• United States

Cisco brings intent-based networks to the data center

News Analysis
Jan 31, 20184 mins
Cisco SystemsData CenterNetworking

Cisco announced this week it is bringing its intent-based network (IBN) system to the data center. In doing so, it is adding a third leg to the IBN stool -- assurance.

data center network security endpoint security big data
Credit: Thinkstock

When the company unveiled its intent-based network system (IBNS) solution at its “Network. Intuitive.” event in San Francisco last year, that version focused on bringing the concept of a “self-driving” network to the enterprise campus and was dependent on customers having the new Catalyst 9000 switches. Cisco’s solution works as a closed-loop system where the data from the network is collected and then analyzed to turn intent into commands that can be orchestrated.

To accomplish that, Cisco’s IBNS requires two components: translation to capture intent, translate it into policy, and check integrity, and activation to orchestrate the policies and configure the systems.

The new third leg – assurance, which constantly verifies configurations — looks for insights and takes corrective action. While this is being rolled out as part of the data center IBNS release, I’m sure assurance will also be part of the campus solutions, as well. This is the component that turns an automated system into and autonomous one.

However, the data center is where assurance is badly needed. It’s the place that has all the big enterprise applications, private clouds and company data. Campus outages are certainly no fun, but the stakes are so much higher in the data center. Because of the importance of the data center, when things go awry, network professionals often find themselves in firefighting mode. Changes are made on the fly and not documented, and configurations are often out of compliance, which can lead to bigger problems in the future, such as an inability to fully understand if the current state of the network meets the intent of the policies.

Cisco’s new Network Assurance Engine will ensure that the infrastructure actually does what the business needs it to do. In the case of the data center, the intent encompasses data center operations, including configurations, routing, security, virtual machines, audits and meeting compliance.

How Cisco’s Network Assurance Engine adds value to business

Despite the rather unimaginative name, Network Assurance Engine can provide significant value to business through the following ways:

  • Predicting the impact of changes. Changes can be tested before they are committed to, enabling operations teams to have a higher degree of confidence in the changes that are made. According to ZK Research, human error is still the largest of component of downtime, and Network Assurance Engine will catch those before they are implemented. This will lead to accelerated migrations and greater change agility.
  • Proactive verification of network-wide behavior. Network Assurance Engine constantly analyzes the end-to-end network and will see problems before users start calling, keeping network operations out of firefighting mode. This can reduce or even eliminate unplanned network downtime.
  • Assure network security policy and compliance. Maintaining security policies in a constantly changing environment is nearly impossible to do if the network is managed manually. Network Assurance Engine can continuously monitor the network and will instantly see when something is out of compliance. Additionally, it provides a fast and easy way to prove that the data center is within the company’s or industry’s mandated policies.

Network Assurance Engine is one of the most advanced technical solutions Cisco has ever built. It collects a massive amount of data, including policies and the state of everything, and then creates a mathematical model of the entire environment, including underlays, overlays and virtualization layers. Cisco then applies machine learning-based analysis to the models to do the validation, error checking and provide remediation steps.

Running a data center is hard, but it’s made even harder because the operations teams always have to react to outages. Cisco’s Network Assurance Engine should alleviate much of the pressure IT feels today by offloading many of the mundane tasks, enabling IT to focus on things that are more strategic to the organization.


Zeus Kerravala is the founder and principal analyst with ZK Research, and provides a mix of tactical advice to help his clients in the current business climate and long-term strategic advice. Kerravala provides research and advice to end-user IT and network managers, vendors of IT hardware, software and services and the financial community looking to invest in the companies that he covers.

More from this author