Intent-based networking 101

Jadecy Kidane

June 3, 2019

What is intent-based networking?

Intent-based networking (IBN) is a model designed to leverage the power of automation and software-defined networking in day-to-day management and operations. In intent-based networking, administrators enter their desired end-state, then the network automatically implements the configurations on the back-end to make that end state a reality. Fueled by network automation and the power of data, IBN has the promise of being the “easy button” network admins dream about.

This approach to networking is not new, but it has recently picked up momentum. (Cisco’s DNA Center, which now integrates with Bluecat’s core DNS management platform, is a prime example.) IT administrators have long leveraged network automation, but IBN takes that capability to a new level.

Intent-based networking has three core components.

  • The first is a mechanism that allows users to simply model a business intent or policy (a desired outcome or behavior), instead of the lengthy process of modelling, testing, and executing a policy.
  • The second component allows users to monitor and evaluate if a network configuration is effectively meeting the policy.
  • The last component is the ability to detect any variances in network performance then users can make changes accordingly.

BlueCat CTO Andrew Wertkin calls these three components of IBN a “performance feedback loop”. When these components work together, the resulting system enables network teams to meet their service level agreements by automating lengthy and complex tasks while effectively implementing policies.

The Intersection of IBN & DNS

IBN operates at a high level and not at the granular, IP address level. At the same time, IBN systems produce configurations that often have ripple effects throughout the enterprise, all the way down to the DNS layer. The success of any IBN adoption ultimately relies on unified, automated core network services.

To implement IBN at the core network services layer, systems like Cisco DNA require a centralized DDI solution that can implement changes across the enterprise automatically, without creating configuration conflicts which bring down the network. Full network visibility is an implied necessity for tying IBN to DNS. Therefore, any blind spots can mean potential gaps when rolling out policies, or a skewed understanding of network performance.

IBN delivers faster deployment and provisioning which needs a DDI system that can operate at the necessary scale and speed, Wertkin explains.

DNS is the ultimate indicator of intent

“A DNS lookup is a clear signal of where a user wants to go and as a result, what they want to do,” BlueCat’s Director of Cloud Services, Joel Brooks, describes. User activity often starts with a DNS lookup: starting up a machine and connecting to a network, printing a document, or accessing an application.

In the context of IBN, DNS indicates that intent to the network and triggers a policy to be carried out. Since DNS is positioned as the first signal to the network, it’s the most reliable indicator of intent and a key enabler in adopting IBN.

A simple use case is providing access to a user profile. Say HR personnel need to access a particular resource while in the office. DHCP will assign an IP address which indicates an HR personnel’s location on the network or their physical location in the office.

Network administrators can craft policies in an IBN platform that allow access to certain applications based on a user’s location on the network or in the building. When admins create employee profiles, they are already configured with the appropriate services.

In this and many other use cases, IBN relies on DNS to provide a signal to the network to trigger a policy and initiate each subsequent action. Where a policy represents intent at the network admin level, DNS represents intent at networking level and facilitates the ease of use IBN is designed for.

Automate for a better return

“IT needs to meet the unpredictable requirements of the business at some level of predictable costs. In order to do that, they need to be able to change infrastructure rapidly. In order to do that, they need to get out of the business of manually configuring complex infrastructure after translating business requirements,” Wertkin describes.

When a network team receives a policy without an IBN system, they deconstruct it into network-level commands, create service tickets, and engage the relevant teams. This process can take weeks. Automation of core systems like DNS allows the system to translate policies into complex configurations on the fly, making implementation of network policies across a complex landscape manageable and efficient.

Visibility into your network

“Proactive monitoring is a critical part of IBN,” Wertkin explains, “It ensures the service is meeting the intent as opposed to reactive alerting.”

This is the key component that makes IBN into a controlled feedback loop. By feeding aggregate data into a central control pane, network teams can evaluate if the intent of each policy is being met. Teams can adjust configurations before service is interrupted or outages occur.

Beyond implementing policies, proactive monitoring provides more visibility into network performance. Visibility means understanding how a network behaves and identifying issues for quick remediation. As the cycle of implementing, evaluating, and configuring continues, network teams are fine-tuning the complex infrastructure that supports the business.

Getting started

Enterprise-wide implementation of IBN is a mammoth endeavor. It requires careful planning and has rippling implications on critical infrastructure. Wertkin outlines three best practices to drive any organization’s IBN adoption:

Access readiness. This is a first step. Key areas Wertkin recommends evaluating are operations, skill sets, compliance and governance, existing service level agreements, and the organization. The impact of adopting IBN goes beyond a standard technology transformation.  It’s a change in organizational culture as well. From the start, it’s valuable to understand if an organization is capable of this level of change.

Start small. Wertkin also proposes launching the process by exploring IBN in a lab with only essential vendors to protect the organization’s critical infrastructure. The transition can start with low impact areas such as guest networks or new environments.

Aim for agility. Throughout the journey, Wertkin advises IBN adopters to design and architect infrastructure to enable rapid change. Businesses require rapid change and that presents more challenges when identifying and meeting network requirements. To uncover the promise of IBN, administrators need to design to support rapid changes so the architecture can meet business requirements.

BlueCat customers, already reaping the benefits of unified core network services, have taken the first step in their IBN journey. Customers also have a preview of IBN-driven network management through our core platform. Intelligent automation is the API-based component of the platform that supports the automation of custom workflows in DNS operations. BlueCat-built workflows allow users to add or delete host records, selectively deploy network devices, and adjust domain controls for internet breakout and SD-WAN.

Early IBN adopters using Cisco DNA Center can leverage BlueCat Cisco DNA IPAM Driver. BlueCat’s new DNA Center integration provides the ability to see network IP address scopes and provision the scopes that the enterprise owns directly within the DNA Center or the BlueCat Address Manager interface. Using this workflow, network admins can confidently use DNA Center push through policies.

Published in:

An avatar of the author

Jadecy Kidane is the Marketing Content Manager at BlueCat.

Related content

Detect anomalies and CVE risks with Infrastructure Assurance 8.4 

The Infrastructure Assurance 8.4 release features an anomaly detection engine for outliers and a CVE analysis engine to uncover device vulnerabilities.

Read more

Get fast, resilient, and flexible DDI management with Integrity 9.6

With Integrity 9.6, network admins can get support for new DNS record types, architect and configure multi-primary DNS, and automate IP assignments.

Read more

Deepen your security insight with Infrastructure Assurance 8.3

BlueCat Infrastructure Assurance 8.3, with an enhanced analytics dashboard, including interactive widgets and top 10 alerts, is now available.

Read more

Security, automation, cloud integration keys to DDI solution success

Only 40% of enterprises believe they are fully successful with their DDI solution. Learn how to find greater success with new research from EMA and BlueCat.

Read more

Our commitment to Micetro customers and product investment

From CEO Stephen Devito, a word on BlueCat’s ongoing commitment to supporting Micetro customers and Micetro’s evolution as a network management tool.

Read more

Seven reasons to rethink firewall monitoring and boost automation 

With BlueCat Infrastructure Assurance, you can better protect your network with automated alerts and suggested remedies for hidden issues in your firewalls.

Read more