While market incumbents are building out their initial intent-based networking (IBN) strategies, several startups are also innovating on the idea of building networks that essentially manage themselves.
Their goal is to take the frustration out of deploying, monitoring, and managing a network, as well as improve availability and security – all while lowering operating costs. Today, tasks like configuration of networking devices and network assurance are highly manual, and network technology vendors aim to change that through automation.
Gartner analysts say IBN can become the next big thing in networking, and while the market for IBN products is nascent, some valuable solutions for data center network operators already exist.
The analysts predict that IBN technology won’t be fully mainstream until 2020. Gartner expects the number of enterprises deploying it to grow from hundreds in mid-2018 to more than 1,000 by the end of next year, Gartner analyst Joe Skorupa said in an interview with Data Center Knowledge.
But, he added, it’s a good time for data center operators to start testing the technology to see how they can benefit.
“If you are forward-leaning and believe technology can provide a strategic advantage, then yes, it’s time to bring in a few vendors to prototype. The incentive is this will make your life easier,” he said. “The world is changing, and if you don’t allow your engineering teams to learn about it, you will be behind.”
After exploring the budding IBN strategies of the biggest data center network technology vendors last week, today we’re taking a closer look at what analysts agree are the leading startups in the space:
Two years after its initial release of the Apstra Operating System (AOS), the self-funded startup in Menlo Park, California, remains one of the few companies to produce a comprehensive IBN solution. AOS, which runs on any vendor’s networking hardware, allows network administrators to automatically configure, deploy, monitor, and validate their data center networks, according to the company.
“What makes us unique is the multi-vendor aspect,” Carly Stoughton, Apstra’s head of technical marketing, said. “We firmly believe our customers should choose the hardware and their switch operating systems, and we automate on top of that.”
Apstra’s CEO, Mansour Karam, comes from Arista Networks, while its CTO, Sasha Ratkovic, is a Juniper Networks alumnus. A co-founder is David Cheriton, a Stanford University professor emeritus who also co-founded Arista, was an early investor in Google and VMware, and founded Stanford’s Distributed Systems Group.
The startup continues to make progress toward its vision of self-operating networks. In January, it beefed up AOS with intent-based analytics, which allows IT administrators to specify how they expect their networks to operate. The software analyzes network telemetry data, continuously validates the IT staff’s intent, and sends alerts if it discovers problems.
This summer, Apstra added additional features to AOS, including automatic configuration of the Ethernet VPN protocol, which is used to secure multi-tenant environments. The company also integrated AOS with VMware vSphere, giving administrators visibility into the network’s effects on application performance.
“It allows network engineers to have an idea of what’s going on in the virtual infrastructure without having to log into vCenter, a tool they are not necessarily skilled on,” Stoughton explained.
This five-year-old startup is focused on only one aspect of IBN, but it’s an important one: verification. Forward’s software creates a mathematical model of the network and verifies that it is configured and behaving exactly as intended.
The software doesn’t look at live traffic; it grabs network configurations, builds the network’s software model, and analyzes all possible packet behaviors as they traverse the network, looking for design flaws, Gary Kinghorn, the company’s director of marketing, explained. Problems it can find include security risks or portions of the network that don’t have redundant paths, which means weak reliability.
“It’s verifying network intent,” he said. “We come up with conclusions and recommendations and fixes to help you proactively remove errors and bugs from the network.”
The company, based in Palo Alto, California, was founded by four Stanford Ph.D’s who had done pioneering research in software-defined networking. Its software, which supports all major networking equipment vendors, can also test network changes before they are deployed in production. It can be deployed on-premises or consumed as a cloud service.
The startup in San Jose, California, is also five years old and also focuses on intent-based verification. It recently landed music streaming service Pandora as a customer.
Veriflow CEO James Brear said the company’s CloudPredict software can predict what things may go wrong in the data center network. “We are like fortune tellers,” he said. “It basically uses math to predict errors.”
CloudPredict collects information from all network devices on a network, including configurations, forwarding tables, and access control lists, and builds a network-wide predictive model for everything that could happen on the network. In doing so, it can identify problems that can cause outages or security vulnerabilities, said co-founder and CTO Brighten Godfrey.
“You want to be sure that if you have a single-device failure … you don’t have an outage. We can spot configuration issues,” Godfrey, associate professor of computer science at the University of Illinois at Urbana-Champaign, who received his doctorate at UC Berkeley, said.
The product, initially launched in late 2016, supports on-premises and multi-cloud environments. Its capabilities include a feature called “preflight,” which allows users to verify changes before deploying them on the network.
According to Godfrey, Veriflow’s product is complimentary to Apstra’s. “Apstra starts with intent and pushes it out on the network,” he explained. “We take the reality of the network and see if it matches with the intent. You really need both.”
The Seattle-based startup plans to develop an end-to-end IBN solution, but for now it’s focusing on network validation.
Founded in 2015, the company is developing software that verifies network intent, much like Forward and Veriflow do. However, its CEO Ratul Mahajan prefers to call it network validation, because his software can also do what he calls automatic policy inference. It’s a feature that Veriflow also offers but calls automated intent inference.
Essentially, the software knows network-architecture best practices and can intelligently infer or determine which policies a network needs, without input from a user. It then tells the user whether the network is compliant.
“What we do is beyond verification, because we can do things like, based on best practices, tell you what may be wrong with your network and flag those things,” Mahajan, formerly a principal researcher at Microsoft Research, said.
Intentionet’s software, which supports multi-vendor, heterogeneous environments, is built on top of an open-source network configuration analysis tool called Batfish, which the startup’s team played a big role in developing.
The company is currently testing its software with customers. While Intentionet is currently focused on validation, it’s looking into providing the frontend piece to IBN: ability to specify a high-level policy that generates the low-level configuration of network devices.
“We would like our customers to have an end-to-end solution that helps them manage the entire lifecycle of the network,” Mahajan said.
Plenty of Room to Broaden Scope
Analysts say Apstra has a very thorough IBN solution. Being vendor-agnostic allows it to differentiate from the big established vendors who have hardware to sell, Brad Casemore, research VP for data center networks at IDC.
“Apstra has a comprehensive understanding of all the pieces that need to be in place,” he said.
Meanwhile, Forward and Veriflow are coming at IBN from a different point of view. Instead of the frontend functions like design, deployment, and configuration, they are focused on verification once the network is deployed, but that’s OK, Gartner’s Skorupa said.
“All of these guys can go broader,” he said. “Even Apstra can go broader. The deal is you have to pick a starting point.”