In a previous post I discussed network verification, a new area of technology that applies what is known as formal verification \u2013 mathematical analysis of a complex system to determine rigorously if it meets the end-to-end goal \u2013 to network infrastructure.\nBut what is network verification good for and how is it different from today\u2019s common practice? Nearly every organization monitors its network, typically by sampling ongoing flows, events or logs. Isn\u2019t that enough to catch problems as the organization deploys changes?\nMonitoring samples the past; verification predicts the future\nIn fact, verification is quite different from monitoring in powerful ways. To understand verification, it is helpful to contrast it with the traffic-monitoring technology that we all know.\n\nMonitoring observes low-level events; verification understands the high-level goal. Monitoring solutions do not generally understand the network-wide goal of the business. They gather observations of what has happened, but that is not the same as understanding what should happen. The idea of verification is to ensure an ultimate goal \u2013\u00a0the intent of the network designer \u2013\u00a0is being met. One can declare a high-level intent such as \u201cMy hospitals should be able to reach all critical services along multiple paths,\u201d store it in a central repository of record and verify the intent continuously as thousands of changes are made to the network across time. This ability to meet an ultimate goal is why verification has become a key part of intent-based networking.\nMonitoring watches what happened; verification predicts what could happen. Because monitoring watches recent or historical traffic, it is fundamentally reactive, only seeing problems as or after users are experiencing them (or after attackers have exploited vulnerabilities!). Verification solutions do not need to look at a single packet flowing through the network, and do not inject probe traffic into the network. Instead, they analyze network state, such as configurations, forwarding tables, access control lists and more, to figure out how traffic could flow through the network. As a result, operators can verify if the network will behave as intended.\nMonitoring samples a few packets; verification explores all possible behaviors. Monitoring cannot give complete assurance that intent is met under all circumstances; it can only say, \u201cI don't see a problem right now, but who knows what will happen when the next packet arrives.\u201d Verification effectively explores what could happen to all possible packets, injected everywhere in the network. Such exploration results in an enormous number of possibilities, and analyzing them requires new algorithmic technology \u2013 inspired by the field of formal verification \u2013 that has recently been applied to network infrastructure.\n\nUsing verification to spot problems proactively\nLet\u2019s see how the differences above come together in a useful way for users of verification technology.\nSuppose you are tasked with operating a data center that has servers hosting sensitive financial databases as well as links to external partner networks, tunnels to cloud deployments, uplinks to the Internet, and more. Network segmentation, implemented with firewalls and separate virtual networks, is supposed to provide layers of defense between these different parts of the network. But thousands of devices make for a pretty complex environment. Now suppose there is a flaw in the segmentation: some part of the network, such as the external partner, could communicate with the financial databases, which could result in a failed audit or worse, a serious breach.\nDespite how serious that vulnerability is, traffic monitoring would quite likely turn up nothing out of the ordinary if none of the partner\u2019s machines were trying to access the financial databases. But if malware somehow gained a foothold in the partner\u2019s network, it could quickly lead to a serious breach of financial data. Even if malicious traffic is monitored, there is no guarantee it will raise an alarm, because the monitoring systems may not understand that the observed traffic violates the intended segmentation.\nIn a network verification system, the intent is explicitly declared \u2013 in this case, that the external partner network should be connected to the demilitarized zone but isolated from the rest of the data center. The network verification system can then explore all possible data flows that could occur and determine if some flows will violate the intent, thus spotting the vulnerability well before the attack.\nNow suppose you are called in early Saturday morning to fix this vulnerability by locking down firewall rules. One slip-up could restrict traffic too much, taking the databases offline from cloud-hosted applications. Depending on the application and the access control mistake, such a slip-up might result in an immediate red-alert outage, or it might not show up until Monday morning. Either way, traffic monitoring will see the problem only after it has already affected users. A network verification system could incorporate the proposed change into its network model pre-deployment and predict that the change would violate the connectivity intent, saving you from causing an outage.\nNetwork verification in production networks\nOf course, traffic and event monitoring are still valuable. Real-time performance monitoring, even down to the millisecond, is becoming more and more important. But in use cases such as those above, verification can prevent outages and vulnerabilities that would otherwise have gone unnoticed. Verification thus reduces the risk of errors (whether due to human error or software error) during and after change and ultimately improves the organization\u2019s agility.\nToday, these benefits have driven companies to mature network verification from its academic roots. Hyperscale cloud providers such as Microsoft Azure and Google are deploying verification technology specialized for internal use, and startups are providing verification solutions broadly suitable for networks. Gartner has highlighted the importance of verification and assurance within the intent-based networking area.\nNetwork verification is fast becoming a key step in the network automation story because it provides rigorous automated validation that the business intent matches reality. What is perhaps most exciting is that because the technology verifies passively (without disrupting active operations), it can help today\u2019s real, messy, multi-vendor brownfield networks transition to more software-driven processes.