Cisco: How AI and machine learning are going to change your network

Cisco is betting heavily that artificial intelligence and machine learning will play an enormous part in future networks and data centers.

How far and what roles those technologies play may be the biggest questions but the stakes are clearly in the ground.

For its part, Cisco this week rolled out a server system targeted at supporting machine learning and AI applications, but it is really just the tip of the iceberg of the network giant’s move toward both technologies.

For example, in a recent interview Roland Acra, senior vice-president and general manager of Cisco’s data center business, noted a number of ways Cisco is utilizing machine learning in particular to drive networking changes.

Cisco and its big ASICs

Central to Cisco’s push is being able to gather metadata about traffic as it passes without slowing the traffic, which is accomplished through the use of ASICs in its campus and data-center switches. That’s in addition to performing the traditional functions of ACICs – forwarding packets, encapsulating, decapsulating, queuing and enforcing quality of service, Acra says.

“In previous generations of silicon, you would be, ‘well, I could get line rate but then I won’t get a whole lot of telemetry,’ etc. Now we can do 100G on a 100g port, with all the features turned on and with a lot of data being produced on the side that’s documenting [a variety of network details such as] traffic matrices, who initiated the TCP session, and hundreds of signals now being produced by the silicon.”

Machine learning can be applied to all of that intelligence data for all manner of applications that help network operators handle everything from policy setting and network control to security. Cisco has already given customers options for securing their resources using machine learning and the metadata Cisco gathers from its switches.

Security stems from the network

The network plays a pivotal role in the way we are detecting malware in encrypted traffic, said John Apostolopoulos, Cisco CTO and vice president of Enterprise Networking.

“The trend now is having encrypted traffic end to end and how we can identify that there’s malware in that traffic without decrypting that content,” Apostolopoulos said. Cisco noted that it believes encryption will be used in 70% of attacks in 2019.

“We have huge data lakes of information about all the threats throughout the world from our Talos security team. Armed with all this data about all the attacks and malware that are out there we look at and try to identify patterns such as packet sizes and the arrival times of these packets between the sender and receiver so even though the packets are encrypted you can identify them.”

“In addition, if you look at the cypher suites that are used for the encryption that actually tells us a lot because many of the bad guys out there use particular cypher suites, which also helps identify the traffic,” he said.

Cisco offers a service called Encrypted Traffic Analytics that employs machine learning algorithms and AI techniques to help users rapidly spot security issues on the network and contain infected devices and users.

Another AI/ML use case is found in Cisco’s Tetration platform where the generation of network access lists are handled automatically. The Cisco Tetration Analytics system gathers information from hardware and software sensors and analyzes the information using big data analytics and machine learning to offer IT managers a deeper understanding of their data center resources.

Tetration enforces a whitelist model, Acra said. “Meaning nothing goes unless I explicitly tell you it’s allowed to go – between every VM and every other VM, servers, containers etc. With Tetration the network is learning all of the patterns in that network with lots of detail and from there we suggest the connectivity graph becomes your white list. Tetration has tools will do the ML and all of this activity turns the network into the sensor but also the enforcer of the policy. Users can automatically quarantine a node etc. or send an alert to an admin.”

AI and ML are only as good as their datasets

Machine learning is only as good as the data set, and we have an enormous data sets at Cisco, said Apostolopoulos. “We have trouble ticket data sets, we have our own bug data bases, we have traffic data sets and we have another data assets that all together can be used to fundamentally change the way people deploy and manage networks.”

Leave a Reply

Your email address will not be published. Required fields are marked *