Intent-based networking can turn your data center into a digital crime scene

An important side effect of digital transformation is that your network is likely to become a digital crime scene. As such, it needs a systematic approach to identify the culprit. In this analogy, a crime can be equivalent to a network outage or gray failure. And this is where intent-based networking (IBN) can help.

The general approach in solving a crime like this is to collect as much information as possible, as soon as possible, and to narrow down the pool of suspects. So, let’s see via an example what role IBN plays in all this.

Digital crime scene profiling

Without intent you don’t even know that a crime has been committed. Finding traces of blood in a room in a blood bank or hospital are expected. Finding traces of blood in a room of a home of a missing person is a different matter. But without intent it’s hard to distinguish a blood bank from a home. In a similar manner, dropping a packet of an intruder or forbidden traffic source is a good thing. Dropping a packet of a customer because of a misconfigured ACL is a bad thing. Intent helps you differentiate the two.

But even when the intent is known, there will be things you don’t know. For example, you have an algorithm to optimally distribute application workloads across racks in a data center. But you don’t know what the exact application’s behavior is in terms of generating traffic, nor how a particular combination of applications behaves in terms of traffic burstiness. As a result, minor faults (also known as “latent failures” in this Microsoft paper about gray failures) may occur. These may include micro-bursts, ECMP imbalance, or temporal link overloads, and you need to be able to detect them.

Leave a Reply

Your email address will not be published. Required fields are marked *