Over the last few years, networks have become more complex and difficult to manage. Add in remote working and cloud computing and the problem increases, some say exponentially. Add to that the growing ferocity and frequency of network-based service denial and malware attacks. Network protection and management means increased resources and hence costs.
This post is about how an organization can assess the state of automation maturity of their network. It sets out some stages on the way to full automation so they can draw up plans for network improvements.
Why Implement Network Automation?
Currently, many organizations don’t seem to be taking advantage of network automation. To give some background, Gartner published a paper on the state of automation in 2022. It shows that over 40% of all networks have less than 10% automation. At the top end, only 5% have over 75% automation.
As networks become more and more complex, more resources are needed to manage them. As noted above, network attacks—for example, DDoS and ransomware—are also becoming more and more common. Hackers attack e-commerce operators and their sites to extract financial information. Again, more resources are needed to implement and police cybersecurity.
Network operational costs are increasing. Both the capital costs of software and appliances and the operational costs of staff monitoring network behavior and policing infractions are getting larger.
Network automation is a way to reduce both capital and operational costs. It is a longer-term objective and will not provide immediate cost savings. However, that must be balanced against the effects of network downtime and the possibility of a denial-of-service attack or ransomware shutting down the entire network infrastructure.
As a result, there has been an increased focus on automating network management. It can be at a basic level with the introduction of scripts and automation frameowrks, through software-defined networks (SDNs) or intent-based networks (IBNs). The intention is to create self-managing, self-healing, and self-configuring networks that need little or no low-level management resources.
Software-Defined Networks
Simply put, SDNs split networks into two planes, the physical and the logical, with the objective of making the network, as far as possible, self-managing, self-configuring, and self-healing at the physical level. For example, devices are added to the network without prior preparation, and the network configures them automatically according to rules and policies set out at the logical level.
If a device fails, the SDN automatically reroutes traffic around the point of failure without manual intervention, if that is possible. It may also reroute traffic to avoid network congestion and maintain service levels.
The network is managed at the logical level according to manually prepared policies.
Intent-Based Networks
Cisco defines IBN as follows:
“IBN transforms a hardware-centric, manual network into a controller-led network that captures business intent and translates it into policies that can be automated and applied consistently across the network. The goal is for the network to continuously monitor and adjust network performance to help assure desired business outcomes.”
In short, IBNs build on SDNs by adding AI to the mix based on an AI-driven network host controller. For large networks, the prime host controls other secondary network controllers spread around the network. It may stand alone for the smaller network.
Networks then become self-learning and, to a large extent, self-managing. Many common problems are resolved without human intervention, and resources are devoted to higher-level activities, ensuring improved levels of safety and service.
If there is a problem that the IBN cannot resolve, it provides network managers with detailed information about the network problem, speeding up their response by removing the need for a detailed investigation of the fault.
Moving to Network Automation
It is clearly in an organization’s best interests to automate network management as much as possible. There are service level improvements and cost savings, principally from reductions in network downtime and equipment management. There is also increased user and customer satisfaction. If coupled with improved network security, policies, procedures, and software, the benefits can be great.
However, moving to a full self-healing, self-configuring, and self-learning network is not done overnight. The network can’t simply shut down and restart when the upgrade is complete.
Stages of Network Automation
Here are five stages of network automation. These are broad classifications, and many organizations are on more than one level.
Manual
In this stage, human operators perform network operations entirely using manual processes and procedures. There is little or no automation in the network. Configuring equipment before installation and installation of configuration changes are made manually.
As an example, consider a network failure or loss of service.
The first step is to find the point of failure and its cause. That can be a lengthy exercise in a complex network.
If it is a switch failure, for example, adding or replacing a switch means prepping it before installation with an IP address, routing information, and perhaps VPN information at a port level. That takes time and resources and lengthens the recovery process.
A further issue is that of detecting potential network attacks. That means looking out for changes in network activity and reacting quickly to them. Again, it means supplying dedicated resources. Being human, detecting and responding to potential attacks takes time, and mistakes can be made.
One example that hit the media recently was when an IT team mistakenly raised an alert because of significantly increased activity on the organization’s e-commerce website. It turned out to be a false positive, which meant increased activity for network security and reduced service levels while the incident was investigated.
Scripting
At this stage, network operations teams start to use scripting languages like Python and automation tools like Ansible to automate repetitive tasks such as backup and restore procedures, configuration changes, and network monitoring. Scripting is still a great way to start on the automation journey and can give huge rewards in very short time-frames.
Network monitoring is eased by using scripts to generate alerts and configure the basic settings of devices. Some manual intervention is still needed for more complex configurations.
Orchestration
This is the stage at which an SDN comes into play. The scripts used in the previous stage can be the basis of those driving the SDN, and staff can be transferred to more productive areas in monitoring service levels in network monitoring and cybersecurity.
Network operators use orchestration tools to automate complex workflows and processes across multiple devices and systems. Orchestration tools help to reduce manual intervention and automate the end-to-end process.
Be aware that an SDN does not work with all network devices. Some legacy equipment cannot be configured remotely. It needs to enter a special maintenance mode initiated manually.
It is not truly complete automation, but a major step on the way.
Automation
Simply put, this would be graduating from an SDN to an IBN. The bottom level, the physical level, is completely monitored and managed by the IBN. This has the benefit of releasing staff for higher-level tasks, for example, to enhance the overall cybersecurity of the organization.
At the physical level, automation tools are used to perform routine network tasks such as device configuration, software updates, and security patches. The network is largely self-operating, and human intervention is only required for exceptions.
Artificial Intelligence (AI)
This is the full implementation of an AI-based IBN.
At this stage, the network is fully automated and self-learning. AI algorithms are used to detect and remedy network issues, optimize performance, and ensure that the network is always running at its best. AI also enables predictive maintenance and provides insights into the network’s behavior and performance.
How to Get There
It is important to note that the journey to full network automation maturity is a gradual process, and it may take years for organizations to move from one stage to the next.
As with all projects, moving from stage to stage means setting out the business objectives of the new network environment, then defining measurable goals and objectives, a managed implementation plan, and dedicated resources. Funding is also a serious consideration. It may also be necessary to have a feasibility study or trial implementation.
It is prudent to ensure that each project makes sure that the current network remains operational and provides acceptable levels of service. A backup plan to return to full operation of the previous network configuration if the upgrade fails is also a good thing to have.
Final Thoughts
A fully functional and cost-effective network is becoming more and more essential. Recent times have increased pressure on businesses, in general, to be able to provide online services. Having a resilient, stable, and, most importantly, secure network is now vital to business prosperity, if not survival.
Network automation is a good way to start that process.
Check out NetBox Labs to learn more about building and managing a complex network.
This post was written by Iain Robertson. Iain operates as a freelance IT specialist through his own company, after leaving formal employment in 1997. He provides onsite and remote global interim, contract and temporary support as a senior executive in general and ICT management. He usually operates as an ICT project manager or ICT leader in the Tertiary Education sector. He has recently semi-retired as an ICT Director and part-time ICT lecturer in an Ethiopian University.