October 2022 saw IP Fabric’s debut at the ONUG conference in New York to spread the word about how Network Assurance is helping customers reinvent their network operations for the multi-cloud era. IP Fabric Solution Architect Justin Jeffery presented a session entitled “Network Assurance 101” which explained the approach and how IP Fabric’s platform delivers on its promise. If you missed the conference a recorded version can be found on the ONUG website.
What is Network Assurance?
Think of quality assurance in a production process, there to independently assess that the outcome is as expected. And so, Network Assurance can be thought of as the assessment of whether or not you network is delivering the service you expect and need of it.
How is it assessed?
There are five main aspects to the assessment:
- Inventory:
- Which vendors, models, versions of devices are in your network?
- This data would usually be found in multiple places such as CMDB, management systems, or static documents.
- Configuration:
- What do we intend the devices to do?
- Usually built by hand, using golden configurations or templates as a basis.
- State:
- How are the configurations behaving and are they doing what we expect?
- State information is typically not stored and only retrieved during verification or troubleshooting tasks.
- Topology:
- Understanding how the interconnections between devices in the network are involved in passing traffic.
- Usually, a manually intensive process of creating and maintaining topology diagrams using a tool like Visio. Static diagrams represent the expected topology but not necessarily the actual state.
- End to End:
- How does an application or service behave in your network? What paths does a source endpoint take to reach a destination? Which firewalls are allowing (or blocking) traffic?
- Services can live in various parts of the network or even different data centers resulting in an engineer having to manually stitch together multiple topological views to get a full picture.
And so, we typically have a fragmented view of the network and an inconsistent understanding of its behavior end to end with which we need to work. The gaps are usually filled manually by engineers logging in to CLI, running commands and recording the output from them.
How do we automate it?
IP Fabric’s approach addresses all of those aspects:
- Inventory:
- Automated discovery of your multivendor network using Telnet, SSH, or API connections.
- Configuration:
- Capturing raw configuration data from each device, IP Fabric normalizes and standardizes the data then places it into a database
- State:
- CLI and API outputs that represent the behavior of the configuration are also captured and stored alongside the configuration information to give a picture of the operation of the network at a point in time.
- Topology:
- Using the data from Inventory, Configuration, and State, IP Fabric creates a model of the network and its behavior at a point in time. This can be visualized as point-in-time topology diagrams representing your network which can be compared with other snapshots from other times
- End to End:
- Carrying out a Path Lookup query against the network model, a user can understand and visualize how a packet of a given protocol and port traverses through the network, between two endpoints, and how policy is enforced on such a flow.
- This will show you detailed information including your switching infrastructure, Equal-Cost Multi-Path routes, MPLS labels being swapped, and even which ACL or Firewall rule is being matched on a device.
- If IP Fabric is discovering your Cloud instances, it also models the paths to your cloud resources.
And there is more …
Not only do you have a model of your network, but IP Fabric will run the rule over it to ensure that it complies with your organizational standards, regulatory compliance rules, and the behavior you expect of it. Our Intent Verification Rules check inventory, config, state, and topology for 100+ best practice conditions out of the box and can be adapted to suit any organization’s standards and presented as a dashboard.
IP Fabric’s automated Network Assurance platform automatically discovers, models, verifies and visualizes your network infrastructure end to end, freeing your network team from mundane labor-intensive documentation maintenance; accelerating their day-to-day operations; helping to ensure your compliance; and preparing you to introduce automation into your network ops.
For more information, check out ipfabric.io/solution/network-visibility-and-assurance or contact our team at sales@ipfabric.io