Hold on to Your Hat: What Cisco Live 2017 Revealed About the Changing Network

Author
Terry Slattery
Principal Architect

During one of the keynote presentations at Cisco Live 2017, I had the privilege of briefly speaking with Rowan Trollope and Angela Ollig (at 52:50). Angela was recognized as the newest attendee at Cisco Live, having recently graduated with a degree in IT management from the University of Wisconsin-Stout and attending her first Cisco Live. My participation was as the longest attending Cisco Live (formerly Networkers) participant, with more than 20 conferences under my belt. My evidence is my collection of hats that are handed out at the customer appreciation event each year. Yes, I’ve kept all of them.

During the brief conversation, Rowan asked if I had any advice for Andrea. My reply was, “Hang onto your hat.” There was the obvious meaning of hanging on to your Cisco Live hat, but there’s another meaning that’s more important for this audience.

The Network Is Changing

Hold on to your hat because the pace of network innovation is accelerating. For many years, we’ve experienced evolutionary changes in networking. We have some overlay technologies now. There are different methods of Layer 2 networking that eliminate the risk of the Spanning Tree Protocol. Leaf-spine network designs are making their way into the data center.

A burst of activity occurred when software-defined networking made a big splash, around 2011. We’ve seen some advances as a result, but it is still mostly evolutionary progress. Networks still base their forwarding decisions on the destination IP address, unless you build complex configurations to work around it. These complex configurations make the network configuration fragile.

Other parts of IT, servers and storage in particular, have made significant progress in simplification. Virtualization and the tools to manage it now allow a single administrator to oversee hundreds of server instances (VMs).

Networking has been stuck with mostly manual processes. One reason is that we teach individuals how to configure a single box — a router, switch, firewall, or load balancer. We don’t do a good job of teaching them how to leverage automation to control the network as a system. Most of the network management tools still look at individual boxes and interfaces, and these same management systems require a lot of manual configuration.

We use change control boards to make fewer mistakes when implementing network changes. The result is that the pace of those changes slows down — and cannot keep up with the rest of IT. We need something different if networking is going to catch up. Instead of configuring the network using incredibly detailed configurations, one box at a time, we need systems that control the network as a system.

Intent-Based Networking Systems

Gartner started covering a new category of system called intent-based networking systems (IBNS) early in 2017. There are just a few vendors making products in this space. Then Cisco announced their plans for IBNS the week before Cisco Live, creating buzz around the term. What does it mean?

A good example is Amazon’s AWS. Let’s say we need a compute node, medium capacity, to perform some analysis. We tell AWS what CPU capacity we want, how much storage to allocate, and whether we want a private or public address. In a few minutes, we have access to the new system, including a secure connection over the internet. There’s no need to specify all the networking configuration. It happens in the background and we don’t need to be concerned about it. We specified what we wanted, not how it’s configured. A good system will monitor the compute that we just created and move the processing to a new hardware platform if the old one fails. Our networks need to be like this.

What Are the Implications?

Networking teams will need new skills, which implies new education. They need support and encouragement from corporate executives, which translates into encouragement to learn and the time to learn. Most vendors now support VM implementations of their main products and for reasonable amounts of money; it is possible to create a virtual instance of important parts of your network. The network team can then use the virtual instance to learn how to use automation and validate changes before deployment.

This is a journey that will take time. The path may need to include spending time with network automation tools like Ansible and SaltStack. The server staff may already be using these tools, which may make the transition easier.

One of the big impacts will be changes in processes. The change control board process will need to change if the network is to become more agile. The network staff will have to become accustomed to new processes for validating and rolling out changes. They will need to work with software developers who can create self-serve portals that allow the IT teams to easily request and implement simple network changes like those performed by AWS.

It’s an exciting time. Changes can be a source of turmoil or they can be a source of opportunity. You get to decide how to handle it.

Leave a Reply

 

Nick Kelly

Cybersecurity Engineer, Cisco

Nick has over 20 years of experience in Security Operations and Security Sales. He is an avid student of cybersecurity and regularly engages with the Infosec community at events like BSides, RVASec, Derbycon and more. The son of an FBI forensics director, Nick holds a B.S. in Criminal Justice and is one of Cisco’s Fire Jumper Elite members. When he’s not working, he writes cyberpunk and punches aliens on his Playstation.

 

Virgilio “BONG” dela Cruz Jr.

CCDP, CCNA V, CCNP, Cisco IPS Express Security for AM/EE
Field Solutions Architect, Tech Data

Virgilio “Bong” has sixteen years of professional experience in IT industry from academe, technical and customer support, pre-sales, post sales, project management, training and enablement. He has worked in Cisco Technical Assistance Center (TAC) as a member of the WAN and LAN Switching team. Bong now works for Tech Data as the Field Solutions Architect with a focus on Cisco Security and holds a few Cisco certifications including Fire Jumper Elite.

 

John Cavanaugh

CCIE #1066, CCDE #20070002, CCAr
Chief Technology Officer, Practice Lead Security Services, NetCraftsmen

John is our CTO and the practice lead for a talented team of consultants focused on designing and delivering scalable and secure infrastructure solutions to customers across multiple industry verticals and technologies. Previously he has held several positions including Executive Director/Chief Architect for Global Network Services at JPMorgan Chase. In that capacity, he led a team managing network architecture and services.  Prior to his role at JPMorgan Chase, John was a Distinguished Engineer at Cisco working across a number of verticals including Higher Education, Finance, Retail, Government, and Health Care.

He is an expert in working with groups to identify business needs, and align technology strategies to enable business strategies, building in agility and scalability to allow for future changes. John is experienced in the architecture and design of highly available, secure, network infrastructure and data centers, and has worked on projects worldwide. He has worked in both the business and regulatory environments for the design and deployment of complex IT infrastructures.