The Intelligent Next Step for Intent-Based Networking

Source: Cisco

We, and our customers, have long understood that networks are most valuable when they do more than support their own weight. They become assets only when they enable the growth of business strategies. To get networks to work at this level, we have to get a higher level of performance and agility from them.

That’s why we launched a series of products and services based on intent-based networking two years ago. Our goal was to reinvent access networking to serve business needs. Intent-based networking turns intent into network policy, and it lets businesses innovate faster than ever.

Since we started working on intent-based networking, we’ve been focused on making it simple. As the technicalities of networking are complex, this focus is not something we’ll ever be fully done with. Simplifying advanced IT requires continuous refinement.

One big leap we’re making now is using the power of artificial intelligence (AI). It lets us simplify the experience that IT teams have with networking tools, and provides personalized and targeted insights into their operational environments.

We are also simplifying what it takes to manage multiple networking domains – by linking them together to provide key outcomes that network managers care about, like end to end segmentation with application SLAs (service-level agreements).

Artificial Intelligence Powers the Next Level of Intent-Based Networking

We can use the artificial intelligence  to make IT more efficient and proactive. With AI, we can deliver a network that operates at its peak performance. At the same time, we make it easier to manage.

For example, we address the fact that the number of devices attaching to networks is increasing quickly. From end-user devices to IoT equipment, many networks are seeing exponential growth. This increase in network complexity is leading to an increase in alerts from management consoles. But IT teams, with their limited resources, are only able to pay attention to the highest-priority incidents. They end up ignoring the less urgent, but still important, indicators of network under-performance.

Having networks send their operators only the right alerts, though, isn’t something that can be done just by setting coarse threshold bands. Every network is different.  Every building in campus network is different. Each floor within a building is different. And these networks are constantly changing. We need to apply AI to optimize network management, to surface the alerts that are truly important for each unique environment.  With AI, we can customize alerts for every building, every floor and every room – with actionable insights that allow teams to quickly and proactively mitigate problems.

In early field trials of Cisco AI Network Analytics, we have seen the number of flagged incidents reduced by up to 75%. One of our customers, with a three-person network management team, tells us they call Cisco AI technology the “fourth member of the team.”

Having an AI tool to prioritize — and increasingly, remediate — network alerts means IT staff can spend more of their time and resources on strategic projects that make their business better, more efficient, and more competitive.

AI Network Analytics Reduces Noise for Greater IT Efficiency

AI can effectively filter and prioritize alerts.

The quality of the AI-driven improvement depends, of course, on the quality of the data. The more devices you collect data from – end user smartphones, switches, WAN routers, cloud servers, and everything connecting them – the better. That’s why we build telemetry into all the products we make. And we have 35 years of experience across all the domains of networking – experience that goes beyond raw data. We are combining that pattern-matching human knowledge of how networks work, with real-time telemetry, to move into a new field of AI, machine reasoning, to create even more intelligent network management.

Network teams can also use the network telemetry as a raw business resource. Networks are sensors, not just wires. A network can know how employees and customers use resources – increasingly, physical resources like buildings and equipment – and that data can be an invaluable resource in creating competitive advantage.

Integrating Network Policies

It’s also time to start unifying network management across domains. No network is an island, and yet they have been traditionally managed as if they were. Even inside a single enterprise, there are multiple networking domains, each supporting a unique role — from the campus and IoT networks that identify and onboard devices and authorize access, to the WAN network responsible for securely connecting to a hybrid cloud environment with a great application experience, to the data center and cloud networks where workloads are distributed and where protecting against data breaches is utterly critical.

Operating policies that govern network actions are defined in each of the domains. But the needs of a business are not fulfilled by one domain alone. All need to work together so that, for example, a doctor in a clinic can securely run a diagnostic application in the data center with adequate quality of experience over the WAN that connects them to it – a task that touches at least three traditionally separately-controlled networks.

To meet this business intent, domains must exchange relevant policies, so that the entire network works in concert.

In our example, the access network that onboards and authorizes the doctor must let the data center network know of their privileges to run the medical diagnostic application. Similarly, the data center network must tell the WAN of the critical nature of the application and how its traffic must be prioritized. When the doctor moves to a different clinic, the policies that govern their usage should follow.

Use Cases - Telemedecine: Domains must cooperate to meet business intent

Applying policies across domains can also be simplified.

Without such integrations, IT teams for each domain need to coordinate and then manually implement different policies. With the rapid pace of change, that may not even be possible.

Multidomain integration means that policy applied in one place (like the access network) will get applied to the other networks (like SD-WAN and data center) that are involved in delivering the desired result. Each domain continues to support its primary role, but as changes occur, it will dynamically update across other domains.

Improving the Human Element

AI tools and automation for multiple domains will get us closer to the IBN vision and will dramatically free up IT teams so skilled network operators can work on strategic projects – projects that may appear out of reach today due to the fire-fighting nature of network management. Based on talks I have with customers, I know that there is no end to the number of interesting and lucrative projects our users could be working on. And we want to help.

We recognize that network engineers and IT teams will need new skills and practices to take advantage of these tools. Our own Cisco DevNet can help lead the way: Resources are available now to help build network automation across domains with the new DevNet Automation Exchange. New DevNet certifications will help engineers build critical software skills and infrastructure expertise to keep on top of the latest IT developments.

Smart software will soon be able to do more for our networks than ever. But to keep a business ahead of the game, IT teams need to know how to use it to its best advantage. There’s so much still to do when it comes to leveraging the power of interconnected systems. We want to help networks get smarter, and we want to be sure they all have the best-informed people available to manage them.

Get the latest news from Cisco Live 2019, happening June 9 to 13 in San Diego, California. 


The post The Intelligent Next Step for Intent-Based Networking appeared first on Cisco Blog.

The Intelligent Next Step for Intent-Based Networking

Unplugged and Uninterrupted: What’s Driving Networking Today

Source: Cisco

Offices. Hospitals. Factories. Hotels. Universities. Sports arenas. In my job, I talk to the people around the world who run technology for all of these types of operations. They tell me that more wireless devices than ever are joining their networks, and that if they have no Wi-Fi, they have no business. Without a network that’s up 24/7, a hospital’s critical medical device might not function. A robot in a warehouse won’t be able to receive commands and a critical process will grind to a halt. A point of sale tablet in a stadium won’t be able to process a fan’s purchase, and perishable demand will be lost.

The network, in short, is critical infrastructure. And the kind of network we’re relying on is changing. In the past, for devices that needed constant connectivity, we’d wire them to our core. Today, our critical devices are just as likely to be wireless: the cart with medical equipment, the roving inventory-picker robot, the handheld ticket scanner. These devices can no longer connect using “best effort” wireless as they might have in the past. The wireless network has to be as rock-solid as wired. It has to provide uninterrupted and unplugged access for users and devices.

Businesses need their IT professionals to understand these issues today, as well as challenges they will be facing in the near future. Having planners who see into the future is one key way businesses stay agile and competitive. So when I speak with IT professionals we often discuss the need to plan for a few key trends.

Trend 1: Expanding Number of Devices Connected

It’s not just that every employee of a business has a device (or two) that they connect to our networks. Today, every single person visiting a business comes with several devices, and the number of devices per person (phone, watch, headphones) continues to grow.

But that’s just the tip of the iceberg. Everything today is getting connected. From light bulbs to medical diagnostic equipment, there is hardly a single new piece of infrastructure that is not connected today, or that won’t be tomorrow. IT staffs are not getting larger to match this growth. For IT to provide uninterrupted connectivity to all these devices, simplicity is the key to scaling up.

Trend 2: Reliability and Security

As much as businesses are eager to adopt the latest technology in their business, the networks must be reliable and safe – all the time, no matter the situation. And the more connections we open up, the more exposure a network has. The major security threats today are also different from what we were protecting from just a few years ago. Today, data theft isn’t the only challenge. We need to protecting networks and devices from outright sabotage. Ransomware is now used to take down businesses. The impact can be brutal. The NotPetya attack cost businesses over $10 billion in 2017, and some of the hardest-hit companies were completely compromised in under four minutes.

Additionally, the bulk of incremental devices landing on the network are unmanaged, not laptops or phones that are managed by IT. This means classical pieces of the security kill chain – endpoint tools such as antivirus software, MDM (Mobile Device Management), and EDR (Endpoint Detection and Response) – don’t come into play. The increase in device and OS diversity can also lead to a dramatic rise in alerts from legacy network security tools, making them essentially ineffective for SecOps departments already suffering from alert fatigue. Finally, unmanaged devices can also be weaponized by attackers; they’re often highly vulnerable to botnets, like Mirai, which continue to rapidly evolve.

Trend 3: Immersive and Real-time Computing

The way we interact with technology is evolving, too. Since computing first became part of business, we have moved from batch processing, to command lines, to interactive experiences on our computers and handheld devices. We are now moving into the era of truly immersive computing, in which users will expect real-time and high definition imagery as part of the interface. This means not just pervasive use of high definition collaboration tools (like Cisco’s own Telepresence products) but also expanded use of augmented reality and virtual reality in a variety of business applications. These applications need both high bandwidth and ultra-low latency for their real-time experiences. The same goes for machines that are making real time decisions. Increasingly the expectation is that all of this is achievable over both wired and wireless networks.

Our networks need to support new levels of speed, reliability, and scale. That’s what we’ve been building. We have been working hard on our entire suite of networking products, from Wi-Fi ASICs to core switches, to our software fabric that ties it all together. We believe that when you can work with the network holistically, and not just as series of parts connected through patchwork, you can raise the value of networking and business overall.

The fundamentals of network design in the coming years are anchored in three architectural principles to serve the needs I outlined above. These design points are: Wireless First; Cloud Driven; and Data Optimized.

Wireless First

Every part of our networking stack has to be built for always-on wireless. This means that the entire network, from switch to device, needs to be built to support full-time, uninterrupted access for all users. High-availability systems need to be everywhere, not just in the core of the campus network. Technology like cold and hot patching, perpetual POE, non-stop forwarding (NSF), automated rapid and rolling upgrades, and much more need to be built into every applicable layer of the campus and branch network.

Building wireless-first networks means we no longer think of wired and wireless as two distinct systems. We need to consider the impact of wireless technologies – like new Wi-Fi 6 access points that support four times the bandwidth of current models – at the same time as we plan our wired systems. Wireless, of course, aggregates to wired, and the wired network must also evolve. Technology like multi-gigabit ethernet must be driven into the access layer, which in turn drives higher bandwidth needs at the aggregation and core layers.

Even more importantly, to securely connect and protect the flood of managed and unmanaged devices on our networks, and to manage it all, we must treat the network as a one single software-defined fabric. This allows us to segment the network, and make sure that if one device gets infected by malware it cannot easily spread to other devices.


The cloud has helped businesses achieve great feats at grand scales. It offers the same potential for network management and efficiency.

A cloud-driven network infrastructure provides new capabilities to on-prem network equipment, most importantly by giving your the network access to the continuous improvement inherent in cloud services. When we leverage the cloud we can transform how we operate a network, with better support, better IT processes, and by applying data insights.

Cloud-driven network management also lets Cisco work alongside IT pros. We can work proactively and in real-time when there are issues to address, instead of waiting for a support call. Insights that we gather from cloud-driven peer networks globally enables us to act more dynamically to keep networks functioning at peak efficiency – and makes dynamic, business-led improvements easier as well.

This architectural principle gives IT pros a lot of flexibility. Enterprises can choose what data they share; whether their controller and management layers are on-prem or off; and they can choose how they engage with us for support and consultation.


We can use the data and analytics from our networks not just to improve our networks themselves (making them more secure and more efficient), but to serve our business outcomes. This is the most exciting area of growth in networking. It’s ultimately what networks are for: Driving business forward.

We start with taking the reactive model of IT support and putting it on a new footing: proactive, based on next-generation analytics. We now leverage data to resolve issues before they impact business, or even before a user calls in a problem. If a failure does sneak through, analytics can pinpoint the cause and scope quickly, to speed remediation. We can determine with confidence when an issue is network-related and when it isn’t – speeding up the mean time to innocence for network professionals, which can be key to their career success.

Our businesses operations themselves also generate valuable data. For example, nearly every single person today is carrying a mobile device that will be noticed by a businesses’ wireless access points. Data from these interactions can be applied to all sorts of issues that go straight to the bottom line. We can help a business determine where its customers are and how they flow through their facilities. These insights lead to better customer engagements, and they improve the ROI of a network.

The same technology is being used in medical and industrial facilities now to make sure that high-value equipment is where it’s needed and is staged appropriately when it’s not in use. Solutions like these go straight to business outcomes.

We can also use network data to improve our security posture. We use participating customers’ network telemetry, along with our global threat intelligence, to discern patterns in network traffic that indicate the presence of malware within encrypted traffic. We give enterprises a layer of insight into encrypted traffic — without decrypting it. Based on this posture they can choose to deny this traffic, or selectively decrypt it. They can balance security with privacy, and control for the cost of decrypting traffic at scale.

In sum, we feed data from all network sources into analytics engines and machine learning systems, and this leads to insights we apply to security, IT operations, and business outcomes.

The way forward

This outcome-driven architecture is what we have been building for the last two years. It’s why we are all-in on intent-based networking. For unplugged and uninterrupted networking, we need our systems to be wireless first, cloud-driven, and data-optimized.

To see how we are modernizing the network, from endpoint to device, see our latest news.


More reading:


Unplugged and Uninterrupted: What’s Driving Networking Today

Cisco extends Encrypted Traffic Analytics to Nearly 50,000 Customers

Source: Cisco
It’s here. Cisco has solved one of the biggest challenges facing the security industry – and now thousands of Cisco customers can start using this breakthrough new network security technology. Back in June, Cisco announced Encrypted Traffic Analytics – a breakthrough technology that identifies malware in encrypted traffic, without having to break apart the packets […]Cisco extends Encrypted Traffic Analytics to Nearly 50,000 Customers