To Survive in a New Information Age, IT Orgs Will Need a New Network. It’s Here.
Right now, the Internet connects some 8.4 billion things. In three years, this number will grow to an astounding number, with an estimated 1 million devices and “things” connecting to the Internet every hour. Every hour.
And the expansion of IoT is just one trend expected to push the limits of IT infrastructure and the networking professionals responsible for it. The adoption of multi-cloud computing models and a security landscape riddled with evolving threats will also challenge networks like never before.
This emerging IT environment will result in a prohibitive level of complexity. Currently, every box that plays a part in keeping a network running — switches, routers, access points, firewalls — has to be configured, deployed, updated and patched manually. While scripts and automation software can help simplify these tasks to a certain extent, the architecting, deploying, configuring and maintenance of a network are still predominantly manual processes.
How will network engineers keep pace?
Sachin Gupta, vice president of product management for Cisco’s Enterprise Networking group, says the current methods for managing a network are simply unsustainable. If the network is key to a modern business’ success, a different approach will be required.
In June, Cisco introduced The Network. Intuitive. — the company’s vision for intent-based networking that included the release of a new wave of hardware and software designed to revolutionize networking. Included was the Catalyst 9000 switch; a programmable ASIC chip that is engineered to handle incredible computing demands; Encrypted Traffic Analytics (ETA) for detecting malware in encrypted traffic; an advanced analytics platform; software-defined access (SD-Access); and DNA Center, which is the automation and learning engine for the entire network.
These new releases, Cisco said in its news release, will provide an adaptable network that “anticipates actions, stops security threats in their tracks and continues to evolve and learn.”
Gupta says hundreds of engineers at Cisco have been working for multiple years to catapult the entire industry into the future, just as the tidal shift of networking demands takes hold. And we’re seeing the beginning of that trajectory now.
“We’re going to look back 10 to 20 years from now like we do on the iPhone world,” Gupta said in an interview. The upcoming technology changes will be so fundamental that we will come to view them as new standards. Though, he added, “it might take five to 10 years for networks to move that way on a significant scale.”
One of the most significant differences network engineers will experience is the shift from managing networks to automating them. Gupta says a network engineer now spends the majority of the day just keeping the network running. Simplifying that process will open the door to creativity and higher-value work not possible today.
Carl Solder, senior director of enterprise switching at Cisco, said eliminating the typical complexities of running a network is crucial to making this fundamental change a reality.
Solder played a leading role in designing DNA Center. His early PowerPoint sketches served as the blueprints for what users see on their screen in the released version.
DNA Center is the graphical user interface (GUI) that acts as the connective tissue between all the individual boxes of the network, and Solder says the ability to centrally manage all those pieces makes managing and securing a network much easier. It will reduce routine management tasks like applying network-wide policies, toggling features, applying ACLs and VLANs to a mostly drag-and-drop operation. Tasks that can take days could end up taking seconds.
Currently, Solder said, network engineers typically work with every switch manually to apply and modify configurations. This process can be both complex and time-consuming for the administrator.
“What we’re trying to do now is extract away the complexity,” Solder said. “Under the hood, the same [equipment and protocols exist], but now the administrators have this controller that sits in front of them. They use drag-and-drop to express what they want the network to do, and the controller then goes and figures out how to apply those configuration elements on all the devices under its control.”
As an example, Solder uses the case of a major airport like San Francisco International. In a large sprawling facility like SFO, airport staff, contractors, airline companies and even travelers are typically all on the same network. To separate these different groups, engineers would need to apply a heap of manual work putting access controls in place and dividing the network with segmentation technology like VLANs, VRFs, MPLS VPNs or something similar.
“You have United, Delta, American Airlines, Alaska and Southwest,” Solder said. “Each of those airlines is a different company, but they are each [a tenant] on the same airport network. You don’t want a Southwest employee accessing the American Airlines ticketing system. So you have to segment or create a virtual boundary, between the physical connections of each of those companies. That way when a Southwest employee logs in, they only have access to Southwest printers, Southwest ticketing, the Southwest sales system, and so on.”
With an intent-based network managed through Cisco’s DNA Center, all that segmentation work would be a drag-and-drop operation. The CLI still exists, of course, Solder explained. The segmentation appliance will still be on the network and the protocols it uses are the same. Access control lists still apply. But how a network engineer interacts with these components fundamentally changes to make it as simple and automated as possible.
Now running an extensive network will be a matter of establishing policies and rulesets, and then allowing the DNA Center controller to figure out the best way to apply them automatically.
“Automating a network means you never have to worry about managing the network … at all,” Gupta said. “We’ve lived in this manual, CLI world for 30 years. What’s exciting for me is, we can now offer to customers a way to think about a 100,000 port network as a single, fully abstracted system that [on top of which] they can express policy.”
Policy expression will be the future for network engineers, Gupta said. Instead of spending 80 to 90 percent of their time keeping a network running, they will decide what policies make the most sense and find ways to bring more value, better security, a better experience for end users, or even find new paths to revenue.
Intent-based networking ultimately will lead to a massive shift for businesses in many ways. Cisco says IT organizations already using its intent-based networking technologies and software are experiencing substantial reductions in operating costs, increases in network performance and a 400 percent ROI, with a nine-month payback period.
At Cisco Live! in June, one of the event’s guest keynote speakers explained what practical changes he experienced with intent-based networking, and how his time is spent doing higher order work like providing a valuable experience for employees and contractors.
Kevin Tompkins, a network architect at Scentsy Inc., joined David Goeckeler, executive vice president and general manager of Cisco’s Networking and Security Business, on stage to talk about his experience with SD Access — the policy application feature of DNA Center — and the new Catalyst 9K switches.
Scentsy is a wickless candle and warmer company based in Meridian, Idaho. The network Tompkins manages hosts more than 1,000 employees and 100,000 globally distributed independent consultants. With this ecosystem, the network is obviously quite critical for his business.
An intent-based network, Tompkins said, signifies “a pretty fundamental change in how we treat the network, how we’re going to design and manage it, and how we’re going to look at it in terms of what it can do for security in our business.”
“One of the things we have to do as network administrators is to maintain constant connectivity to all our systems, but we also have to ensure there’s a secure IT experience for our consultants. We’re protecting their personal and financial data.”
One way his team ensures that secure IT experience is through segmentation all the way out to the access layer, Tompkins said. The problem his team faced in the past is applying policies to hundreds of network devices on hundreds of access control lists on those devices, which is “very time-consuming.”
“Managing this level of complexity is where SD Access comes into play,” he said. “We can now define a policy in one place globally, and it pushes out across the entire network. All of a sudden we’re getting segmentation without doing those repetitive maintenance tasks.”
In being free from the repetitive work of just maintaining the network, Tompkins can use his valuable time to help find new creative solutions that can have a significant impact on Scentsy employees and consultants.
“I think we’ll have some cool and unique challenges as we adapt to this new technology. But this is an exciting time to work in networking,” he said.
To learn more about intent-based networking, visit this link for more information
Also, check out the story of how Cisco engineers created ETA, the machine-learning powered system that can spot malware in encrypted traffic.