Market Impact Report

Intent-Based Networking with Apstra AOSÒ

EXECUTIVE SUMMARY KEY TAKEAWAYS

• Intent-based networking
Modern data centers based on hyperscale, leaf-spine switching provides the model for fully
architectures are growing so large and complex they are outstripping the autonomous, automated
capacity of operators to engineer, configure and manage these networks networks
using traditional tools and techniques. As a result, data center operators
• IBN features a dynamic
are looking for new ways to automate workflows, maximize uptime and process of model-driven
increase operational agility while reducing operating costs. composition based on
business rules that govern
Forward looking data center operators are turning to intent-based the intended operational
networking (IBN), which employs modern software methods to simplify and state of the network

streamline data center network operations. IBN systems automatically • IBN systems translate the
convert a high-level description of desired network behavior using declarative specification of
business-level rules into low-level configuration data that is pushed out and intent into model-based
configurations that are
applied to elements in the underlying network infrastructure. IBN also
pushed out and applied to
utilizes streaming telemetry and real-time analytics to continuously network elements
validate that current network state is consistent with specified intent.
• Streaming telemetry data
Apstra is a pure play IBN pioneer focused on eliminating the complexities feeds contextual analytics
to continuously validate
and inefficiencies that plague modern data center operations, delivering
current operational state
log-scale improvements in network operation expense, capital expense, against intended state
and capacity. Apstra’s flagship product, AOSÒ is an intent-based,
distributed software system for designing, deploying and operating leaf-
spine data center networks, with the goal of speeding time to network
service delivery, eliminating outages and reducing operating costs. The
company is an early market leader targeting enterprise, service provider
and webscaler customers.
OPERATIONAL CHALLENGES IN HYPERSCALE DATA CENTERS
Modern data centers are moving away from classic three-tier designs to the fully-interconnected, leaf-
spine switching architectures pioneered by hyperscale giants Amazon, Facebook, Google and Microsoft.
Although proven to be highly scalable and efficient for running massive numbers of workloads in the
cloud, hyperscale data centers are resource intensive to operate and few organizations can match the
ability of leading hyperscalers and webscalers to develop custom automation tools and staff teams of
highly skilled operators.
Modern data centers are characterized by the following trends, which are driving complexity and
creating new challenges for operators tasked with engineering, deploying and managing these networks:

• Massive scale. Hyperscale data centers consisting of thousands of servers based on powerful multi-
core processors can support millions of workloads. Even just a few hundred servers can support
thousands of workloads.
• High performance. East-west traffic between servers in hyperscale data centers accounts for more
than 80% of total traffic, typically at least four times more than north-south traffic in and out of the
data center. This vast amount of internal traffic is driving the need for 40G and 100G links between
spine switches, with 400G links on the horizon.
• Virtualization. Software virtualization techniques in the computing infrastructure are enabling a
corresponding increase in virtualization in the network, resulting in vast numbers of L2 and L3
networks that operators need to configure and monitor.

• Microservices. DevOps teams are leveraging hyperscale data centers to deploy a new generation of
highly dynamic applications composed of microservices running in individual containers. Spinning up
new workloads based on application demand results in constantly shifting workloads and
unpredictable internal traffic patterns.
• Multi-vendor. Many data centers are transitioning to multi-vendor deployments as operators
complement vendor-proprietary ASIC-based switches with new platforms based on merchant silicon
that deliver better price/performance for hyperscale designs, such as the cost-effective, readily
scalable hardware infrastructure certified by the Open Compute Project.

• Software-driven. Software-defined networking (SDN) has enabled monolithic network infrastructure

to be disaggregated into separate software and hardware components that interact using well-
defined, open APIs for SDN control and data planes, network orchestration and workflow
automation.
Consequently, data center operators are looking for new ways to streamline and automate operational
workflows to increase agility and reduce the cost of ensuring application performance.

IBN STREAMLINES AND AUTOMATES NETWORK OPERATIONS

The tools and techniques operators have used to manage traditional three-tier data centers do not scale
for leaf-spine switching networks. Hyperscale complexity is outstripping the capacity of operators to
configure and manage networks while relying on labor-intensive workflows. Repetitive configuration
tasks are tedious and time-consuming, even if based on scripted automation techniques. Human error is

2 www.acgcc.com
a constant concern because even a trivial mistake can result in catastrophic outages. In addition,
operators struggle to keep pace with frequently shifting workload demands that require the network
and computing infrastructure to be reconfigured, upgraded or scaled out.
As a result, forward-looking data center operators are turning to IBN, which offers a new approach that
promises to simplify and streamline network operations by applying modern software methods in
several key areas:
• Business-level policy rules
• Model-based network abstraction
• Multi-level, closed-loop automation
• Monitoring via streaming telemetry
• Real-time, contextual analytics

The ultimate goal of IBN is to ensure application performance and increase operator agility while
reducing operations costs. IBN has all the trappings of a next big thing with both leading incumbent and
insurgent vendors jumping on the bandwagon, each with its own spin. However, as a relatively new
concept, IBN needs a common definition and framework that data center engineers and operators can
use to evaluate different IBN systems.

Conceptual Model for IBN

The first principle of IBN systems is that network configuration starts with a declarative specification of
the intended outcome—what a network should do—which the system combines with business level
rules (policies) to generate an imperative specification for how this is accomplished. The output
configuration data is then automatically1 pushed out to the relevant network elements and applied.
Figure 1 presents a conceptual model consisting of the essential elements present in an IBN system.
The declarative specification of the intended outcome should formally and unambiguously define the
intended behavior of the network, expressed at a level of abstraction independent of the underlying
network infrastructure. The IBN system combines this declarative specification of intended outcome
with business-level policy rules that govern network behavior.
One class of business rules concerns connectivity and security policies between end points and servers.
These rules should be expressed logically and not at the level of detail for network element
configuration.
Another class of rules governs macro-level policies related to the entire data center, such as:

• Network capacity and auto-scaling

• Levels of redundancy for high availability
• Leaf-spine network IP address assignment
• Virtual network overlay connectivity

1
Note that although automation is an essential part of IBN, simply automating configuration workflows is not IBN.
Network operators can currently use script-based automation techniques based on YANG modeling and the
NETCONF protocol, but these are not intent-based if the starting point is how the network is to be configured and
not what the intended outcome should be.

3 www.acgcc.com
At the heart of an IBN system, the dynamic process of model-driven composition converts the formal
specification of intended outcome into generic, model-based configuration templates, applying all
relevant business rules. The output is a set of templates for different types of network elements that are
pushed out and then applied locally to configure each element.

Figure 1. IBN System Conceptual Model

IBN systems are highly automated and model-driven composition should proceed without operator
intervention once the formal specification has been generated and all business rules defined.
Configuration data should be automatically pushed out and applied to network elements, with operator
intervention required only in the event of unexpected problems.

Contextual Analytics Drives Continuous Validation

In leaf-spine switching networks supporting full mesh connectivity between servers, network conditions
are likely to change frequently due to shifts in workload processing spanning many racks and servers,
resulting in unpredictable traffic flows, performance anomalies and bottlenecks. Of course, hardware
and software failures will also degrade performance.
IBN systems require continuous monitoring of network state to validate that network behavior is
consistent with desired intent. An IBN system automatically detects when network conditions change
and feeds current state data into the dynamic, model-driven composition process that reconfigures the
network in response to the change in state.
When an operator needs to reconfigure, upgrade or scale out the network in response to changing
conditions, the IBN system knows not only the desired outcome and the appropriate business rules to

4 www.acgcc.com
apply, but also the current state of the network, which the system accounts for when driving the
necessary configuration changes.
Network state is derived from software instrumentation in the hyperscale infrastructure and ideally
collected using efficient streaming telemetry protocols, such as gRPC, that can be used to collect high
volumes of performance monitoring data in real time.
In IBN systems, state and telemetry data are tightly coupled in the model-driven composition and
validation process. Contextual telemetry data bound with model-based configuration templates allows
state changes to be immediately correlated with the relevant parts of the network.

Requirements for IBN Systems

Beyond the conceptual model, data center engineers and operators must also consider these criteria
when evaluating IBN systems:

• API driven. IBN systems are open and API driven, facilitating integration with the operator’s
suite of custom and vendor-supplied operational tools, enabling the IBN system to be tied in
with the application infrastructure orchestration stack and relevant DevOps processes.
• Multi-vendor. Data center operators cannot realize the full value of IBN unless they have a
system that can configure and manage network elements from multiple vendors. Therefore, IBN
systems are model based and incorporate vendor-independent configuration templates.
• Web-based GUI. IBN systems present the operator with an intuitive, web-based GUI for
declaring network intent, defining business rules and monitoring network state, both physically
and virtually.

• Real-time visibility. IBN systems allow operators to gain real-time visibility into the state of
hyperscale infrastructure using tools for custom dashboards, setting thresholds for alerts and
visualizing contextual analytics.

• Automated remediation. Ultimately, IBN systems must be capable of initiating remedial action
to reconfigure the network automatically without operator intervention when the system
detects a performance anomaly or failure mode with a known signature and remedy. These
actions will be governed by an additional class of business rules that define how the system
autonomously responds to various changes in network state.

IBN Systems Drive Operational Efficiency

The primary benefit of IBN is a dramatic improvement in operational efficiency due to:

• Model-based abstraction. Network engineers and operators approach data center configuration
using higher level abstractions that are decoupled from the underlying physical elements,
shielding them from dealing with complex, time-consuming minutiae.
• Operator agility. Routine operational workflows that would normally take days can be
completed in hours. Tasks that might require hours can be completed in minutes.
• Rapid root-cause analysis. Real-time contextual analytics enables operators to pinpoint the
cause of performance anomalies and failure modes within seconds or minutes.
• Human error elimination. Robots never get tired and do not make dumb mistakes.

5 www.acgcc.com
These efficiencies translate directly into reduced operations expense with fewer hours needed to
design, deploy and operate the network. Multi-vendor support lowers capital expense by enabling
operators to mix and match the most cost-effective hardware elements from multiple vendors.

IBN MARKET LANDSCAPE

The IBN market is rapidly developing and solutions are emerging for both data center and wide area
networks. Until recently, data center operators had little choice but to develop their own automation
solutions for streamlining network operations. With the emergence of vendor-supplied IBN solutions,
data center operators can buy instead of build and shift development resources to other areas. This also
allows the vendor community to continue to invest in technology innovation and rapid feature delivery.
IBN players in the data center market are split between incumbent switch vendors and the new
generation of insurgent software vendors offering software-defined networking solutions based on
white-box switches. As the market develops, look for these players to stake out competing positions,
both vendor proprietary and multi-vendor.

Apstra AOSÒ , A Pure Play In IBN

Apstra is a privately funded, Silicon Valley company whose primary mission is to provide IBN solutions
for eliminating the complexities and inefficiencies that plague modern data center operations, delivering
log-scale improvements in network opex, capex and capacity.

Apstra’s flagship product, AOSÒ, is an intent-based, distributed software system for designing,
deploying and operating leaf-spine data center networks. Apstra’s goal is to dramatically speed time to
network service delivery, eliminate outages and reduce operating costs.
Figure 2 shows a conceptual overview of AOSÒ. The system takes operator intent expressed in terms of
declared design goals and automatically renders this desired outcome into the correct operational
network state. A pure play IBN vendor, Apstra has pioneered the implementation of the conceptual
model shown in Figure 1.
To continuously validate the real-time state of the network, AOSÒ incorporates intent-based analytics,
which ingests contextual network telemetry to detect performance anomalies, including hard to detect
gray failures that often fly under the radar and elude operators until it is too late.

In terms of design goals, Apstra AOSÒ checks all the boxes for IBN requirements. The system is API
driven and multi-vendor. The web-based user interface is graphical and provides operators with
contextual, real-time visibility into network state. AOSÒ supports a set of turn-key “probes” for
continuously monitoring critical aspects of hyperscale network behavior, such as east-west traffic,
headroom and interface flapping.

Apstra’s goal is the realization of a Self-Operating NetworkÔ that incorporates intent-driven, fully
automated remediation so that the network can autonomously adapt to various changes in state
without the need for operator intervention.

6 www.acgcc.com
Yahoo! Japan Apstra AOSÒ Deployment
Apstra recently announced that Yahoo! Japan, the country’s largest Internet company, is deploying
AOSÒ to manage large-scale Clos fabric networks. A joint press release describes the multiple
operational benefits realized, and this quote summarizes why Apstra was selected:
After extensive research Yahoo! JAPAN chose the strategy and best practices of a large hyperscale
company that had adopted a Clos fabric network to flexibly scale out their networking equipment to
support our Hadoop infrastructure,” said Kenya Murakoshi, Senior Manager, Site Operations Division,
System Management Group at Yahoo Japan Corporation. “Apstra streamlines Yahoo! JAPAN’s network
design, build and operations processes by abstracting the network configuration with a concept of intent,
which was a new concept to us, but the benefits were clear. The Apstra intent-based analytics allow us to
specify how we want our network to operate. We tell AOS what we want to happen vs. doing it ourselves.
Apstra’s telemetry then provides deep insight into the state of our network and alerts us if there are risks
like cabling or traffic imbalance issues that need to be addressed.

Figure 2. Apstra AOSÒ Overview

Yahoo! Japan also required IBN support for hardware platforms from multiple vendors:
Apstra offers the only multi-vendor offering that matched Yahoo! JAPAN’s needs as we deploy network
equipment from different vendors including white box products. In addition, AOS allows Yahoo! JAPAN to
quickly automate, streamline, and replicate the building and operation of our Clos network fabric.

Yahoo! Japan endorsed Apstra’s ability to execute on feature delivery, a critical vendor requirement in
this rapidly developing market segment:

We appreciate Apstra’s unmatched feature velocity, which is a huge differentiator, and we look forward
to their growing feature set.

7 www.acgcc.com
This comment validates the value of Apstra’s software because network operators like Yahoo! Japan
usually have in-house software development teams that build many of their own network and service
automation tools.
Cisco
In early 2018, Cisco announced a data center IBN solution composed of three products:
• Cisco Application Centric Infrastructure (ACI) – Cisco’s SDN software for data centers

• Cisco Network Assurance Engine (NAE) – A new product for monitoring data plane network state

• Cisco Tetration – Big Data platform for network telemetry and analytics
Cisco’s solution is single vendor and tied to its ACI software and Nexus 9000 ASIC-based switches. There
is no support for IBN using other switches. In addition, many customers will require professional
services to integrate the three products into their operational environment – an additional contributor
to the overall solution cost.
Apstra AOSÒ is interoperable with Cisco switches, so network operators can deploy Apstra’s IBN
solution in both pure Cisco data centers or in multi-vendor networks incorporating switches from Cisco.

Formal Verification
In existing complex, multi-vendor environments, ensuring that the network is configured correctly is a
constant challenge for operators. Recently, software tools based on formal verification techniques have
emerged that can discover if the actual network configuration matches what the operator intended.
These tools gather configuration and state data from network elements to learn the current
configuration and network topology and then construct a model that is tested exhaustively for end-to-
end connectivity. Operators can visually inspect the model and validate whether the configuration is
aligned with the operator’s intent.
Although imbued with a general notion of intent, formal verification is the reverse of the IBN conceptual
model. The verification approach relies on software simulation that does not track the real-time
operational state of the network, which means transient and hard to detect performance anomalies and
failure modes remain undetected. More importantly, verification does nothing to help streamline and
automate time-consuming, labor-intensive configuration workflows.

Apstra AOSÒ in Brownfield Networks

This report focuses on Apstra AOSÒ in greenfield, leaf-spine data center networks, which are poised for
rapid growth in the enterprise, service provider and webscaler markets. However, Apstra’s core IBN
technology is equally viable for enabling operators to overcome the complexity of managing the huge
installed base of multi-vendor, three-tier data center networks.

CONCLUSION
Apstra is a pure play IBN software vendor that has established an early market lead targeting enterprise,
service provider and webscale customers. Apstra AOSÒ supports a rapidly growing feature set for
designing, deploying and operating multi-vendor, leaf-spine switching networks. Yahoo! Japan’s
selection of Apstra validates the viability of the market for IBN as a whole and the company as a
technology innovator and leading supplier.

8 www.acgcc.com
Analyst Biography:
Stephen Collins is Principal Analyst at ACG Research, leading the firm’s practice in network visibility and
analytics. He has more than three decades of networking and telecommunications industry experience
across many segments of both the enterprise and service provider markets. Stephen has worked in
business and technical organizations for many leading hardware and software infrastructure
vendors, serving in executive and managerial roles, including: general manager, VP of marketing, VP of
product marketing, VP of business development, product line manager and software engineering
manager. He has extensive experience bringing new products to market with technology-driven startups
and emerging growth companies as a company founder, member of the senior management team,
independent consultant and advisor to early-stage investors.

Stephen is a frequent speaker at industry conferences and has authored numerous articles for trade
publications. He holds an M.S. in Computer, Information and Control engineering from the University of
Michigan and a B.S. in Computer Systems Engineering, Summa Cum Laude, from the University of
Massachusetts, Amherst. He currently serves as an advisor to the ECE department at UMass Dartmouth
and also mentors students in technology innovation and entrepreneurship at Brown University.

Authorship: This paper was authored by ACG Research, which is solely responsible for its contents.

Sponsorship: Apstra, May 2018.

ACG Research is an analyst and consulting company that focuses in the networking and telecom space.
We offer comprehensive, high-quality, end-to-end business consulting and syndicated research services.
Copyright © 2018 ACG Research. www.acgcc.com.

9 www.acgcc.com