, and I will write about that in a future post.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.