Data center racks

Intent-Based Networking in the Data Center: Cisco vs. Juniper

How the two networking technology giants’ visions for self-driving networks differ from each other.

Cisco Systems and Juniper Networks both envision a future of self-driving networks. The two network technology giants differ on how to get there, but the journey for both of them starts with the concept of intent-based networking.

IDC Research defines intent-based networking, or IBN, as a step toward the goal of creating an autonomous infrastructure, which features cognitive thinking through artificial intelligence and machine learning and the capacity to proactively detect and remediate network and security events, Brad Casemore, IDC’s research director for data center networks, told us.

IDC’s rival Gartner has defined it as software that helps organizations use high-level business policy to design and automatically configure their networks. The software validates the correctness of the design and configuration, monitors network status in real-time, and automatically takes corrective action to ensure policies are met.

Established network equipment makers and startups alike are racing to build software for the emerging intent-based networking market. Cisco and Juniper – the market share leaders in data center networking – have already introduced their initial intent-based networking products.

Other players in the space include Hewlett-Packard Enterprise, Big Switch Networks, Pluribus Networks, and startups like Apstra. For now, no vendor has a complete solution, Gartner analyst Joe Skorupa said in an interview with Data Center Knowledge.

“We are in the early innings of intent-based networking,” IDC’s Casemore said. “Cisco is extending IBN across its entire networking portfolio – enterprise, branch, and data center, but it will not be alone. Juniper will certainly be a capable player, most assuredly in the data center and multi-cloud context, where it has focused intensively.”

What Intent-Based Networking Means for the Data Center?

Inspired by the ways hyperscale cloud platforms have automated their data centers, networking vendors hope to bring similar capabilities to enterprises, Casemore said. Enterprises, they say, will benefit from reduced complexity, better agility and security, operational efficiencies, and lower costs.

When compared to service provider or enterprise campus networks, doing intent-based networking in data centers is probably the most dynamic, because it’s not just about moving packets, it’s ensuring applications and data are accessible to users. That requires good network performance, protection from security threats, and mobility, Roland Acra, Cisco’s senior VP and general manager of data center networking, said.

Mobility is important because data center operators have to support their applications regardless of where they reside, on bare-metal servers, on virtual machines (VMs), or in containers, on-premises or in the cloud, he explained.

Cisco and Juniper executives say their intent-based products for the data center allow IT administrators to build, manage, and monitor policies, regardless of where the workloads reside. A VM could move from one server to another within a data center, or to the cloud, and the software will still enforce the policies, according to them.

“What we have is a convergence of multiple things,” Michael Bushong, Juniper’s VP of enterprise and cloud marketing, told us. “We have software-defined networks (SDN) and the rise of controllers, and the rise of cloud, which is pushing workloads outside of single-domain environments.”

The Products

Cisco executives say data center operators can begin implementing intent-based networking today with its family of three products: Application Centric Infrastructure (ACI), its data center SDN offering which delivers intent through policy-based automation; the Tetration Platform, which uses algorithms to analyze the network in real-time and detects network and security problems; and Network Assurance Engine (NAE), software that verifies network behavior and ensures that the network is in compliance with policies and can take corrective action.

Juniper in April released its Contrail Enterprise Multicloud software, an SDN controller that serves as the foundation for its intent-based networking strategy for the data center. The company integrated its AppFormix monitoring and intent-based analytics tools into the software, allowing IT administrators to manage and monitor workload policies from a single command center.

According to Bushong, data center network operators can use Contrail Enterprise Multicloud to deploy intent-based networking.

“When you specify intent, the user interface automatically pushes the configuration out to any of the devices required to make the intent active,” he said. “Contrail pulls state from the underlying networks, so we can visualize the topology and see the actual links. And if a link goes down, we can remediate.”

Multi-Vendor Support

Juniper differentiates its IBN tech from Cisco’s by supporting a multi-vendor environment, including non-Juniper switches, according to Bushong.

“Enterprises shouldn’t be restricted in what they have in the underlying infrastructure,” he said. “They should be able to use physical or virtual servers, use the public or private cloud. They should be able to use VMs or containers, and they should be able to use Juniper and non-Juniper switches.”

Not so fast, says Cisco, disputing the notion that it doesn’t support technology from multiple vendors. The company has partnered with about 70 companies, allowing ACI to work with other vendors’ firewalls, load balancers, intrusion detection systems, and even third-party switches, Acra said.

“We can ingest data from software agents that we put into the OS and watch the behavior,” he explained. “We can ingest third-party data by bringing in Netflow data from third-party switches and routers and telemetry from other network security devices.”

There’s of course the difference between support and tight integration. Cisco ACI is tightly integrated with Cisco hardware, IDC’s Casemore pointed out. Cisco Nexus 9000 Series switches, for example, support ACI’s policy-based services and automation.

Acra didn’t disagree that there were performance advantages to going all-Cisco. By deploying Cisco Nexus 9000 Series switches, organizations can carry forward its telemetry data to Tetration at wire speed, he said. “There’s definitely a benefit to having the right hardware for that purpose.”

Early in the Game

Again, these are just the two vendors’ initial steps toward the goal of autonomous networks. The work continues.

Cisco, for example, recently improved Tetration, and its Network Assurance Engine came out just this year. When a customer tests a new application, the new version of Tetration can observe the application’s behavior and automatically generate policies by creating whitelists, Acra said. Also, if an enterprise is worried that it may have been exposed to a security vulnerability three months ago, for example, IT staff can use Tetration like a DVR and go back in time to analyze traffic and see if they can spot fingerprints of the exploit, Acra said.

NAE has multiple functions beyond verifying existing policies. Before making a network change, for example, IT staffers can also use NAE to simulate how it impacts the network before changing the policy. With this last capability, Cisco could be taking a page out of Microsoft’s hyperscale network playbook. The cloud giant has built a system that simulates its entire global network in software to test changes before they’re deployed in production.

In upcoming announcements, Juniper is planning to further detail its intent-based networking strategy for data centers. “We are actively driving a broader self-driving agenda, and that includes event-driven infrastructure, analytics, telemetry, and machine learning,” Bushong said.

In December, the company announced three software bots, called Juniper Bots, aimed at service provider networks. Contrail TestBot allows users to test network changes before they are applied; AppFormix HealthBot uses machine learning to analyze network health and provide suggestions for improvements; and Contrail PeerBot automates network peering. Juniper now plans to roll out Juniper Bots tailored for the enterprise data center market. They will run on top of Contrail Enterprise Multicloud, according to Bushong. 

To reach the goal of the autonomous, self-driving network, Juniper has to develop deep telemetry and analytics, so the network can know what’s happening both on the network and in applications. That way, the intent-based system knows an application is running out of capacity in an in-house server and can move it to the cloud. “There’s a lot of development that needs to happen, but it starts with the early stuff,” he said.

For its part, Cisco is currently demonstrating a capability to detect hardware failures and resolve them before they occur. For example, if a power supply or fan is not acting correctly, it can move the load to a different power supply or fan, Acra said.

The hardest problem is detecting software bugs, he said. In the years to come, he hopes the company can patch bugs before they become a problem.

“It’s an exciting frontier,” Acra said. “We live and breathe availability and preventing outages and downtime.”

Sound Strategies

Cisco one big advantage over competition is in its huge installed base, analysts say.

“Cisco has tremendous breadth and depth in its installed customer base, and they have tremendous sales reach,” IDC’s Casemore said. “They can say, here’s our latest thing. Would you be interested in hearing the benefits? They have an advantage in that respect.”

But that’s why Juniper’s strategy of supporting all vendors’ switches, including Cisco’s, is smart. They can try to capture Cisco’s existing customers.

Forrester analyst Andre Kindness says Juniper multivendor offering is more open than Cisco’s. “Juniper has more of an open platform and approach, and it’s a good counterbalance to what Cisco is offering,” he said.

Overall, analysts agree that both companies’ intent-based networking strategies are sound. “They have a strategy. Now it’s all about execution and moving as quickly as possible,” Casemore said.

Correction: September 14, 2018
The DVR-like function, where IT staff can analyze past events to find potential attack fingerprints, is in Tetration, not NAE, as the previous version of this article said.
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish