Avatar

Just over a year ago, David McGrew, one of Cisco’s fellows, walked into my office to brief me on a project he was working on. The next 45 minutes were pretty unforgettable.

He explained to me that he and his team had discovered how to solve one of the biggest challenges in network security: They had invented technology that can identify malware in encrypted traffic. They even were showing four nines of accuracy in their test cases and no information was being decrypted. The fact that no decryption was involved meant their approach did not come at the expense of privacy.

It wasn’t until he walked me through exactly how they were running machine learning algorithms they invented on some of Cisco’s massive networking traffic data set — and how they had identified many data features of the encrypted traffic that can be used to recognize malware — that I realized they had solved the unsolvable. I thought it was impossible, but a small team of Cisco’s data scientists had proved otherwise. They had thrown the industry debate of “security versus privacy” right out the window.

Rethinking Networking for a New Generation 

Today we’re launching this very technology — Encrypted Traffic Analytics (ETA). But it isn’t the only innovation we’re announcing. ETA is actually a part of what we call “the intuitive network,” a new generation of intent-based networking infrastructure.

Based on Cisco’s Digital Network Architecture, the hardware and software innovation we’re releasing this summer culminates the work of thousands of engineers. It’s Cisco’s most significant development achievement in the last decade.

We consider this moment in Cisco’s history to be the next starting point for networking. It’s more relevant today than it has ever been, and Cisco is delivering the networking platform for digital business. An intuitive network that is powered by intent, secure, informed by context, and learns.

Every day for the past two years, we’ve been building this network and mapping out what our customers needed to make it real.

We knew the network was critical to the future, but with the explosion of devices, the emergence of cloud, and the rise of mobility we had to question if the current approaches for building and managing networks were sufficient in this emerging world.

We knew our customers were spending too much time and expense operating their networks, and their infrastructure wasn’t agile enough.

And then there was security. IP networks allowed us to connect the world, but we didn’t anticipate that threat actors would take advantage of this connectivity to attack us.

These factors led to a fundamental conclusion: We had to rethink how we build enterprise IP access and campus networks, from the ground up.

And there were two big developments we needed to do so: intent-driven infrastructure and a command center for the enterprise network today announced as Cisco DNA Center.

Building the Intuitive Network

The intuitive network starts with intent-based infrastructure that is secure — essentially all IP infrastructure, including switches, routers, wireless access points, that provides the connectivity and routes traffic from devices (PCs, tablets, phones, video screens, IoT) within the enterprise and to the internet.

IP networking started small 30 years ago, connecting two departments in a lab. Now, enterprises have networks with tens of thousands of boxes. Most of them still have relatively primitive tools to manage this complexity. It’s an expensive process and can slow down the business.

The wireless network is separate from the wired network, which is separate from the Wide Area Network. And they’re all managed and configured separately, and they can all have different interfaces, commands, and configuration models. Even worse, this is all usually done one box at a time.

With the intuitive network, we fundamentally changed the approach, removing a lot of the complexity accumulated over the past 30 years.

Now we have one unified system that spans the entire enterprise access network, covering all type of devices. It acts as a single platform, driven by intent. This intent-based infrastructure is programmable and integrated so that it can be automated. Also, security is built-in with the ability to find threats and automate responses to keep enterprises protected from advanced threats.

This unified system includes our networking software operating system, IOS. Over the past two years, we’ve completely rebuilt IOS for the digital age. IOS is now API driven, open, programmable, and modular — all capabilities that are required from a modern software stack.

These capabilities will allow IOS to be extended by our customers, more easily integrated with other systems, and delivered in whatever form factor our customers want. It will run across our entire enterprise switching, wireless, and routing portfolio — on new and existing infrastructure. All the capabilities and richness developed over the past 30 years are now updated and brought forward — to power intent-driven networking for the next 30 years.

And although our intent-driven IOS software can be deployed on existing equipment to transform deployed networks, we are also releasing a new lineup of our award-winning Catalyst campus switches — the 9000 series. These platforms are the most advanced enterprise switches in the world. Notable benefits:

  • Programmable: High-performance, programmable ASICs that adapt to future innovations — a breakthrough in silicon technology.
  • ETA Ready: Ability for the network to find and block the most sophisticated cyberattacks.
  • IoT Ready: Instantly discover, onboard, and automatically segment IoT traffic. This includes the ability to automatically configure the network for security — separating IoT devices from other traffic.
  • Mobile Ready: Capable of hosting a wireless controller, and future-proofed for new wireless standards such as 802.11ax.
  • Cloud Ready: These platforms are built for extensibility and open programmability. They can host third-party applications on a built-in x86 compute complex, allowing our customers to run their applications in containers or virtual machines.

Along with all our development building intent-based infrastructure, we also developed a command center for the intuitive network, Cisco DNA-Center. Cisco DNA-Center is where Intent is defined, as policy, and then the network is automatically configured to implement that intent.

This process happens across hundreds or thousands of individual switches, routers, and wireless access points that make up an enterprise access network. What was before a manual task where each part of the network had to be configured separately, often box by box, we will now have a central on-premise or cloud-delivered (depending on customer requirements) dashboard to define our business intent, and the entire network will act as a single fabric to carry out that policy.

Cisco DNA-Center is also an analytics platform, collecting context from the network as it operates. All types of data that were previously isolated on thousands of individual routers, switches, and wireless access points can now be streamed to Cisco DNA-Center in real time, helping us better understand the operation of the enterprise and continually learn to solve complex business problems.

This closed loop of defining intent, collecting context, learning, and then implementing new intent based on those insights is intent-based networking. The combination of Cisco’s intent- based, secure infrastructure with Cisco DNA-Center’s single point of policy definition, context collection, and learning will become the new approach to building enterprise networks.

This is The Network. Intuitive.

 



Authors

David Goeckeler

No Longer with Cisco