Blogs
-
Stopping Network Outages Before They Start
Todd MillsteinHow do you detect buggy network configuration changes? My guess is that you use post-deployment checks and monitoring systems. And you should! But if that’s the only thing you’re doing, then you are unnecessarily risking network outages, breaches, and more. Those tools help you cure incidents after they occur, but they do nothing to prevent buggy changes from being deployed in the first place.
-
Incrementally automating your network
Ratul MahajanNetwork automation can significantly benefit your organization. Gartner found that automating 70% of the network changes reduces outages by 50% and speeds service delivery by 50%. But achieving these results is elusive for most organizations—-they never get to the point where a substantial fraction of changes are successfully automated. A key hurdle is creating a reliable SoT (Source of Truth), a herculean task, especially for brownfield networks. This article outlines an incremental approach to network change automation that is not gated on a fully-fleshed SoT.
-
The networking test pyramid
Ratul MahajanAn automated test suite is the key to continuous integration (CI), the DevOps practice of rapidly integrating changes into mainline. The test suite is run on every change to check that individual modules and the full system continue to behave as expected as developers add new features or modify existing ones. A high-quality test suite gives developers and reviewers the confidence that the changes are correct and do not cause collateral damage.
-
Closing the loop on testing network changes
Dinesh Dutt and Ratul Mahajan“..the best way to guard against error is to design systems with layered and overlapping defenses … like slices of Swiss cheese being layered on top of one another until there were no holes you could see through” - from The Premonition, Michael Lewis
-
Automating the long pole of network changes
Matt BrownWhen it comes to automating network changes, most network engineers want to start with automatic config generation and deployment. It just feels like that is the heart of the challenge, and it certainly feels like a fun thing to do.
-
Test drive network change MOPs without a lab
Matt BrownImagine that you could predict and test the full impact of every single change to the network. Imagine also being able to do this within minutes, for the production network itself (not a small-scale replica), and without having to set up and maintain a test lab. Will this capability enable you to reduce the risk of outages and breaches? Will it enable you to be more responsive to the changing business needs of your organization?
-
Network test automation: Rock, Paper, Scissors, Lizard, or Fish?
Chirag VyasWhen building a network automation pipeline, one of the most important questions to consider is: How do you test network changes to prove that they will work as intended and won’t cause an outage or open a security hole? In a world without automation, this burden falls on network engineers and approval boards. But in a world where network changes are automated, testing of changes must be automated as well.
-
Don't be afraid of (network) change
Ratul MahajanCompanies large and small crave agile, resilient networks. They crave infrastructure that adapts rapidly to business needs without outages or security breaches. But changing the network is a risky proposition today, be it adding a firewall rule or provisioning a new rack. 50-80% of network outages are caused by bad network configuration changes. This high level of risk forces networking teams to tread carefully (and slowly) and prevents them from automating network changes.
-
Validating the validator
Victor HeohiardiBatfish provides a unique power to its users: validate network configurations before pushing them to the network. Its analysis is production-scale—unlike with emulation, you don’t need to build a trimmed version of your network. It is also comprehensive—considers all traffic, not just a few flows. These abilities help network engineers proactively fix errors that are responsible for 50-80% of the outages.
-
Lesson from a network outage: Networks need automated reasoning
Ratul MahajanIn the afternoon of October 23, within a few minutes of each other, two friends sent me a link to the recently-released “June 15, 2020 T-Mobile Network Outage Report” by the Public Safety and Homeland Security Bureau (PSHB) of the FCC. Given what Intentionet does, the report sounded interesting and I started reading it immediately.
-
Three ways to break a network (and one to save it)
Dan HalperinWhen people mention network configuration bugs, the first thing that comes to your mind is likely typos–or if you prefer technical terms, “fat fingers”. Of course, if you are an experienced network engineer, you know there is more to config bugs than keyboard gremlins.
-
Pre-deployment validation of BGP route policies
Todd MillsteinWe discuss how validating route policies prior to deployment can prevent outages big and small.
-
A practical approach to building a network CI/CD pipeline
Samir ParikhContinuous integration and continuous deployment (CI/CD) is the practice of automatically packaging, testing, and deploying code, generally in small increments. This modern DevOps practice has made software development agile and reliable, and it holds the same promise for networking as more environments transition to the infrastructure-as-code (IaC) model.
-
Network-model-based security: A new approach that blends the advantages of other leading methods
Ratul MahajanEffective network security is largely based on a central challenge: making sure that only authorized communication among security principals (users, systems, or groups) is allowed. But meeting this challenge has gotten harder as security methods grow more granular and complex.
-
Network as code: From hype to substance
Ratul MahajanLast week, Arista and Cumulus hosted webinars on building CI/CD pipelines for the network (see Arista Webinar, Cumulus Webinar). Both webinars communicated a vision that included generating configuration (changes) automatically, pre-deployment validation, and automated deployment, followed by post-deployment validation.
-
Announcing Ansible modules for Batfish
Samir ParikhWe are excited to announce Ansible modules for Batfish. Now, network engineers can invoke the power of Batfish within Ansible-based automation workflows.
-
Announcing AI-ML
Samir ParikhWe are proud to announce Batfish AI-ML®, our latest product. Batfish AI-ML, or Automatic Intent Mind Link, is the industry’s first and only automatic intent extraction solution. It works seamlessly across all networks, be they data centers, enterprise campuses, service provider networks, or hybrid and multi-cloud deployments.
-
Designing a Network Validation Pipeline
Samir ParikhThe networking industry is on an exciting journey of automating tasks that engineers have historically done manually, such as deploying configuration changes to devices and reasoning about the correctness of those changes before and after deployment. These capabilities can tame the complexity of modern networks and make them more agile, reliable, and secure.
-
The what, when, and how of network validation
Ratul MahajanWhen historically tasked with configuring and managing a computer network, engineers have been forced to do almost everything manually: generate device configurations (and changes to them), commit them to the network, and check that the network behaves as expected afterward. These tasks are not only laborious but also anxiety-inducing, since a single mistake can bring down the network or open a gaping security hole.
-
We made networks work. Now let’s make them work well.
Ratul MahajanA few decades ago, car odometers were designed to roll over to zero after 99,999 miles because it was rare for cars to last that long. But today cars come with a warranty for 100,000 miles because it is rare for cars to not last that long. This massive reliability improvement has come about despite the significantly higher complexity of modern cars. Cars have followed the arc of many engineering artifacts, where human ingenuity brought them to their initial working form and then robust engineering techniques made them work well.
-
Network Engineers: Time to Restock your Tool Chest
Dan HalperinAt Future: Net 2017, our CEO Ratul Mahajan introduced a new network engineering workflow. Designed to evaluate the operation of ever more complex and scaled networks, this workflow aims to eliminate misconfigurations that can lead to a downward spiral of outages, security breaches, and other failures; and to make networks less of a long pole in application delivery.
-
Plug the hole in your network automation — validate changes before you deploy
Samir ParikhWe are excited to announce the release of pybatfish, an open-source Python SDK for Batfish. Batfish is an open-source, multi-vendor network validation framework that enables network engineers, architects and operators to proactively test and validate network design and configuration. It is being used in some of the world’s largest networks to prevent deployment of incorrect configurations that can lead to outages or security breaches.
-
Automation without validation: Risky operation
Ratul MahajanIf you run a large, complex network, you have either already heavily invested in automating key management tasks or are about to. Network automation is a great way to reduce human errors and accomplish those tasks with consistency and speed.
-
Intent specification languages - simplifying network configuration
Todd MillsteinThe growing scale and complexity of today’s networks have outpaced network engineers’ ability to reason about their correct operation. As a consequence, misconfigurations that lead to downtime and security breaches have become all too common. In his keynote presentation at Future: NET 2017, Ratul Mahajan, the CEO of Intentionet, introduced a new network engineering workflow to alleviate such problems (see image below). The foundation of this new workflow, formal validation of network configurations, was introduced in a previous blog post.
-
Don't accidentally break the Internet like Level 3 (or Google, Telia, Telekom Malaysia, ...)
Samir ParikhOn Monday, Nov 6th, 2017, Level 3 Communications (now part of CenturyLink) made national headlines when a configuration error resulted in a massive outage for many users in the USA. The impacted users were customers of several large ISPs, including Comcast. It took 90 minutes for Level 3 to diagnose and remediate the error, and it took even longer for impacted users to regain Internet access.
-
The New Network Engineering Workflow – Formal Validation
Samir ParikhAt Future:NET 2017, hosted by VMWare in Las Vegas on August 30th and 31st, our CEO Ratul Mahajan gave the keynote presentation. Ratul spoke at length about how we can help network engineers and operators make their networks highly agile, reliable, and secure by adapting proven approaches employed by hardware and software engineers.