Avatar

Intent-Based Networking is rapidly gaining converts as IT takes advantage of the multiple benefits it brings to managing both wired and wireless enterprise network fabrics. From data centers to campus to multi-domain cloud platforms and secure branch deployments, Intent-Based Networks provide the automated controls, policy management, security, and assurance enterprises need to enhance their business operations. With so much of the workforce going mobile or working remotely, control over Wi-Fi and cellular devices, along with the applications and data they access, is a top priority.

In enterprise networks, enforcing centrally-established micro-segmentation policies ensures secure connections to permissible data sources and applications. Unfortunately, enterprise network managers currently have little control over how the devices of the mobile workforce connect and behave once they transition to cellular networks. While there are presently some controls over access to applications on the enterprise network while connecting through a service providers’ cellular system, it’s not very granular. In addition, the enterprise has no control over how bandwidth, latency, and application priorities can be allocated and segmented for devices while they are on a cellular network.

Cisco’s goal is to provide the same level of control that Intent-based Networking provides over the enterprise network and devices to those connecting through cellular networks. This next phase will become even more critical as Wi-Fi 6 and 5G New Radio mature and are deployed widely in the next couple of years. We think building bridges between the enterprise Wi-Fi and service provider cellular networks is the next significant phase for taking advantage of the new collaboration technologies and digital transformation projects that 5G and Wi-Fi 6 will support.

Bridging Wi-Fi and 5G networks will also benefit service providers, enabling them to create new revenue streams by adding services tailored for enterprise communications, IoT, and multi-domain computing. 5G Mobile Network Operators (MNOs) will be able to create multiple, customized virtual private networks for specific customers and applications, creating a value-priced, services-based network they can monetize.

During the Mobile World Congress Barcelona, February 24-28, 2019, Cisco will be demonstrating new technologies to manage the integration of enterprise and service provider networks. Let’s preview what’s in store.

Allocating 5G Network Services to Meet Enterprise SLAs

5G MNOs will have much more control over creating and managing SLAs for enterprise use cases. As enterprises connect their wired and wireless Intent-based Networks to 5G, they will need to negotiate SLAs with the MNOs for all types of traffic and policies. An accounting department, for example, will have specific security policies attached to the group’s devices to access specific applications, but the SLA may not need to include more expensive ultra-low latency requirements. However, the security policies and SLAs for accounting need to be applied not just within the borders of the enterprise network, but to mobile devices connecting to the accounting applications over 5G. In other instances, a very low latency SLA will be required for use cases as diverse as telepresence, VoIP, and AR/VR devices. These very different SLAs all need to be defined and managed for each 5G network provider without drastically increasing complexity.

One of the methods of providing contiguous SLAs among enterprise and 5G segments is the ability for service providers to slice up the 5G network into segments, similar to how wireless networks are micro-segmented into special purpose channels to separate types of traffic. This is an important security, privacy, and performance capability. It enables the carrier to segregate traffic into unique partitions, keeping sensitive data separate from normal traffic, providing the necessary service level agreements for low-latency traffic, and creating an end-to-end virtual network encompassing compute and storage functions.

To take full advantage of 5G capabilities, Cisco is building bridges to make the slicing in a service provider’s network match segmentation in the enterprise wired and wireless network to create seamless end-to-end segmentation for network traffic. The 5G Network Slice Selection Function will enable, for example, IoT traffic to travel from devices and sensors at 5G edge end-points to the data center or cloud on enterprise networks using cellular channels provisioned specifically for IoT traffic patterns. A different slice can be tuned to provide low latency links for video and VoIP so that data streaming from enterprise network sources to 5G endpoints and back will have the required Quality of Experience (QoE). Another slice can be tuned to meet security requirements for specific applications and groups, such as the financial department, with perhaps higher—less expensive—tolerance for latency.

Extending Enterprise Intent-Based Network Controls to 5G Services

Connecting 5G slices to the enterprise network is the first step. Monitoring and managing SLAs as well as securing the traffic traversing 5G slices from and to enterprise wired and wireless networks is equally essential. These management layers provide two innovative opportunities:

  • MNO Service Providers can add value to their offerings for the enterprise, creating new business opportunities for IT-managed services.
  • Enterprise IT gains direct management control over LTE and 5G cellular traffic from and to the enterprise without needing to interact with the actual MNO every time IT needs to add or modify a device or change an SLA.

With intent-based networking, enterprise IT has control over segmentation, malware/AV detection, QoS/QoE, content filtering, and software-defined access to the network. Now the same controls can be applied to traffic moving from enterprise wireless to cellular circuits and back, such as when an employee leaves the campus wireless network and transitions to a cellular slice. The cellular slice has the same policies applied to the employee’s device for permission to connect to specific applications. For example, IT can define a policy so that when employees connect to an enterprise’s cellular slice outside of the enterprise or branch location, then they can only connect to specific applications and data sources through a secure VPN over the cellular slice. The security and access policies defined by IT automatically follow the device and employee where ever they roam within the carrier’s coverage. Common policies are applied independent of connections.

Machine learning combined with analytics in Cisco DNA Assurance provides the ability to monitor, report, and predict performance issues in Wi-Fi and 5G segments. By continuously recording and analyzing traffic patterns across the enterprise networks and extending to service provider networks, problems can be detected and proactive alerts sent to IT personnel, who can fix performance issues before they have negative impacts on business.

Achieving a Homogeneous Wireless Intent-based Network

With wireless now the standard choice for providing connectivity inside and outside the walls of the enterprise, from data center to cloud to edge, the seamless management and security of wireless everywhere is the next milestone in the journey to Intent-based Networking and the Digital Enterprise.

 



Authors

Anand Oswal

No Longer with Cisco