Oct 23, 2019

Network Monitoring Best Practices. Intent-Based Networking, Network Management Systems, or Both?

When deciding how to best approach network monitoring there are many tools people can turn to.  The question many grapple with is do you choose Intent-Based Networking, Network Management Systems, or some combination of both?

Network Monitoring: Intent-Based Networking

Intent-Based Networking is a way of automating, among other things, the monitoring and management of a network. Intent-Based Networking (IBN) significantly reduces the operational costs of managing the network lifecycle – design, configuration management, monitoring, troubleshooting, root cause identification, and remediation – using a single product with a single source of truth. Network Management Systems (NMS) such as SolarWinds, SevOne, NetScout etc are monitoring tools often covering broader infrastructure. The question is where do Intent-Based Networking and Network Management Systems meet, if at all? Do you always need both? The answer, as usual, is ‘it depends’.

From a monitoring viewpoint, Intent-Based Networking offers a platform for automating troubleshooting, monitoring, root cause identification, and remediation workflows. This subset of Intent-Based Networking is referred to as Intent-Based Analytics (IBA). A good Intent-Based Networking product ships with abundant, ready to use, Intent-Based Analytics content but it’s very common to dynamically tweak existing workflows or automate new workflows that sometimes require collecting new telemetry data. Relative to Network Management Systems, the monitoring offered by Intent-Based Analytics is richer in terms of business context, type of analytics and the accuracy of reported results. For example, you can monitor for proper distribution of traffic within each group of server facing ports in a Link Aggregation Group, associated to a specific tenant or application. Doing this requires a rich model of the network, services and it’s consumers such as tenant or application.

Network Monitoring: Network Management Systems

Network Management Systems solutions, on the other hand, optimize for a maximum breadth of coverage by monitoring compute, network, storage, VoIP, wireless, etc. They have a pan infrastructure view. When used in conjunction with an Intent-Based Networking managed network, Network Management Systems can complement Intent-Based Networking by presenting the network-centric data Intent-Based Networking produces. This integration between Network Management Systems and Intent-Based Networking offers other advantages we’ll go over in detail. But before this, let’s examine the common use cases and go over the possible options.

Network Monitoring: Intent-Based Networking or Network Management Systems

An Intent-Based Networking managed greenfield network delivers full functional parity to SNMP based Network Management Systems solutions and delivers much more. Unlike a traditional Network Management Systems solution, Intent-Based Networking generated monitoring (telemetry) is constantly compared to expected behavior (a.k.a intent), enabling the operator to detect problems, such as grey failures or impending SFP failures, before they begin impacting applications. They also monitor the network as a whole system instead of taking a box-by-box approach, giving the operator a unique ability to shield the business from disruption. Network operations teams can directly consume Intent-Based Networking products as their Network Operations Center (NOC) tool of choice.

But if you are already using a Network Management Systems tool as a broader infrastructure operations tool, you don’t have to throw it away; it can co-exist with Intent-Based Networking. The Network Management Systems tool can integrate with Intent-Based Networking and leverage its rich streams of data. Use the Network Management Systems as a standardized tool for broader, cross-domain visibility, alert management, and infrastructure monitoring. This trend has already emerged with most of the Network Management Systems tools integrating with virtualization managers, such as VMware vCenter®, to gain visibility into virtualized infrastructure. The same approach is sensible with the fabric managers such as Intent-Based Networking, to expose network-related data.

In the case of brownfield networks, you are probably already using Network Management Systems tools for monitoring, or you are running totally blind (we’ve seen this in the real world!). Here, you can introduce Intent-Based Networking for monitoring even pre-existing networks to take advantage of the targeted and context-rich analytics offered by Intent-Based Analytics. This also serves as the first baby step to move to the world of Intent-Based Networking. Subsequently, reconfigure your Network Management Systems to expose Intent-Based Networking monitoring data or use Intent-Based Networking as your only monitoring tool.

Let’s now talk about advantages to Network Management Systems tools integrating with the Intent-Based Networking systems. The integration helps with one of the most common problems with Network Management Systems tools: false positives (non-actionable noise). Besides the fact that Network Management Systems tools lack a full understanding of a network’s design or intent, the false positives also occur because the tool is typically not well maintained. With ever-shrinking staffing, Network Management Systems tools are often not updated as part of change workflows, rendering them outdated and inaccurate over time. This, in turn, results in more false positives that further reduces the incentive to properly maintain them. It’s the death of system effectiveness via maintenance atrophy. This vicious circle can be broken by delegating the monitoring of network devices to Intent-Based Networking and then sending the Intent-Based Networking monitoring data over the Network Management Systems console. Again, Intent-Based Analytics produces high accuracy anomalies because they are derived from realtime comparisons between realtime state data and a single source of truth; the same truth that is driving device configurations in the first place. For example, if you add new servers or put a leaf in maintenance, Intent-Based Analytics knows how to auto adjust and start or stop monitoring the affected ports or devices without the intervention of the operator. This represents a huge increase in productivity for that operator as well as improved availability for the line of business.

The Best of Both Worlds

The integration brings the best of both worlds. An Intent-Based Networking solution comes with a large set of predefined, real-time, validations that inspect different aspects of network state against the higher-level user intent. Intent-Based Networking’s rich understanding of the network’s design is an essential differentiator for providing the type of intent-informed validation, visibility, troubleshooting and remediation capabilities. This level of analytics is not possible with a Network Management Systems, as it has no knowledge of the intent of the network against which to compare the data they capture.

The integration also reduces the telemetry collection burden on devices, by ensuring a given piece of telemetry is collected only once. For instance, IBN systems typically collect interface counter data from network devices. Under this new paradigm, collecting the same data from Network Management Systems (often using SNMP) is unnecessary.

Speaking specifically of Apstra AOS, it ships with dozens of predefined Intent-Based Analytics probes (see GitHub repo here). Network Management Systems tools can also ingest Intent-Based Analytics data including anomalies from Apstra using syslog or Google ProtoBuf streaming messages. This integration is already possible today and is being used by many of our enterprise customers. Apstra Intent-Based Analytics also offers a turnkey platform for authoring new analytics pipelines and telemetry collector modules that are installed/uninstalled on-demand on a targeted subset of managed devices. As one of our customers puts it – “Apstra is like having a digital SRE [System Reliability Engineer] in the team”!

In summary, a good Intent-Based Networking product is self-sufficient for network monitoring and as a tool of choice for network operations. However, Network Management Systems tools complement Intent-Based Networking products very well and a good integration between the two is a well-established practice that provides the best of both worlds.