SD-WAN as Intent-Based Networking: Opportunities Abound
April 27, 2016 Leave a comment
• Proscriptive network configurations work well, but they are static and unwieldy and don’t really reflect what IT wants or users expect.
• For many organizations, SD-WAN will be their first contact with intent-based networking, which can open many opportunities.
Admit it, you really want your computers to do what you want, not what you say, but computers are really only good at doing what you tell them—nothing more and nothing less. That paradigm has driven all of our human-computer interactions, including how IT systems are designed and operate.
Take application quality: Someone decides which traffic is more critical than other traffic; determines how that traffic will be identified and marked in the network; and then configures the network to recognize specific markings and act on them. This rather static method has worked well enough for years, but it’s brittle, is problematic in highly congested networks, and due to other networking constraints, really only makes the best of a bad situation. Also, the detailed specifications quickly become unwieldly to manage effectively.
Intent-based networking attempts to separate the what from the how. HPE’s Dave Lenrow penned a nice, high level description, Intent: What, Not How on the Open Networking Forum’s blog. Focusing on intent makes a lot of sense because we—people—tend to think and express needs based on what we want, not how we want it. One of the reasons why IT focuses so much on how is because those are the only tools they’ve had.
Enter SD-WAN and, to a lesser degree, SDN. SD-WAN products offer many similar features, but a primary capability is that they allow IT to express their intention of how traffic should be handled. Implementing intention unlocks much of the benefit from SD-WAN, which is more reliable and offers better application performance over the WAN with significantly less operational overhead. For example, you want connections to your company’s CRM application to use a secure network which could be an MPLS private line or an encrypted VPN over the Internet. The SD-WAN would choose one of those paths for that application. If an unsecure path such as an unencrypted Internet connection is available, that path would never be selected because it doesn’t fit your intention. That’s an easy example and can be applied using traditional technology, but doing so means configuring the network, setting up the routes, setting the priorities, and setting the conditions for fail-over and fail-back. If you add another secure connection, then your existing configuration has to be updated. The net result is IT spends a lot of time building the how and less time addressing the what.
Now, IT can express more complex intentions like “VoIP should always take the path with the most consistent performance and a secure connection is preferred but not required. And calls to people in sales take a higher priority than anyone else” and let the SD-WAN products make the path selection on a per-packet or per-call basis. Such capabilities are product-dependent and none have a natural language interface, but the idea is to define what you want and let the SD-WAN or SDN controller figure out how to carry out the intent. By the way, all SD-WAN products allow IT to configure proscriptive, static polices if needed.
For a lot of IT administrators, SD-WAN will be the first foray into intent-based networking, and will be an eye-opening experience because intent-based networking will be an entirely new workflow relying heavily on automated, dynamic actions and less on manual and static configuration but once the benefits are felt—assuming there are no catastrophic failures—they’ll wonder why they spent so much time twisting knobs.