Network Automation without Assurance is a point solution

4 minute read

Network of Networks

Typically, an organization's network isn't a single thing.  It's a collection, a network of networks if you will, which work together to deliver the connectivity from user to app, from sensor to data repository, which underpins application service for an organization.

There are networks of different types, using different technologies, connecting different domains, using multiple vendors; each must be interconnected and interoperable in order to deliver the packets which carry application data from application workload to user. The number and depth of these interactions bring complexity to the network of networks and with it being dynamic and alive, this complexity grows daily.

State of Network Automation

The biggest challenge that modern network teams face is managing that complexity, along with the scale that adoption of connected applications has brought to the modern IT landscape. And as network engineers, not only are we constantly reminded that the best way to cope is to automate, but we recognize the necessity.

The idea is to maintain a centralized management point for the network which can provision service and deploy change using as few touchpoints as possible. Typically, that might mean introducing:

  • a Software-Defined Network - where a vendor has introduced a centralized policy and configuration server or controller to their network solution to provide the single management and monitoring touchpoint for their solution;
  • scripting/programmability - the ultimately flexible solution, building, where possible, custom logic to define exactly what the outcome will be for the network devices, though developing and maintaining code introduces new overhead into the management of the network; or
  • commercial automation tooling - which tends to be very specific to a particular function (e.g., push of security policy, troubleshooting commands, or configuration snippets) and often limited in vendor support.

Testing

These approaches all have pros and cons of course, but typically are very focused on delivering an outcome for a specific task, for a specific vendor's equipment, or in a specific network domain. As such, testing of success of automation tends to be focused and task-based too. And while this has a certain level of value in ensuring that tasks themselves aren't broken, it's hard to verify that the impact of change to the network isn't farther reaching, or that further change is required to enable the capability we’re trying to introduce.

Consider the case where you create a new subnet in your private Cloud instance – this is easily verified that it has happened through the API into your favorite Cloud provider. But does that mean it is available and usable? Not necessarily – we might need to make sure it is advertised into our on-prem network, redistributed over our SDWAN into our campus, and that policy is updated to allow traffic to pass to it.

Network Assurance

Network Assurance has the goal of validating that the network is operating the way you intend it to and enabling corrective action when your dynamically changing network drifts too far from your intended state. Importantly, the scope for network assurance is the whole network end-to-end, not limited to a specific vendor or domain.

By using IP Fabric's automated network assurance platform, it's possible to validate:

  • Inventory - that the operating network contains the devices you believe it should, and that they are operating and supportable;
  • Configuration - that the management, control, and data planes of the operating devices are configured appropriately, per operational standards and Best Practices;
  • State - that at a given point in time, the configurations are being interpreted by all devices correctly to deliver forwarding behavior on each device as expected;
  • Topology - by analyzing and interpreting control and data plane state, in conjunction with an understanding of forwarding behavior of devices, a full topology of the network can be derived at every layer. This can then be used to ensure the network is built and connected as per requirement.
  • Behavior - combining all the data described above, we create a model of the complete network, across domains and vendors, end to end. Using that, we can validate that applications will behave correctly across the network and if not, why not?

IP Fabric uses snapshots of this model to build up a picture of changes across the network over time. Those snapshots can be of the complete network, scheduled regularly, or they can be ad hoc or partial views, depending on the desired effect (particularly useful before and after change implementation).

Validate workflow, not task

And this is the key. When changes are made in the network, it is not likely to be enough to simply test that the desired configuration has been pushed to the device. The impact of that change is likely to be felt further afield and so it is necessary to look more holistically at the outcome, as looking at the change in isolation can be misleading. Is a successful config push successful if it’s impacted your network elsewhere, and therefore your end-to-end service?

You can examine the state of the affected device and that may help but in reality, the best outcome is to validate that once tasks are completed, the overall change has had the desired impact on end-to-end service. And naturally, the only way to accurately verify that end-to-end behavior will be as expected is to not limit the scope but test against a model of the whole network.

And as IP Fabric's API allows snapshot creation and refresh, along with querying of those tests, it is the perfect tool to incorporate into an automated workflow to carry out that big picture validation.

Want to see this in action?

Recently, the IP Fabric team was in Las Vegas, where we shared the stage with Itential at Tech Field Day Extra at Cisco Live 2022. We showcased what it means to integrate network assurance into real network automation processes, and how that turns Network Automation from a point solution to a small problem, into a key component of the complete Self-Driving Network.

TFDx: Daren Fulwell (IP Fabric) Chris Wade (Itential), and Karan Munalingal (Itential)


Watch the Tech Field Day video below to see exactly how smart integrations can accelerate your network automation:

WATCH: Scaling Network Automation (with Itential)

WATCH: Closing the Loop with Network Assurance (with IP Fabric)

WATCH: Integrated Network Automation and Assurance Demo with Itential & IP Fabric

Get IP Fabric

Request a demo and discover how to increase
your networks visibility & get better time efficiency.
Free Demo | Zero Obligation
Request a Demo
We're Hiring!
Join the Team and be part of the Future of Network Automation
Available Positions
IP Fabric, Inc.
115 BROADWAY, 5th Floor
NEW YORK NY, 10006
United States
This is a block of text. Double-click this text to edit it.
Phone : +1 (914) 752-2991
Email : [email protected]
IP Fabric s.r.o.
Kateřinská 466/40
Praha 2 - Nové Město, 120 00
Czech Republic
This is a block of text. Double-click this text to edit it.
Phone : +420 720 022 997
Email : [email protected]
IP Fabric, Inc. © 2022 All Rights Reserved