When Cisco announced its intent-based networking (IBN) strategy this summer, CEO Chuck Robbins called it the company\u2019s biggest announcement in years.\nIBN architectures use a combination of software and hardware to control network infrastructure. It allows users to express their desired state of the network \u2013 infrastructure configurations, security polices, etc. \u2013 and IBN automatically implements and maintains that state.\n[ Check out What is intent-based networking? and Why Cisco\u2019s intent-based networking could be a big deal. ]\nCisco says customers are now trialing the technology. Cisco Senior Vice President Scott Harrell sat down with Network World Senior Editor Brandon Butler to discuss how customers are implementing this technology. \u00a0\n\u00a0He talked about the general business value of IBN, the differences between campus and data-center IBN deployments, the hardware investment that is required, the ability to deploy in heterogeneous environments and return on investment,\n\u00a0The following is an edited transcript of that conversation. \u00a0\nBrandon Butler: Why would I want an intent-based networking system? It seems like it\u2019s just advanced network automation and orchestration. What\u2019s the big deal here?\nScott Harrell: The business benefits of intent-based networking can be summed up in three main areas. Number one is around speed and agility. As the network evolves there is a lot more on it. People are now able to spin up a cloud app with the swipe of a credit card. You need to be able to respond in the network. It\u2019s critical for the network to rapidly evolve to meet those needs with minimal manual intervention.\nThe second thing is it allows IT to focus more on delivering business value. IT today spends a lot of time in tasks that don\u2019t produce value. We can automate a lot of tasks at the management layer, which allows IT to do more work that\u2019s a value-add to the business.\nAnd thirdly, when you look at security, compliance and risk, the automation allows you to reduce the risk of an error and do more granular analysis of the network.\nBB: What\u2019s specific about intent-based networking that allows those goals to be achieved?\nSH: With IBN we\u2019re treating the entire network as a single fabric and allowing the user to create a policy that spans every node of that network. It automatically translates the user intent into something that can program the entire network. That\u2019s something that\u2019s hard to do if you\u2019re just a management tool because you have to change the OS layer and the ASIC.\nWe\u2019ve also changed how you listen to the network. Now you can get the context of what\u2019s happening in the network, which dramatically simplifies operations by giving you a more holistic view of the network \u2013 most other tools don\u2019t do that.\nBB: What does it look like to deploy an IBN in the campus? It seems like it would take a lot of underlying policy writing to implement this intent. Is that true?\nSH: We\u2019ve tried to radically simplify this. There are multiple ways to deploy automation. You can perform simple tasks that have historically been done manually. That could be as simple as image management and ensuring that all devices have a consistent level of software. You can start with simply managing your environment as a single unit instead of disparate devices.\nSome customers start with just one wiring closet or one floor of a building. Because this is a fabric-based architecture, all I have to do is make changes at the access layer \u2013 the layer closest to the user \u2013 and then have something back in the core. This allows customers to use intent-based networking in a brownfield scenario. It works in a Cisco environment or a mixed infrastructure environment. It supports multiple generations of previous Cisco hardware.\nPolicy creation is all UI driven through a simple drag-and-drop interface. It can be done at a macro level \u2013 the engineering department traffic can\u2019t interface to accounting networks \u2013 or I can go granular down to individual users through interconnections with ISE \u2013 Identity Services Engine.\nBB: I thought IBN was an integrated hardware-software offering, so I\u2019m surprised to hear that it can work across non-Cisco gear.\nSH: We\u2019re not saying we\u2019re managing those third-party pieces of infrastructure. What we say is if you have a Cisco access switch or Cisco access point, then the rest of your network can be something other than Cisco, all you need is something at the control plane level, like a core router or switch that\u2019s also Cisco. Because it\u2019s a standards-based protocol, if there are non-Cisco switches in the intermediate layers they can continue to operate as traffic forwarders. If the network is fully Cisco, automated lifecycle management, application intent and analytics can be fully applied across the entire network and operated from a single management console named Cisco DNA Center.\nBB: You mentioned that IBN supports previous generation hardware, but does some IBN functionality require the latest Catalyst 9K hardware?\nSH: Yes. Most of the benefits of IBN can be achieved on previous generation Cat 3Ks, 4Ks, 7K, it\u2019s supported on the Wave 1 and 2 Access Points, plus the ISR 4K and ASR 1K routers.\nThere are some incremental features that need the Catalyst 9K switch because we designed that from the ground up to work in an IBN. This includes new security capabilities, such as Encrypted Traffic Analytics, which allows you to understand the posture of encrypted traffic without decrypting it. The Cat 9K has an x86 Intel chip \u2013 switches historically do not have that \u2013 that allows us to distribute workloads directly to the switch level and program the devices. But a lot of the automation \u2013 the business policy, fabric creation \u2013 that can be done in the Cat 3K as well as the 9K.\nBB: Why is there a different intent-based networking platform for the data center (made of Application Centric Infrastructure plus Tetration analytics) compared to in the campus with the Catalyst 9K switches and the DNA Center software?\nSH: There are different solutions for different buying centers because people tend to manage those environments differently. Our bigger customers have separate teams managing their data center compared to their campus and LAN. What you focus on in implementing policy is different too. In the data center, all the policy revolves around the application and controlling flows for it. When you\u2019re out in the campus on the LAN, it\u2019s much more focused on the user and the device.\nBB: Just a couple years ago the next big thing in networking was software-defined networking (SDN). So, is that no longer important? Do SDN and IBN overlap?\nSH: When you look at what SDN was trying to accomplish, a lot of what IBN does is really bringing that to life, plus doing quite a few more things beyond it. I look at IBN as a super-set of SDN. Some of the aspirational goals of SDN are being achieved with IBN. Both also use a controller-based architecture. In the data center, ACI uses a controller architecture, along with Tetration for analytics. In the campus we have DNA Center, which has a controller underneath it.\nBB: How much does an average IBN deployment cost? Would it be five, six, seven figures? And what\u2019s the ROI for customers? Will this reduce staff to help pay for itself?\nSH: I don\u2019t have an average price because it really comes down to the customer\u2019s network and how broad they want to go. From an ROI point of view, our early field trial customers estimate a positive ROI in one to three years. The majority of cost savings comes from the dramatic reduction in \u201ctouch\u201d time required to provision and maintain the network. This more than offsets the additional CapEx costs to deploy these new, intent-based networks.\nBB: What parts of IBN can I buy now, and what\u2019s on the roadmap for the future?\nSH: The Cat 9Ks have been shipping since June\/July and we already have 450 customers. DNA Center, which is the software platform that controls the intent based network, has been available since August, and we have about 125 customer trials deployed. Those are the two main components shipping today. And one thing that\u2019s important to note is DNA Center is sold as a subscription service, so when you buy the 9K and the software, new releases and features come automatically.\nOther parts are coming. We mentioned the ETA (Encrypted Traffic Analytics) that\u2019s going to be available later this calendar year. We\u2019ll also continue to invest in more advanced analytics, which we\u2019ll be building into DNA Center.