The New AAA for Networking

0 Comments

I don't know about you, but, as a traditional network engineer, hearing AAA makes me think of security - Authentication, Authorization, and Accounting, which are the basic mechanisms for securing your network: Identifying a user, assigning privileges to that user, and tracking changes made by that user.

Apparently growing short on TLAs (Three Letter Acronyms), Cisco announced a new AAA: Automation, Analytics, and Assurance.  This new AAA completes Cisco's vision for the Intent-Based Network (IBN) by leveraging big data and machine learning to give us greater control over our network than we've ever had. So, what do these components do for us?

 automation-technology-gear-ss-1920

Automation

Probably the concept we're most comfortable with, Automation is the notion of allowing the network to configure itself, reducing many manual steps to a single click of the mouse.  It's replacing the CLI with APIs and enabling machine-to-machine configuration.  The concept of Automation has been around in the form of software-defined networking (SDN) ever since OpenFlow hit the market in 2011, but it has taken years and years for that promise to become a reality.  After the missteps of OpenFlow and learning that the Management Plane is really where SDN needs to live, we finally have decent tools for automating our network and streamlining manual configuration changes.

If Automation solved all our problems, we wouldn't need anything more.  Unfortunately, Automation is configuration-focused and does nothing to give us better visibility or troubleshooting.  So let's look into the next two A's!

 

Analytics

We live in the era of big data, where everything we do from a data perspective is tracked and analyzed to yield better results.  Applying this to the network is a genius move - let's track every packet flow, every network object, every log, etc. and compile this into a data pool.  Run analytics against it and we gain visibility unlike anything we've ever experienced in IT.

So that sounds great, but what's the practical application?  Imagine any of the following scenarios:

  • Being security-minded, you pull up your Analytics engine to confirm the live dependency mapping in your data center, allowing for the creation/export of a hardened east-west security policy.
  • You experience an outage in your data center.  After scrambling to bring the systems online, you then look back in time and watch the outage happen (like a DVR for your data center) to determine what caused the outage.
  • It's budgeting season, so you run predictive models to forecast whether you'll need to expand your network, compute, or storage in the next 12 months.

Incredible!  So between Automation and Analytics, do we have enough?  Sadly, no - even in the examples above, Analytics is a fairly reactive technology.  As useful as it is, we need something to proactively warn us of issues/violations and perhaps even take action to ensure we're running within our defined policies.

 

Assurance

Assurance brings an entirely new dimension to data analytics.  Built on machine learning, an Assurance engine watches the network for anomalous and detrimental behavior while monitoring trends, and it makes those proactive recommendations we're seeking.  Check out what Cisco SVP Roland Acra had to say about their new Assurance platform and how it relates to IBN:

"The Cisco Network Assurance Engine closes the loop on IBN with continuous… corrective actions. In short, we assure that your infrastructure is doing what you intended it to do – enabling you to accelerate change, predict outages and assure compliance."

Perhaps the WAN is running slowly today - normally we would find out when our users complain.  With Assurance, not only do we know before our users, but we may even be able to remediate it before they notice with augmenting technologies such as SD-WAN.  In another scenario, if a mobile user is having difficulty connecting to the wireless network, an Assurance engine takes notice immediately and makes changes to the wireless controller to adapt.

 

Bringing It All Together

The vision is now complete - the new AAA brings us a new way of configuring, maintaining, and troubleshooting the network.  We not only make our own lives easier and less stressful, but we bring value to the business as well by delivering a far superior user experience.  The truth is that any one of these A's could be its own lengthy post, so don't hesitate to reach out if you have questions - it might take a big whiteboard, but we'll get it mapped out and set you on the path toward a better network.

Written by Jeff Kish

Leave a Reply

    Related Post