Cisco Blogs
Share

Why is intent-based networking good news for software-defined networking?

In a previous blog post Cisco Engineering teams looked “under the hood” at intent-based networking.

A common question we receive is: “What is the relationship of software-defined networking (SDN) to intent-based networking?”  In this blog we:

  • Compare the model of SDN with intent-based networking: How are they different? What should you know?
  • Share our point-of-view about why this differentiation ultimately matters to our customers.

What is SDN?

Software defined networking (SDN) developed out of the need to automate, scale and optimize networking for applications that may be provided either via an enterprise datacenter, a Virtual Private Cloud (VPC), or as-a-service (public cloud).

We view SDN as a centralized approach to the management of network infrastructure. SDN provides a number of important benefits for network and IT operators through controller-enabled, network visibility and automation including:

  • Ability to programmatically automate network configurations, increasing scalability and reliability
  • Increased flexibility and agility for changing the network operation to enable an application or address a task.
  • Centralized visibility of the network topology, network elements and their operation across the network infrastructure.

Beyond automation: What are the limits of SDN?

While software-defined networks (SDNs) have largely automated the process of network management, organizations now require even greater capabilities from their networks in order to manage their own digital transformation.

For example, IT teams should expect:

  • Automated translation of business polices to IT (security and compliance) policies
  • Automated deployment of these policies
  • Assurance that if the network is not providing the requested policies, they will receive proactive notification.

These are some of the motivations for moving beyond SDN towards intent-based networking.

How intent-based networking builds on SDN

SDN is a foundational building block of intent-based networking. The good news for SDN practictioners is that intent-based networking addresses SDN’s shortfalls. Intent-based networking adds context, learning and assurance capabilities, by tightly coupling policy with intent.

Figure 1: How SDN compares to intent-based networking

“Intent” enables the expression of both business purpose and network context through abstractions, which are then translated to achieve the desired outcome for network management.  Whereas, SDN is purposely focused on instantiating change in network functions.

In our previous post we introduced the three foundational elements of intent-based networking: translation, activation and assurance (Figure 2).

Figure 2: Closed-loop feedback in an intent-based network delivered by Cisco architectures

  • The translation element enables the operator to focus on “what” they want to accomplish, and not “how” they want to accomplish it. The translation element takes the desired intent and translates it to associated network policies and security policies.  Before applying these new policies the system checks if these policies are consistent with the already deployed policies or if they will cause any inconsistencies.
  • Once approved, the new policies are then activated (automatically deployed across the network).
  • With assurance, an intent-based network performs continuous verification that the network is operating as intended. Any discrepancies are identified; root-cause analysis can recommend fixes to the network operator. The operator can then “accept” the recommended fixes to be automatically applied, before another cycle of verification.

What’s the outcome?

The expanded capabilities of intent-based networking over SDN provide operators with greater flexibility in how to act:

  • Firstly, closed-loop feedback is critical to the operational success of intent-based networking.
  • Secondly, assurance does not occur at discrete times in an intent-based network. Continuous verification is essential since the state of the network is constantly changing. Continuous verification assures network performance and reliability.
  • Finally, if a problem occurs and a recommended fix has been identified, the operator can choose how recommended fixes are applied (depending on the user’s specified policy for that type of fix and the context of the problem), for example: routed to an administrator for “review and approval”, inserted into a ticketing system, or even automatically applied.

In summary, intent-based networking augments SDN, by delivering the network agility that organizations require to accelerate their digital transformation. By adding important capabilities, such as translation and assurance, a closed loop intent-based networking platform helps IT deliver continuous agility, reliability and security to significantly improve IT and business outcomes.

About this blog series

This “under-the-hood” blog series explores the elements of and use cases for intent-based networking. The aim is to help networking and IT professionals to gain insight of intent-based networking directly from Cisco’s engineering teams. We will share our vision of what the future holds, and the opportunities and benefits that intent-based networking can provide your organization.

If you have questions or topics you’d like to see included in the series, let us know!

For a deeper dive, read our recent White Paper on Intent-Based Networking.



In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

4 Comments

  1. Great reading and great model with massive potential

  2. Very useful article

  3. Focusing on the “what” rather than the “how”, gives business much more flexibility to grow. Continuous monitoring will also help to adjust the rules on an ongoing basis.

  4. Great article! Intent-based networking is a natural successor to SDN, as it builds on the foundations of SDN, but takes related technologies a step further by including assurance, learning and context capabilities.