Apstra CEO Mansour Karam

The intent-based networking (IBN) outfit Astra is beginning to deliver on its promise of a new paradigm in data center network automation that looks set to bring fundamental change to the network and how it is operated. Bill Boyle spoke to Apstra CEO Mansour Karam about this new  technology

Apstra is the pioneer of what it calls ‘intent-based networking’ (IBN). Mansour Karam, the CEO and founder of Apstra said: “What we provide is a very powerful automation of infrastructure, starting with data centre networking infrastructures. We are a pure software play. In fact, we work with vendors that provide hardware and we work with the hardware supplied by all of the major vendors.”

Apstra is a pure play IBN pioneer focused on eliminating the complexities and inefficiencies that plague modern data center operations, delivering log-scale improvements in network operation expense, capital expense, and capacity. Apstra’s flagship product, AOS is an intent-based, distributed software system for designing, deploying and operating leaf-spine data center networks, with the goal of speeding time to network service delivery, eliminating outages and reducing operating costs. The company is an early market leader targeting enterprise, service provider and web scale customers.

But do we need intent-based networking? Why does Apstra believe that the network needs to be radically transformed? That can be answered in one sentence: We are suffering, according to Karam, from a chronic lack of automation. According to the last credible figures I saw 75% of recent data center downtime was due to human error.

Karam refers me to the first Blog he wrote at Apstra which defined the approach the company has taken in re-defining networking:

  1. The key to simplifying operations is to run the network as a system, as opposed to box by box. Networking systems are a distributed set of equipment running distributed protocols and routing applications. Network engineering requires complex control and visibility of this distributed set of equipment. Therefore, a distributed systems approach is required.
  2. An intent-based approach that focuses the network engineer on the services they require from the network is key to managing the network as one system. Starting with a declaration of intent, network engineers need an integrated solution that automates all aspects of Day 0, 1, and 2+ operations with closed-loop continuous validation at the core.
  3. Network Engineers must maintain choice and control of the network equipment suppliers. They cannot afford to lock in their data center operational model based on the hardware vendor they happen to have deployed in their networks. Also, they need to stick to a horizontally layered architecture as much as possible – leveraging the protocols that served the industry well for the past 20 years is essential.

Apstra’s goal is to transform data center network operations to deliver agility, choice and massive reductions in TCO. The company enables CTOs to build Self-Operating Networks that are much simpler and less costly than existing networks with far fewer network outages.

Apstra shipped AOS in July of 2016 and was immediately recognized by Gartner as a Cool Vendor and the only full intent-based networking system then in existence. Within one year Cisco CEO Chuck Robbins had repositioned Cisco as an IBN company declaring that Intent-Based Networking would transform the industry for the next 30 years.’

Organisations are embracing digital transformation, whether that is IoT, virtual reality, 5G, or machine learning. And every one of those technologies requires a scalable, reliable, agile network at its heart.

Karam says: “In order to scale the network to meet the requirements of the customers, we had to rethink the entire idea of the network. We have to provide order of magnitude improvements in terms of total cost of ownership and in terms of the capabilities of those networks. While I think the industry has done a great job from a capacity in terms of 10 gig to 25 gig to 50 gig, the way networks work has not changed over the last 20 to 30 years. Finally, the technology is ripe. Finally, we have the application programming interfaces (APIs) that we need. Finally, we can deliver on this today.”

Intent-based networking is a method of automating your infrastructure in a very powerful way across the entire lifecycle, not just pushing around different configurations, but also bringing in advanced analytics and continuous validation to ensure that your network is behaving as you expect it to.

As Karam says: “Essentially think of a self-driving car. When you get into a self-driving car, you just tell the car where to go. That’s intent. The insight there is that the simpler the intent description, the more sophisticated the software needs to be to ensure that your intent is being delivered on. To me, intent-based networking means we’re now operating networks as a system the same way a self-driving car operates a car as a system, not a set of components. The real solution is self-driving software for data center infrastructure.”

In networking what was really missing were great APIs. For a very long time, what existed were vertically integrated stacks – no APIs – just closed systems. Starting with the hyperscales, what we saw was a large demand for those interfaces to open up, because hyperscales were the first to realise that they had to automate their infrastructures. As Karam says: “They can’t do it without APIs and without disaggregation. Customers have compelled vendors – my previous employer was one of the pioneers there – to really open up their APIs. Since then what we’ve seen is that every vendor has responded. Now we have APIs both to configure devices and to collect telemetry from devices. These APIs didn’t even exist six, five years ago. Because we have now APIs, we have a programmable infrastructure and you now can automate your infrastructure using very powerful technologies. That’s really why today is the right time.”

“When someone asks me or when someone says, I’m using machine learning, my answer to them or my question back is can you please tell me what exact machine learning techniques you’re using? Because I feel like sometimes this word is strong and when people use it just to make an impact without really understanding what it means. Certainly you need advanced analytics. Certainly you need powerful methods to collect telemetry, process the telemetry and the data as it pertains back to your intent. Does it require artificial intelligent techniques? Absolutely, but to me, we have to be very precise about those terms and how we use them. A lot of times in automation there are some basic things that – making sure that your network is behaving as you expect it from a connectivity perspective, these are basic things that you need to do that may not require very sophisticated techniques. But then ensuring that you have the right security posture, that you have the performance you want, that your traffic distribution is what you wanted, that your workloads are being placed where you want them to, then you need to get a lot more sophisticated. I’d like everyone to be more precise in how we use those terms and what techniques we’re using.

“Ultimately when we talk about intent, what we are talking about is what ideas the network engineer has in his mind. In the past he just didn’t have a way to express it without going deep into configuring specific devices. He had to do all the hard work himself. It’s as if you want to write a game, but before you can do that you have to go and write a program in assembly. That’s where the industry was and so we needed to change that paradigm.”

Modern data centers based on hyperscale, leaf-spine switching architectures are now so enormously complex they are outstripping the capacity of operators to engineer, configure and manage their networks using present day tools and techniques. Because of this, data center operators are looking for new ways to automate workflows, maximize uptime and increase operational agility while at the same time reducing operating costs.

Forward-looking data center operators are turning to IBN, which employs modern software methods to simplify and streamline data center network operations. IBN systems automatically convert a high-level description of desired network behaviour using business-level rules into low-level configuration data which is then applied to elements in the underlying network infrastructure. IBN also utilizes streaming telemetry and real-time analytics to continuously validate that the current network state is consistent with specified intent.

Apstra is a pure-play IBN pioneer focused on eliminating the complexities and inefficiencies that torment modern data center networks, delivering log-scale improvements in network operation expense, capital expense, and capacity. Apstra’s flagship product, AOS is an intent-based, distributed software system for designing, deploying and operating leaf-spine data center networks, with the goal of speeding time to network service delivery, eliminating outages and reducing operating costs.

Leaf-spine topologies are now the de facto standard – it’s difficult to find a design other than leaf-spine among vendors’ different Ethernet fabric designs. There are good reasons for this — leaf-spine has many desirable characteristics that network designers who need to optimize east-west traffic love.

In leaf-spine networks all east-west hosts are at equal distances. Leaf-spine widens both the access and aggregation layers. A host can talk to another host on any other leaf switch and be confident that the traffic will only go across the ingress leaf switch, spine switch and egress leaf switch. This means that applications running over this particular network infrastructure will behave predictably. This is vital for organizations running multi-tiered Web applications, high-performance computing clusters or high-frequency trading.

Leaf-spine utilses all interconnection links. The traditional three-layer design uses what is called spanning-tree, a loop prevention protocol. Spanning-tree detects loops, and then blocks links forming over the loop. This means that dual-homed access switches only use one of their two uplinks. Other alternatives such as SPB and TRILL allow all links between leaf and spine to forward traffic, allowing the network to scale as traffic grows.

It supports fixed configuration switches. Fixed configuration switches ship with a specific number of ports, compared with chassis switches, which feature modular slots that can be filled with line cards to meet port density requirements. Chassis switches tend to be costly compared to fixed configuration switches. But chassis switches are necessary in traditional three-layer topologies where large numbers of switches from one layer connect to two switches at the next layer. Leaf-spine allows for interconnections to be spread across a large number of spine switches, obviating the need for massive chassis switches in some leaf-spine designs. While chassis switches can be used in the spine layer, many organizations are finding a cost savings in deploying fixed-switch spines.

Leaf-spine is currently the favored design for data center topologies of almost any size. It is predictable, scalable and solves the east-west traffic problem. Any organization whose IT infrastructure is moving towards convergence and high levels of virtualization should evaluate a leaf-spine network topology in their data center.

Joe Skorupa, VP Distinguished Analyst at Gartner, said: “Even more now in industries such as banking and finance it’s about speed. I have known major financial organisations make multi-million dollar investments only to rip-and-replace them the very next day if a technology comes along that improves their competitive edge. In the high frequency trading world tiny increments in speed can make huge differences. However the network hasn’t really changed in the last few decades because network folk are conservative – the reasons are quite clear –  if a server in a data center fails your application goes down, but if your network goes down your entire data center goes down. A network is the ultimate in loosely-coupled highly-interdependent distributed multi-processor computing. So anything anywhere has the potential to effect everything everywhere in ways that are not obvious.

“Anything being built today with very little exception is all leaf spine – I would say 90% of what is being deployed today is leaf spine. The reason for the move to leaf spine is a change in application architecture – in the old three tier architecture it was a very North / South traffic flow – very oversubscribed. The number of apps has grown hugely so there is a lot more traffic happening within the data center – East / West traffic – and leaf spine does a very good job of providing a very high bandwidth, low-latency relatively easy to manage network that does that.

“The strength of intent based networking is that finally we can generate a network design that is mathematically provable to be correct and to continually monitor the network to ensure that it remains mathematically correct. Then at the very best you get notified if something is wrong and at the very worst mediation kicks in and you’ve got a closed loop.

“Intent based networking is a small market at the moment – there are only a handful of companies selling solutions. Cisco has a major push behind it and Dell is using it in-house.

“Moore’s Law has helped Intent based networking because only now do we have the compute power to run the complex algorithms Intent based networking needs to run.”

The other aspect Karam points out had to change is when he wanted a tier 2 to jump on the bandwagon – there was an expectation that network engineers are going to become software engineers. “No, that’s the job of the industry” Karam says: “We’re going to deliver turnkey solutions, simple operational models to our customers and we’re going to provide support to them. The Solutions that we provide, they will be able to deploy, hopefully extremely quickly. In some of our deployments, within an hour they have a network that just works. There is no expectation that to use these types of technologies, you have to become a software engineer. In a sense, while we’re delivering the capabilities of a hyperscale, it’s an Apple interface that we have to wrap around it and so that is our job as an industry and certainly our view as in Apstra. When we said that disaggregation really enabled all of that, that is true. But disaggregation without vendor support will not work, the user cannot test all of these different choices and make it all work, it’s simply not what they are prepared to do. Users want networks that work, networks that are simple to operate, networks that provide really cheaper, much more cost-effective total cost of ownership.

This interview first appeared in the IBS Journal

by Bill Boyle
IBS Intelligence Senior Editor