• United States

Apstra intent-based networking bridges the physical, virtual

Oct 03, 20174 mins
Network Management SoftwareNetworkingVirtualization

Apstra’s intent-based AOS 2.0 delivers agility across physical/virtual networks so they look like one.

Credit: Thinkstock

Intent-based systems have been all the rage since Cisco announced its “Network Intuitive” solution earlier this year. For Cisco customers, its solution is certainly interesting. But what about businesses that want an alternative to Cisco? Or companies that want to run a multi-vendor environment?

Over a year before Cisco’s launch, a start-up called Apstra shipped the closed-loop, intent-based solution. It was designed to be multi-vendor in nature with support for Cisco but also Arista, Juniper, HP and others, including white box. Apstra operates as an overlay to networks built on any of the leading vendors to deliver intent-based networking in heterogeneous environments.

This week, Apstra announced the next release of its software, AOS 2.0, which addresses the gap that exists between physical underlay and virtual overlay networks, including VXLAN. I’ve discussed this topic with many network professionals, and there is a high degree of interest in using network virtualization, but the lack of visibility between the underlay and overlay is a huge deterrent. Without an understanding of the relationship between the two, network managers are faced with managing two separate networks — the physical network and virtual overlay.

Also, with this model, troubleshooting becomes extremely difficult as the virtual network is one big blind spot. Any application problems that occur in the overlay is, for all intents and purposes, invisible to the engineers running the physical network. The lack of visibility also creates security problems because malware or other malicious traffic could spread like wildfire across the overlay and be hidden from the security tools attached to the physical network. There’s an expression that you can’t secure or manage what you can’t see, and that’s certainly true for overlay networks today.

Bringing the two environments together using traditional management models like CLI would be like trying to compute all the algorithms in an autonomous vehicle manually. People can’t work fast enough to process huge volumes of data, analyze it and take action on the insights to make it practical. That is why the task is turned over to machine learning systems. Similarly, with a network, trying to maintain the intent of a network is hard enough to do with a single network. Bring in the virtual overlay, and all the dependencies and the task would be so monumentally difficult that it’s practically impossible, even for the largest network teams.

Apstra’s AOS 2.0 facilitates management of physical and virtual networks

Apstra’s intent-based operations works off a closed-loop model where the intent is continuously validated. Virtual overlays introduce VXLAN segments that are used in conjunction with VLANs to segment virtual machines and containers in data centers at a more granular level. When these resources are put in motion and spun up and down dynamically, it becomes very difficult to maintain specific policies, such as “all workloads in VLAN1 are to be assigned to a specific VXLAN segment.” Intent-based solutions continually gather data and automate the re-configuration.

Also, Apstra’s AOS self-documents, repairs itself, and can maintain security. The term “intent-based security” is often bandied about, but that’s more the effect of being able to understand, create and maintain policies in highly dynamic environments.

apstra aos 2 Apstra

This latest release of AOS automates the full lifecycle of VXLAN-based, layer two network operations within, but also across racks, which is crucial today because east-west traffic flows are dominating data centers. The growth in east-west is driving the need to migrate from legacy, multi-tier layer two networks to more dynamic and scalable, layer three leaf-spine architectures with an agile layer two overlay. Doing this with legacy configuration methodologies, such as scripting or CLI infusion, would require extensive application testing and possibly modification to account for the changes. Apstra’s closed loop increases agility, so the transition to leaf-spine can be made without any modifications at the application layer. 

In a world where digital transformation is running amok, the infrastructure teams, including network operations, must find a way to respond to line-of-business requests faster. Intent-based networks reduce the amount of downtime caused by human error (still the largest cause) and cut operational expenses. They also increase network agility.

Digital businesses need to move with speed, but they are only as agile as the least-agile IT component. And that today is the network. Apstra’s AOS 2.0 now delivers agility across the physical – virtual boundary, so now it looks like a single network instead of two distinct ones.


Zeus Kerravala is the founder and principal analyst with ZK Research, and provides a mix of tactical advice to help his clients in the current business climate and long-term strategic advice. Kerravala provides research and advice to end-user IT and network managers, vendors of IT hardware, software and services and the financial community looking to invest in the companies that he covers.

More from this author