Professional Documents
Culture Documents
• Intent-based networking
Modern data centers based on hyperscale, leaf-spine switching provides the model for fully
architectures are growing so large and complex they are outstripping the autonomous, automated
capacity of operators to engineer, configure and manage these networks networks
using traditional tools and techniques. As a result, data center operators
• IBN features a dynamic
are looking for new ways to automate workflows, maximize uptime and process of model-driven
increase operational agility while reducing operating costs. composition based on
business rules that govern
Forward looking data center operators are turning to intent-based the intended operational
networking (IBN), which employs modern software methods to simplify and state of the network
streamline data center network operations. IBN systems automatically • IBN systems translate the
convert a high-level description of desired network behavior using declarative specification of
business-level rules into low-level configuration data that is pushed out and intent into model-based
configurations that are
applied to elements in the underlying network infrastructure. IBN also
pushed out and applied to
utilizes streaming telemetry and real-time analytics to continuously network elements
validate that current network state is consistent with specified intent.
• Streaming telemetry data
Apstra is a pure play IBN pioneer focused on eliminating the complexities feeds contextual analytics
to continuously validate
and inefficiencies that plague modern data center operations, delivering
current operational state
log-scale improvements in network operation expense, capital expense, against intended state
and capacity. Apstra’s flagship product, AOSÒ is an intent-based,
distributed software system for designing, deploying and operating leaf-
spine data center networks, with the goal of speeding time to network
service delivery, eliminating outages and reducing operating costs. The
company is an early market leader targeting enterprise, service provider
and webscaler customers.
OPERATIONAL CHALLENGES IN HYPERSCALE DATA CENTERS
Modern data centers are moving away from classic three-tier designs to the fully-interconnected, leaf-
spine switching architectures pioneered by hyperscale giants Amazon, Facebook, Google and Microsoft.
Although proven to be highly scalable and efficient for running massive numbers of workloads in the
cloud, hyperscale data centers are resource intensive to operate and few organizations can match the
ability of leading hyperscalers and webscalers to develop custom automation tools and staff teams of
highly skilled operators.
Modern data centers are characterized by the following trends, which are driving complexity and
creating new challenges for operators tasked with engineering, deploying and managing these networks:
• Massive scale. Hyperscale data centers consisting of thousands of servers based on powerful multi-
core processors can support millions of workloads. Even just a few hundred servers can support
thousands of workloads.
• High performance. East-west traffic between servers in hyperscale data centers accounts for more
than 80% of total traffic, typically at least four times more than north-south traffic in and out of the
data center. This vast amount of internal traffic is driving the need for 40G and 100G links between
spine switches, with 400G links on the horizon.
• Virtualization. Software virtualization techniques in the computing infrastructure are enabling a
corresponding increase in virtualization in the network, resulting in vast numbers of L2 and L3
networks that operators need to configure and monitor.
• Microservices. DevOps teams are leveraging hyperscale data centers to deploy a new generation of
highly dynamic applications composed of microservices running in individual containers. Spinning up
new workloads based on application demand results in constantly shifting workloads and
unpredictable internal traffic patterns.
• Multi-vendor. Many data centers are transitioning to multi-vendor deployments as operators
complement vendor-proprietary ASIC-based switches with new platforms based on merchant silicon
that deliver better price/performance for hyperscale designs, such as the cost-effective, readily
scalable hardware infrastructure certified by the Open Compute Project.
2 www.acgcc.com
a constant concern because even a trivial mistake can result in catastrophic outages. In addition,
operators struggle to keep pace with frequently shifting workload demands that require the network
and computing infrastructure to be reconfigured, upgraded or scaled out.
As a result, forward-looking data center operators are turning to IBN, which offers a new approach that
promises to simplify and streamline network operations by applying modern software methods in
several key areas:
• Business-level policy rules
• Model-based network abstraction
• Multi-level, closed-loop automation
• Monitoring via streaming telemetry
• Real-time, contextual analytics
The ultimate goal of IBN is to ensure application performance and increase operator agility while
reducing operations costs. IBN has all the trappings of a next big thing with both leading incumbent and
insurgent vendors jumping on the bandwagon, each with its own spin. However, as a relatively new
concept, IBN needs a common definition and framework that data center engineers and operators can
use to evaluate different IBN systems.
1
Note that although automation is an essential part of IBN, simply automating configuration workflows is not IBN.
Network operators can currently use script-based automation techniques based on YANG modeling and the
NETCONF protocol, but these are not intent-based if the starting point is how the network is to be configured and
not what the intended outcome should be.
3 www.acgcc.com
At the heart of an IBN system, the dynamic process of model-driven composition converts the formal
specification of intended outcome into generic, model-based configuration templates, applying all
relevant business rules. The output is a set of templates for different types of network elements that are
pushed out and then applied locally to configure each element.
4 www.acgcc.com
apply, but also the current state of the network, which the system accounts for when driving the
necessary configuration changes.
Network state is derived from software instrumentation in the hyperscale infrastructure and ideally
collected using efficient streaming telemetry protocols, such as gRPC, that can be used to collect high
volumes of performance monitoring data in real time.
In IBN systems, state and telemetry data are tightly coupled in the model-driven composition and
validation process. Contextual telemetry data bound with model-based configuration templates allows
state changes to be immediately correlated with the relevant parts of the network.
• API driven. IBN systems are open and API driven, facilitating integration with the operator’s
suite of custom and vendor-supplied operational tools, enabling the IBN system to be tied in
with the application infrastructure orchestration stack and relevant DevOps processes.
• Multi-vendor. Data center operators cannot realize the full value of IBN unless they have a
system that can configure and manage network elements from multiple vendors. Therefore, IBN
systems are model based and incorporate vendor-independent configuration templates.
• Web-based GUI. IBN systems present the operator with an intuitive, web-based GUI for
declaring network intent, defining business rules and monitoring network state, both physically
and virtually.
• Real-time visibility. IBN systems allow operators to gain real-time visibility into the state of
hyperscale infrastructure using tools for custom dashboards, setting thresholds for alerts and
visualizing contextual analytics.
• Automated remediation. Ultimately, IBN systems must be capable of initiating remedial action
to reconfigure the network automatically without operator intervention when the system
detects a performance anomaly or failure mode with a known signature and remedy. These
actions will be governed by an additional class of business rules that define how the system
autonomously responds to various changes in network state.
• Model-based abstraction. Network engineers and operators approach data center configuration
using higher level abstractions that are decoupled from the underlying physical elements,
shielding them from dealing with complex, time-consuming minutiae.
• Operator agility. Routine operational workflows that would normally take days can be
completed in hours. Tasks that might require hours can be completed in minutes.
• Rapid root-cause analysis. Real-time contextual analytics enables operators to pinpoint the
cause of performance anomalies and failure modes within seconds or minutes.
• Human error elimination. Robots never get tired and do not make dumb mistakes.
5 www.acgcc.com
These efficiencies translate directly into reduced operations expense with fewer hours needed to
design, deploy and operate the network. Multi-vendor support lowers capital expense by enabling
operators to mix and match the most cost-effective hardware elements from multiple vendors.
Apstra’s flagship product, AOSÒ, is an intent-based, distributed software system for designing,
deploying and operating leaf-spine data center networks. Apstra’s goal is to dramatically speed time to
network service delivery, eliminate outages and reduce operating costs.
Figure 2 shows a conceptual overview of AOSÒ. The system takes operator intent expressed in terms of
declared design goals and automatically renders this desired outcome into the correct operational
network state. A pure play IBN vendor, Apstra has pioneered the implementation of the conceptual
model shown in Figure 1.
To continuously validate the real-time state of the network, AOSÒ incorporates intent-based analytics,
which ingests contextual network telemetry to detect performance anomalies, including hard to detect
gray failures that often fly under the radar and elude operators until it is too late.
In terms of design goals, Apstra AOSÒ checks all the boxes for IBN requirements. The system is API
driven and multi-vendor. The web-based user interface is graphical and provides operators with
contextual, real-time visibility into network state. AOSÒ supports a set of turn-key “probes” for
continuously monitoring critical aspects of hyperscale network behavior, such as east-west traffic,
headroom and interface flapping.
Apstra’s goal is the realization of a Self-Operating NetworkÔ that incorporates intent-driven, fully
automated remediation so that the network can autonomously adapt to various changes in state
without the need for operator intervention.
6 www.acgcc.com
Yahoo! Japan Apstra AOSÒ Deployment
Apstra recently announced that Yahoo! Japan, the country’s largest Internet company, is deploying
AOSÒ to manage large-scale Clos fabric networks. A joint press release describes the multiple
operational benefits realized, and this quote summarizes why Apstra was selected:
After extensive research Yahoo! JAPAN chose the strategy and best practices of a large hyperscale
company that had adopted a Clos fabric network to flexibly scale out their networking equipment to
support our Hadoop infrastructure,” said Kenya Murakoshi, Senior Manager, Site Operations Division,
System Management Group at Yahoo Japan Corporation. “Apstra streamlines Yahoo! JAPAN’s network
design, build and operations processes by abstracting the network configuration with a concept of intent,
which was a new concept to us, but the benefits were clear. The Apstra intent-based analytics allow us to
specify how we want our network to operate. We tell AOS what we want to happen vs. doing it ourselves.
Apstra’s telemetry then provides deep insight into the state of our network and alerts us if there are risks
like cabling or traffic imbalance issues that need to be addressed.
Yahoo! Japan endorsed Apstra’s ability to execute on feature delivery, a critical vendor requirement in
this rapidly developing market segment:
We appreciate Apstra’s unmatched feature velocity, which is a huge differentiator, and we look forward
to their growing feature set.
7 www.acgcc.com
This comment validates the value of Apstra’s software because network operators like Yahoo! Japan
usually have in-house software development teams that build many of their own network and service
automation tools.
Cisco
In early 2018, Cisco announced a data center IBN solution composed of three products:
• Cisco Application Centric Infrastructure (ACI) – Cisco’s SDN software for data centers
• Cisco Network Assurance Engine (NAE) – A new product for monitoring data plane network state
• Cisco Tetration – Big Data platform for network telemetry and analytics
Cisco’s solution is single vendor and tied to its ACI software and Nexus 9000 ASIC-based switches. There
is no support for IBN using other switches. In addition, many customers will require professional
services to integrate the three products into their operational environment – an additional contributor
to the overall solution cost.
Apstra AOSÒ is interoperable with Cisco switches, so network operators can deploy Apstra’s IBN
solution in both pure Cisco data centers or in multi-vendor networks incorporating switches from Cisco.
Formal Verification
In existing complex, multi-vendor environments, ensuring that the network is configured correctly is a
constant challenge for operators. Recently, software tools based on formal verification techniques have
emerged that can discover if the actual network configuration matches what the operator intended.
These tools gather configuration and state data from network elements to learn the current
configuration and network topology and then construct a model that is tested exhaustively for end-to-
end connectivity. Operators can visually inspect the model and validate whether the configuration is
aligned with the operator’s intent.
Although imbued with a general notion of intent, formal verification is the reverse of the IBN conceptual
model. The verification approach relies on software simulation that does not track the real-time
operational state of the network, which means transient and hard to detect performance anomalies and
failure modes remain undetected. More importantly, verification does nothing to help streamline and
automate time-consuming, labor-intensive configuration workflows.
CONCLUSION
Apstra is a pure play IBN software vendor that has established an early market lead targeting enterprise,
service provider and webscale customers. Apstra AOSÒ supports a rapidly growing feature set for
designing, deploying and operating multi-vendor, leaf-spine switching networks. Yahoo! Japan’s
selection of Apstra validates the viability of the market for IBN as a whole and the company as a
technology innovator and leading supplier.
8 www.acgcc.com
Analyst Biography:
Stephen Collins is Principal Analyst at ACG Research, leading the firm’s practice in network visibility and
analytics. He has more than three decades of networking and telecommunications industry experience
across many segments of both the enterprise and service provider markets. Stephen has worked in
business and technical organizations for many leading hardware and software infrastructure
vendors, serving in executive and managerial roles, including: general manager, VP of marketing, VP of
product marketing, VP of business development, product line manager and software engineering
manager. He has extensive experience bringing new products to market with technology-driven startups
and emerging growth companies as a company founder, member of the senior management team,
independent consultant and advisor to early-stage investors.
Stephen is a frequent speaker at industry conferences and has authored numerous articles for trade
publications. He holds an M.S. in Computer, Information and Control engineering from the University of
Michigan and a B.S. in Computer Systems Engineering, Summa Cum Laude, from the University of
Massachusetts, Amherst. He currently serves as an advisor to the ECE department at UMass Dartmouth
and also mentors students in technology innovation and entrepreneurship at Brown University.
Authorship: This paper was authored by ACG Research, which is solely responsible for its contents.
ACG Research is an analyst and consulting company that focuses in the networking and telecom space.
We offer comprehensive, high-quality, end-to-end business consulting and syndicated research services.
Copyright © 2018 ACG Research. www.acgcc.com.
9 www.acgcc.com