SlideShare a Scribd company logo

Troubleshooting for Intent-based Networking

Open Networking Summit
Open Networking Summit

Joon-Myung Kang and Mario A. Sánchez's presentation at the 2017 Open Networking Summit. Intent-based networking has gained a lot of interest in recent years with several different open source communities (including ONF, OpenDaylight and ONOS). However, network diagnosis and troubleshooting remain two essential aspects of network management that still require massive manual effort and extensive expert knowledge. So far, no approach has focused on troubleshooting the network at the intent level. We argue that providing reasoning capabilities about why an observed network state happens according to specified input policies can help simplify this complexity. In this talk, we present our work on network troubleshooting at the intent level. Our solution provides capabilities to enable posing what-if type questions at the policy level –e.g. when a new input policy is introduced– to help answer reachability questions both at the policy and infrastructure level.

Technology
1 of 37
Download to read offline
Troubleshooting for Intent-based Networking Joon-Myung Kang and Mario A. Sánchez Hewlett Packard Labs Open Networking Summit 2017
Intent-based Networking Policy Graph Abstraction and Demo Troubleshooting and Demo QnA 2
Software-Defined Networking Application Plane (SDN Apps) Control Plane (OpenDaylight, ONOS, etc.) Infrastructure (Data) Plane (Cloud/IT/SDN/NFV) Open APIs Program Languages Abstraction SDN Northbound Interfaces Infrastructure Control Interfaces Vendor specific Low-level specifics Manual operations … 3
Software-Defined Networking Application Plane (SDN Apps) Control Plane (OpenDaylight, ONOS, etc.) Infrastructure (Data) Plane (Cloud/IT/SDN/NFV) Open APIs Program Languages Abstraction SDN Northbound Interfaces Infrastructure Control Interfaces Vendor specific Low-level specifics Manual operations … 4
Intent-based Networking Application Plane (SDN Apps) Control Plane (OpenDaylight, ONOS, etc.) Infrastructure (Data) Plane (Cloud/IT/SDN/NFV) INTENT North Bound Interface Infrastructure Control Interfaces − Application Plane says “What” (doesn’t care how) − Control Plane reasons “How” (doesn’t care why) Intent − “what”, not “how” (non-prescriptive) − Is portable − Is universal − Is compose-able − Is invariant − Is scale-able Source: Dave Lenrow, “Intent As The Common Interface to Network Resources,” Intent Based Network Summit 2015 ONF Boulder: Intent NBI Intent “I want my headache to stop” Prescription “Give me two aspirins” 5
Intent-based Networking Examples WEB/Gold/Working Hour No connect/Wireless Configure new guest WiFi 6
Intent-based Networking Examples WEB/Gold/Working Hour No connect/Wireless INVISIBLE Configure new guest WiFi 7
Intent-based Networking Open Source Efforts – ONF Open Source SDN Boulder – Define Intent North Bound Interface (NBI) – http://opensourcesdn.org/projects/project-boulder-intent-northbound-interface-nbi/ – https://community.opensourcesdn.org/wg/IntentNBI/dashboard – OpenDaylight NIC – Network Intent Composition – Manage and direct network services and network resources based on the given “Intent” – https://wiki.opendaylight.org/view/Network_Intent_Composition:Main – ONOS Intent Framework – Allows applications to specify their network control desires in form of policy rather than mechanism (Intent) – https://wiki.onosproject.org/display/ONOS/Intent+Framework ONF Intent NBI – Definition and Principles, Draft Version 6, Sep. 2016 https://wiki.opendaylight.org/view/Network_Intent_Composition:Graph 8
Policy Graph Abstraction (PGA) PGA overview Troubleshooting for Intent-based Networking 9
PGA is Real Public resources ACM SIGCOMM 2015 London, UK Research Paper and Demo Running System and Open Source Contributions OpenStack Summit 2015, 2016 OpenDaylight Summit 2015, 2016 10
Policy Management in Practice 11
Policy Graph Abstraction (PGA) Mktg&Cmp-B &Normal Engg&Cmp-A &Normal HTTP Web& Cloud DNS DB& Cloud Remedy Service Engg&Cmp-A &Qn Mktg&Cam-B &Qn Ping,SSH HTTP monitor SQL, monitor sync, monitor monitor DNS DNS * * BC BC BCLBFW BCLBFW DPIDPI BC BC graph composition Quarantined Remedy Service Policy sources Graph abstraction Unified, conflict-free policy graph Deploy 12
PGA Example − Label namespace across cloud services and network, capturing overlap vs. disjoint relations between labels 13 CPU Utilization > 90% <= 90%
PGA Example − Label namespace across cloud services and network, capturing overlap vs. disjoint relations between labels − 4 individual input policies (a) Departments admin Engg. Mktg Ping,SSH Cloud monitor Quarantined Remedy Service * (b) Application admin (d) Cloud operator(c) SDN app: HPE Net Protector Campus Cloud * * HTTP Empl Web SQL sync DBLB Normal DNS DNS (a) Enterprise IT admin DPI FW BC BC Cmp-AMktg Empl App Web CampusDB Net Protector Status Normal Qn Tenant Location Engg: Campus-A Mktg: Campus-B Application: Cloud Empl: Net protector Engg Label Namespace Label Mappings disjoint Cloud Cmp-B 14
PGA Example − 4 individual input policies − Label namespace across cloud services and network, capturing overlap vs. disjoint relations between labels − Proactive, automatic composition − Scalable algorithm: 13 mins to compose 20K ACL + service chain policies (a) Departments admin Engg. Mktg Ping,SSH Cloud monitor Quarantined Remedy Service * (b) Application admin (d) Cloud operator(c) SDN app: HPE Net Protector Campus Cloud * * HTTP Empl Web SQL sync DBLB Normal DNS DNS (a) Enterprise IT admin DPI FW BC BC Mktg&Cmp-B &Normal Engg&Cmp-A &Normal HTTP Web& Cloud DNS DB& Cloud Remedy Service Engg&Cmp-A &Qn Mktg&Cam-B &Qn Ping,SSH HTTP monitor SQL, monitor sync, monitor monitor DNS DNS * * BC BC BCLBFW BCLBFW DPIDPI BC BC compose Cmp-AMktg Empl App Web CampusDB Net Protector Status Normal Qn Tenant Location Engg: Campus-A Mktg: Campus-B Application: Cloud Empl: Net protector Engg Label Namespace Label Mappings disjoint Cloud Cmp-B 15
PGA Current status PGA implementation and impact − PGA model, composition, deployment, and tool to convert ACL policy configuration to PGA intent specification − PGA prototype for OpenStack (Juno ~ Newton) − PGA Intent APIs and graph compiler contributed to ODL/NIC Beryllium release − Troubleshooting for intent based policy management − Conflict detection − Composition correctness verification − Intent addition/modification/deletion 16
Live Demo PGA Basic Operations 17
PGA Demo 18
Troubleshooting With Intent-based Networking
Network debugging/troubleshooting a difficult task Picture sources: http://simplearchitectures.blogspot.com/2013/08/addressing-data-center-complexity.html http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Data_Center/ServerFarmSec_2- 1/ServSecDC/8_NIDS.html WEB NO CONNECT Picture source: http://www.ntstn.com/category/troubleshooting/network- troubleshooting Policy Network ping traceroute tcpdump SNMP sflow
Systematic troubleshooting –Know intent of the operator –Check network behavior against operator intent Intent-based networking –Policy is a first-class citizen –Intent explicitly expressed at policy layer –Forwarding semantics explicitly defined –Code compiles policy description into lower-level configuration Difficult to achieve in legacy networks Opportunity to rethink network debugging
Intent-based Networking Application Plane (SDN Apps) Controller Plane (OpenDaylight, ONOS, etc.) Infrastructure (Data) Plane (Cloud/IT/SDN/NFV) INTENT North Bound Interface Infrastructure Control Interfaces – Control Apps – Specify routing/access control policies – Logical view – Simplified/abstract representation of network – Physical view – One-to-one correspondence with the physical network – Controller’s job to configure the network devices (OpenFlow)
Intent-based Networking Application Plane (SDN Apps) Controller Plane (OpenDaylight, ONOS, etc.) Infrastructure (Data) Plane (Cloud/IT/SDN/NFV) INTENT North Bound Interface Infrastructure Control Interfaces – Control Apps – Specify routing/access control policies – Logical view – Simplified/abstract representation of network – Physical view – One-to-one correspondence with the physical network – Controller’s job to configure the network devices (OpenFlow) • Each layer performs one piece of translation process • Every layer should correctly map to every other layer • Most errors in SDN are mistranslations between layers
Checking network behavior against intent –Early debugging tools for OpenFlow-enabled networks –Ndb, OFRewind, NetSight, netwatch, netshark, nprof… –Easier to discover the source of network problems [Faulty device firmware, inconsistent flow rules, faulty routing…] –Testing and verification complement network troubleshooting and debugging [Loop freedom, black holes, performance of OpenFlow switches…] Too low level!
Knowing the operator’s intent Does the Actual Network Behavior Match the Policy? –If NO… Match the symptoms to responsible system component –If YES… The policy itself is the problem, a human must resolve the discrepancy –If unwanted behavior persists & all state layers are equivalent: –The configured policy must not match the operator’s intent
Troubleshooting System Composed graph User/App1 User/App2 User/Appn User Intents Input graphs Infrastructure Controllers PGA Results Metadata GUI Query Query Examples – Reachability/Connectivity checking – Can A talk to B? – Security vulnerability or Risk assessment – Addition/removal/edition correctnessTroubleshooting System
Troubleshooting Examples Reachability –Can A talk to B? –What EPG do nodes belong to? –Is there an edge connecting both EPGs? –What security groups should be checked? –What middleboxes should be checked?
Troubleshooting example Troubleshooting network connectivity (reachability) (a) Departments admin Engg. Mktg Ping,SSH Cloud monitor Quarantined Remedy Service * (b) Application admin (d) Cloud operator(c) SDN app: HP Net Protector Campus Cloud * * HTTP Empl Web SQL sync DBLB Normal DNS DNS (a) Enterprise IT admin DPI FW BC BC Mktg&Cmp-B &Normal Engg&Cmp-A &Normal HTTP Web& Cloud DNS DB& Cloud Remedy Service Engg&Cmp-A &Qn Mktg&Cam-B &Qn Ping,SSH HTTP monitor SQL, monitor sync, monitor monitor DNS DNS * * BC BC BCLBFW BCLBFW DPIDPI BC BC compose Cmp- A Status Tenant Empl App Mktg Web DB Campus Cloud Net Protector Normal Qn Location Engg: Campus-A Mktg: Campus-B Application: Cloud Empl: Net protector Cmp- B Eng g Label Namespace Label Mappings disjoint web Engg client HR site
Troubleshooting example Intent addition/modification/removal (a) Departments admin Engg. Mktg Ping,SSH Cloud monitor Quarantined Remedy Service * (b) Application admin (d) Cloud operator(c) SDN app: HP Net Protector Campus Cloud * * HTTP Empl Web SQL sync DBLB Normal DNS DNS (a) Enterprise IT admin DPI FW BC BC Mktg&Cmp-B &Normal Engg&Cmp-A &Normal HTTP Web& Cloud DNS DB& Cloud Remedy Service Engg&Cmp-A &Qn Mktg&Cam-B &Qn Ping,SSH HTTP monitor SQL, monitor sync, monitor monitor DNS DNS * * BC BC BCLBFW BCLBFW DPIDPI BC BC Cmp- A Status Tenant Empl App Mktg Web DB Campus Cloud Net Protector Normal Qn Location Engg: Campus-A Mktg: Campus-B Application: Cloud Empl: Net protector Cmp- B Eng g Label Namespace Label Mappings disjoint compare 29
Troubleshooting example Risk Assessment Indicator may be composed using different data points: e.g. # of compromised hops; # of network functions traversed, etc. What if a host from “Web&Cloud” is compromised? What EPGs might be able to reach host ‘x’ (through intermediate host compromise)?
Troubleshooting Demo Marketing Employee Campus Admin 10.10.20.1 Connectivity Problem Intent edition Remote desktop connection
PGA and Troubleshooting Demo 32
Summary –Intent-based Networking is beneficial to simplify network control & management 33
Summary –Intent-based Networking is beneficial to simplify network control & management –Policy Graph Abstraction (PGA) is one of the well-defined intent-based management framework and we presented possible troubleshooting examples 34
Summary –Intent-based Networking is beneficial to simplify network control & management –Policy Graph Abstraction (PGA) is one of the well-defined intent-based management framework and we presented possible troubleshooting examples –Intent-level troubleshooting can help to easily do troubleshooting network problems 35
Summary –Intent-based Networking is beneficial to simplify network control & management –Policy Graph Abstraction (PGA) is one of the well-defined intent-based management framework and we presented possible troubleshooting examples –Intent-level troubleshooting can help to easily identify network problems –What’s next – More More More practical experiences from network operators/administrators/developers… 36
Thank you joon-myung.kang@hpe.com mario.ant.sanchez@hpe.com 37

Recommended

How SASE can help you move securely from the PSN with VMware and Breeze Networks
How SASE can help you move securely from the PSN with VMware and Breeze NetworksHow SASE can help you move securely from the PSN with VMware and Breeze Networks
How SASE can help you move securely from the PSN with VMware and Breeze NetworksArticulate Marketing
 
PRTG NETWORK MONITORING
PRTG NETWORK MONITORINGPRTG NETWORK MONITORING
PRTG NETWORK MONITORINGFanky Christian
 
Salesforce1 PlatformアーキテクチャWebinar
Salesforce1 PlatformアーキテクチャWebinarSalesforce1 PlatformアーキテクチャWebinar
Salesforce1 PlatformアーキテクチャWebinarSalesforce Developers Japan
 
Introduction to 5G by Doug Hohulin
Introduction to 5G by Doug HohulinIntroduction to 5G by Doug Hohulin
Introduction to 5G by Doug HohulinGigabit City Summit
 
Network Security - Fortinet, Dublin June 2017
Network Security - Fortinet, Dublin June 2017Network Security - Fortinet, Dublin June 2017
Network Security - Fortinet, Dublin June 2017Novosco
 
CCNA Certificate
CCNA CertificateCCNA Certificate
CCNA Certificatem_mun17
 
David Soldani, Huawei
David Soldani, HuaweiDavid Soldani, Huawei
David Soldani, HuaweiHilary Ip
 
SD WAN
SD WANSD WAN
SD WANBri Molina
 

Recommended

How SASE can help you move securely from the PSN with VMware and Breeze Networks
How SASE can help you move securely from the PSN with VMware and Breeze NetworksHow SASE can help you move securely from the PSN with VMware and Breeze Networks
How SASE can help you move securely from the PSN with VMware and Breeze NetworksArticulate Marketing
 
PRTG NETWORK MONITORING
PRTG NETWORK MONITORINGPRTG NETWORK MONITORING
PRTG NETWORK MONITORINGFanky Christian
 
Salesforce1 PlatformアーキテクチャWebinar
Salesforce1 PlatformアーキテクチャWebinarSalesforce1 PlatformアーキテクチャWebinar
Salesforce1 PlatformアーキテクチャWebinarSalesforce Developers Japan
 
Introduction to 5G by Doug Hohulin
Introduction to 5G by Doug HohulinIntroduction to 5G by Doug Hohulin
Introduction to 5G by Doug HohulinGigabit City Summit
 
Network Security - Fortinet, Dublin June 2017
Network Security - Fortinet, Dublin June 2017Network Security - Fortinet, Dublin June 2017
Network Security - Fortinet, Dublin June 2017Novosco
 
CCNA Certificate
CCNA CertificateCCNA Certificate
CCNA Certificatem_mun17
 
David Soldani, Huawei
David Soldani, HuaweiDavid Soldani, Huawei
David Soldani, HuaweiHilary Ip
 
SD WAN
SD WANSD WAN
SD WANBri Molina
 
SD WAN Overview | What is SD WAN | Benefits of SD WAN
SD WAN Overview | What is SD WAN | Benefits of SD WAN SD WAN Overview | What is SD WAN | Benefits of SD WAN
SD WAN Overview | What is SD WAN | Benefits of SD WAN Ashutosh Kaushik
 
Palo alto NGfw2023.pptx
Palo alto NGfw2023.pptxPalo alto NGfw2023.pptx
Palo alto NGfw2023.pptxahmad661583
 
Field Service Lightning Product Launch for Partners (March 15, 2016)
Field Service Lightning Product Launch for Partners (March 15, 2016)Field Service Lightning Product Launch for Partners (March 15, 2016)
Field Service Lightning Product Launch for Partners (March 15, 2016)Salesforce Partners
 
Signaling security essentials. Ready, steady, 5G!
Signaling security essentials. Ready, steady, 5G! Signaling security essentials. Ready, steady, 5G!
Signaling security essentials. Ready, steady, 5G!PositiveTechnologies
 
Pardot implementation: Preparing for a Pardot implementation and managing you...
Pardot implementation: Preparing for a Pardot implementation and managing you...Pardot implementation: Preparing for a Pardot implementation and managing you...
Pardot implementation: Preparing for a Pardot implementation and managing you...Brainrider B2B Marketing
 
ccnp-enterprise-core-networking-encor-product-overview.pptx
ccnp-enterprise-core-networking-encor-product-overview.pptxccnp-enterprise-core-networking-encor-product-overview.pptx
ccnp-enterprise-core-networking-encor-product-overview.pptxssuserff1f40
 
FEMTOCELL
FEMTOCELLFEMTOCELL
FEMTOCELLDeepika C S
 
Citrix Netscaler Deployment Guide
Citrix Netscaler Deployment GuideCitrix Netscaler Deployment Guide
Citrix Netscaler Deployment GuideCitrix
 
Telecom Security in the Era of 5G and IoT
Telecom Security in the Era of 5G and IoTTelecom Security in the Era of 5G and IoT
Telecom Security in the Era of 5G and IoTPositiveTechnologies
 
5 g core overview
5 g core overview5 g core overview
5 g core overviewHemraj Kumar
 
LPWA network
LPWA networkLPWA network
LPWA networkMohamed El Bachir diallo
 
Resume
ResumeResume
ResumeSun Technologies Inc
 
Fortigate Firewall How to - DLP
Fortigate Firewall How to - DLPFortigate Firewall How to - DLP
Fortigate Firewall How to - DLPIPMAX s.r.l.
 
Firewall
FirewallFirewall
Firewallnayakslideshare
 
FortiGate Firewall How-To: WEB Filtering
FortiGate Firewall How-To: WEB FilteringFortiGate Firewall How-To: WEB Filtering
FortiGate Firewall How-To: WEB FilteringIPMAX s.r.l.
 
Ccnp presentation day 4 sd-access vs traditional network architecture
Ccnp presentation day 4 sd-access vs traditional network architectureCcnp presentation day 4 sd-access vs traditional network architecture
Ccnp presentation day 4 sd-access vs traditional network architectureSagarR24
 
linux fresher resume
linux fresher resumelinux fresher resume
linux fresher resumePrasad Babu
 
Demystifying Prisma Access
Demystifying Prisma AccessDemystifying Prisma Access
Demystifying Prisma AccessHaris Chughtai
 
Frogger vlan hopping
Frogger vlan hoppingFrogger vlan hopping
Frogger vlan hoppingDhaval Khairnar
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 
Network Intent Composition in OpenDaylight
Network Intent Composition in OpenDaylightNetwork Intent Composition in OpenDaylight
Network Intent Composition in OpenDaylightOpenDaylight
 
IPv4 to IPv6 network transformation
IPv4 to IPv6 network transformationIPv4 to IPv6 network transformation
IPv4 to IPv6 network transformationNikolay Milovanov
 

More Related Content

What's hot

SD WAN Overview | What is SD WAN | Benefits of SD WAN
SD WAN Overview | What is SD WAN | Benefits of SD WAN SD WAN Overview | What is SD WAN | Benefits of SD WAN
SD WAN Overview | What is SD WAN | Benefits of SD WAN Ashutosh Kaushik
 
Palo alto NGfw2023.pptx
Palo alto NGfw2023.pptxPalo alto NGfw2023.pptx
Palo alto NGfw2023.pptxahmad661583
 
Field Service Lightning Product Launch for Partners (March 15, 2016)
Field Service Lightning Product Launch for Partners (March 15, 2016)Field Service Lightning Product Launch for Partners (March 15, 2016)
Field Service Lightning Product Launch for Partners (March 15, 2016)Salesforce Partners
 
Signaling security essentials. Ready, steady, 5G!
Signaling security essentials. Ready, steady, 5G! Signaling security essentials. Ready, steady, 5G!
Signaling security essentials. Ready, steady, 5G!PositiveTechnologies
 
Pardot implementation: Preparing for a Pardot implementation and managing you...
Pardot implementation: Preparing for a Pardot implementation and managing you...Pardot implementation: Preparing for a Pardot implementation and managing you...
Pardot implementation: Preparing for a Pardot implementation and managing you...Brainrider B2B Marketing
 
ccnp-enterprise-core-networking-encor-product-overview.pptx
ccnp-enterprise-core-networking-encor-product-overview.pptxccnp-enterprise-core-networking-encor-product-overview.pptx
ccnp-enterprise-core-networking-encor-product-overview.pptxssuserff1f40
 
Citrix Netscaler Deployment Guide
Citrix Netscaler Deployment GuideCitrix Netscaler Deployment Guide
Citrix Netscaler Deployment GuideCitrix
 
Telecom Security in the Era of 5G and IoT
Telecom Security in the Era of 5G and IoTTelecom Security in the Era of 5G and IoT
Telecom Security in the Era of 5G and IoTPositiveTechnologies
 
Fortigate Firewall How to - DLP
Fortigate Firewall How to - DLPFortigate Firewall How to - DLP
Fortigate Firewall How to - DLPIPMAX s.r.l.
 
FortiGate Firewall How-To: WEB Filtering
FortiGate Firewall How-To: WEB FilteringFortiGate Firewall How-To: WEB Filtering
FortiGate Firewall How-To: WEB FilteringIPMAX s.r.l.
 
Ccnp presentation day 4 sd-access vs traditional network architecture
Ccnp presentation day 4 sd-access vs traditional network architectureCcnp presentation day 4 sd-access vs traditional network architecture
Ccnp presentation day 4 sd-access vs traditional network architectureSagarR24
 
linux fresher resume
linux fresher resumelinux fresher resume
linux fresher resumePrasad Babu
 
Demystifying Prisma Access
Demystifying Prisma AccessDemystifying Prisma Access
Demystifying Prisma AccessHaris Chughtai
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 

What's hot (20)

SD WAN Overview | What is SD WAN | Benefits of SD WAN
SD WAN Overview | What is SD WAN | Benefits of SD WAN SD WAN Overview | What is SD WAN | Benefits of SD WAN
SD WAN Overview | What is SD WAN | Benefits of SD WAN
 
Palo alto NGfw2023.pptx
Palo alto NGfw2023.pptxPalo alto NGfw2023.pptx
Palo alto NGfw2023.pptx
 
Field Service Lightning Product Launch for Partners (March 15, 2016)
Field Service Lightning Product Launch for Partners (March 15, 2016)Field Service Lightning Product Launch for Partners (March 15, 2016)
Field Service Lightning Product Launch for Partners (March 15, 2016)
 
Signaling security essentials. Ready, steady, 5G!
Signaling security essentials. Ready, steady, 5G! Signaling security essentials. Ready, steady, 5G!
Signaling security essentials. Ready, steady, 5G!
 
Pardot implementation: Preparing for a Pardot implementation and managing you...
Pardot implementation: Preparing for a Pardot implementation and managing you...Pardot implementation: Preparing for a Pardot implementation and managing you...
Pardot implementation: Preparing for a Pardot implementation and managing you...
 
ccnp-enterprise-core-networking-encor-product-overview.pptx
ccnp-enterprise-core-networking-encor-product-overview.pptxccnp-enterprise-core-networking-encor-product-overview.pptx
ccnp-enterprise-core-networking-encor-product-overview.pptx
 
FEMTOCELL
FEMTOCELLFEMTOCELL
FEMTOCELL
 
Citrix Netscaler Deployment Guide
Citrix Netscaler Deployment GuideCitrix Netscaler Deployment Guide
Citrix Netscaler Deployment Guide
 
Telecom Security in the Era of 5G and IoT
Telecom Security in the Era of 5G and IoTTelecom Security in the Era of 5G and IoT
Telecom Security in the Era of 5G and IoT
 
5 g core overview
5 g core overview5 g core overview
5 g core overview
 
LPWA network
LPWA networkLPWA network
LPWA network
 
Resume
ResumeResume
Resume
 
Fortigate Firewall How to - DLP
Fortigate Firewall How to - DLPFortigate Firewall How to - DLP
Fortigate Firewall How to - DLP
 
Firewall
FirewallFirewall
Firewall
 
FortiGate Firewall How-To: WEB Filtering
FortiGate Firewall How-To: WEB FilteringFortiGate Firewall How-To: WEB Filtering
FortiGate Firewall How-To: WEB Filtering
 
Ccnp presentation day 4 sd-access vs traditional network architecture
Ccnp presentation day 4 sd-access vs traditional network architectureCcnp presentation day 4 sd-access vs traditional network architecture
Ccnp presentation day 4 sd-access vs traditional network architecture
 
linux fresher resume
linux fresher resumelinux fresher resume
linux fresher resume
 
Demystifying Prisma Access
Demystifying Prisma AccessDemystifying Prisma Access
Demystifying Prisma Access
 
Frogger vlan hopping
Frogger vlan hoppingFrogger vlan hopping
Frogger vlan hopping
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewalls
 

Similar to Troubleshooting for Intent-based Networking

Network Intent Composition in OpenDaylight
Network Intent Composition in OpenDaylightNetwork Intent Composition in OpenDaylight
Network Intent Composition in OpenDaylightOpenDaylight
 
IPv4 to IPv6 network transformation
IPv4 to IPv6 network transformationIPv4 to IPv6 network transformation
IPv4 to IPv6 network transformationNikolay Milovanov
 
Cloud-Scale BGP and NetFlow Analysis
Cloud-Scale BGP and NetFlow AnalysisCloud-Scale BGP and NetFlow Analysis
Cloud-Scale BGP and NetFlow AnalysisAlex Henthorn-Iwane
 
5 pipeline arch_rationale
5 pipeline arch_rationale5 pipeline arch_rationale
5 pipeline arch_rationalevideos
 
Software Innovations and Control Plane Evolution in the new SDN Transport Arc...
Software Innovations and Control Plane Evolution in the new SDN Transport Arc...Software Innovations and Control Plane Evolution in the new SDN Transport Arc...
Software Innovations and Control Plane Evolution in the new SDN Transport Arc...Cisco Canada
 
Swisscom Network Analytics Data Mesh Architecture - ETH Viscon - 10-2022.pdf
Swisscom Network Analytics Data Mesh Architecture - ETH Viscon - 10-2022.pdfSwisscom Network Analytics Data Mesh Architecture - ETH Viscon - 10-2022.pdf
Swisscom Network Analytics Data Mesh Architecture - ETH Viscon - 10-2022.pdfThomasGraf40
 
SDN in the Enterprise: APIC Enterprise Module
SDN in the Enterprise: APIC Enterprise Module SDN in the Enterprise: APIC Enterprise Module
SDN in the Enterprise: APIC Enterprise Module Cisco Canada
 
Summit 16: Open-O Mini-Summit - Architecture & Technology
Summit 16: Open-O Mini-Summit - Architecture & TechnologySummit 16: Open-O Mini-Summit - Architecture & Technology
Summit 16: Open-O Mini-Summit - Architecture & TechnologyOPNFV
 
Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013Puppet
 
Выявление и локализация проблем в сети с помощью инструментов Riverbed
Выявление и локализация проблем в сети с помощью инструментов RiverbedВыявление и локализация проблем в сети с помощью инструментов Riverbed
Выявление и локализация проблем в сети с помощью инструментов RiverbedElena Marianenko
 
Network Automation Journey, A systems engineer NetOps perspective
Network Automation Journey, A systems engineer NetOps perspectiveNetwork Automation Journey, A systems engineer NetOps perspective
Network Automation Journey, A systems engineer NetOps perspectiveWalid Shaari
 
9Tuts.Com New CCNA 200-120 New CCNA New Questions 2
9Tuts.Com New CCNA 200-120 New CCNA New Questions 29Tuts.Com New CCNA 200-120 New CCNA New Questions 2
9Tuts.Com New CCNA 200-120 New CCNA New Questions 2Lori Head
 
network-management Web base.ppt
network-management Web base.pptnetwork-management Web base.ppt
network-management Web base.pptAssadLeo1
 
ALT-F1 Techtalk 3 - Google AppEngine
ALT-F1 Techtalk 3 - Google AppEngineALT-F1 Techtalk 3 - Google AppEngine
ALT-F1 Techtalk 3 - Google AppEngineAbdelkrim Boujraf
 
Question 7 of 30 . Which type of hardware can.pdf
Question 7 of 30 . Which type of hardware can.pdfQuestion 7 of 30 . Which type of hardware can.pdf
Question 7 of 30 . Which type of hardware can.pdfaman05bhatia1
 
Monitoring federation open stack infrastructure
Monitoring federation open stack infrastructureMonitoring federation open stack infrastructure
Monitoring federation open stack infrastructureFernando Lopez Aguilar
 

Similar to Troubleshooting for Intent-based Networking (20)

Network Intent Composition in OpenDaylight
Network Intent Composition in OpenDaylightNetwork Intent Composition in OpenDaylight
Network Intent Composition in OpenDaylight
 
IPv4 to IPv6 network transformation
IPv4 to IPv6 network transformationIPv4 to IPv6 network transformation
IPv4 to IPv6 network transformation
 
Cloud-Scale BGP and NetFlow Analysis
Cloud-Scale BGP and NetFlow AnalysisCloud-Scale BGP and NetFlow Analysis
Cloud-Scale BGP and NetFlow Analysis
 
5 pipeline arch_rationale
5 pipeline arch_rationale5 pipeline arch_rationale
5 pipeline arch_rationale
 
PACE-IT: Troubleshooting Connectivity With Utilities
PACE-IT: Troubleshooting Connectivity With UtilitiesPACE-IT: Troubleshooting Connectivity With Utilities
PACE-IT: Troubleshooting Connectivity With Utilities
 
Sdn&security
Sdn&securitySdn&security
Sdn&security
 
Software Innovations and Control Plane Evolution in the new SDN Transport Arc...
Software Innovations and Control Plane Evolution in the new SDN Transport Arc...Software Innovations and Control Plane Evolution in the new SDN Transport Arc...
Software Innovations and Control Plane Evolution in the new SDN Transport Arc...
 
Swisscom Network Analytics Data Mesh Architecture - ETH Viscon - 10-2022.pdf
Swisscom Network Analytics Data Mesh Architecture - ETH Viscon - 10-2022.pdfSwisscom Network Analytics Data Mesh Architecture - ETH Viscon - 10-2022.pdf
Swisscom Network Analytics Data Mesh Architecture - ETH Viscon - 10-2022.pdf
 
sdnppt.pdf
sdnppt.pdfsdnppt.pdf
sdnppt.pdf
 
SDN in the Enterprise: APIC Enterprise Module
SDN in the Enterprise: APIC Enterprise Module SDN in the Enterprise: APIC Enterprise Module
SDN in the Enterprise: APIC Enterprise Module
 
Summit 16: Open-O Mini-Summit - Architecture & Technology
Summit 16: Open-O Mini-Summit - Architecture & TechnologySummit 16: Open-O Mini-Summit - Architecture & Technology
Summit 16: Open-O Mini-Summit - Architecture & Technology
 
SDN approach.pptx
SDN approach.pptxSDN approach.pptx
SDN approach.pptx
 
Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013Cisco Automation with Puppet and onePK - PuppetConf 2013
Cisco Automation with Puppet and onePK - PuppetConf 2013
 
Выявление и локализация проблем в сети с помощью инструментов Riverbed
Выявление и локализация проблем в сети с помощью инструментов RiverbedВыявление и локализация проблем в сети с помощью инструментов Riverbed
Выявление и локализация проблем в сети с помощью инструментов Riverbed
 
Network Automation Journey, A systems engineer NetOps perspective
Network Automation Journey, A systems engineer NetOps perspectiveNetwork Automation Journey, A systems engineer NetOps perspective
Network Automation Journey, A systems engineer NetOps perspective
 
9Tuts.Com New CCNA 200-120 New CCNA New Questions 2
9Tuts.Com New CCNA 200-120 New CCNA New Questions 29Tuts.Com New CCNA 200-120 New CCNA New Questions 2
9Tuts.Com New CCNA 200-120 New CCNA New Questions 2
 
network-management Web base.ppt
network-management Web base.pptnetwork-management Web base.ppt
network-management Web base.ppt
 
ALT-F1 Techtalk 3 - Google AppEngine
ALT-F1 Techtalk 3 - Google AppEngineALT-F1 Techtalk 3 - Google AppEngine
ALT-F1 Techtalk 3 - Google AppEngine
 
Question 7 of 30 . Which type of hardware can.pdf
Question 7 of 30 . Which type of hardware can.pdfQuestion 7 of 30 . Which type of hardware can.pdf
Question 7 of 30 . Which type of hardware can.pdf
 
Monitoring federation open stack infrastructure
Monitoring federation open stack infrastructureMonitoring federation open stack infrastructure
Monitoring federation open stack infrastructure
 

More from Open Networking Summit

Considerations for Deploying Virtual Network Functions and Services
Considerations for Deploying Virtual Network Functions and ServicesConsiderations for Deploying Virtual Network Functions and Services
Considerations for Deploying Virtual Network Functions and ServicesOpen Networking Summit
 
Open Source Networking Solving Molecular Analysis of Cancer
Open Source Networking Solving Molecular Analysis of CancerOpen Source Networking Solving Molecular Analysis of Cancer
Open Source Networking Solving Molecular Analysis of CancerOpen Networking Summit
 
Building Business on Top of Open Source
Building Business on Top of Open SourceBuilding Business on Top of Open Source
Building Business on Top of Open SourceOpen Networking Summit
 
Five Trends Enabled by 5G that will Change Networking Forever
Five Trends Enabled by 5G that will Change Networking ForeverFive Trends Enabled by 5G that will Change Networking Forever
Five Trends Enabled by 5G that will Change Networking ForeverOpen Networking Summit
 
Networking Challenges for the Next Decade
Networking Challenges for the Next DecadeNetworking Challenges for the Next Decade
Networking Challenges for the Next DecadeOpen Networking Summit
 
A Centrally Orchestrated SD-WAN Building a Green Ecosystem
A Centrally Orchestrated SD-WAN Building a Green EcosystemA Centrally Orchestrated SD-WAN Building a Green Ecosystem
A Centrally Orchestrated SD-WAN Building a Green EcosystemOpen Networking Summit
 
SDN-Based Enterprise Connectivity Service
SDN-Based Enterprise Connectivity ServiceSDN-Based Enterprise Connectivity Service
SDN-Based Enterprise Connectivity ServiceOpen Networking Summit
 
Open and Disaggregated Transport SDN - from PoC to Field Trial
Open and Disaggregated Transport SDN - from PoC to Field TrialOpen and Disaggregated Transport SDN - from PoC to Field Trial
Open and Disaggregated Transport SDN - from PoC to Field TrialOpen Networking Summit
 
Disaggregated Networking - The Drivers, the Software & The High Availability
Disaggregated Networking - The Drivers, the Software & The High AvailabilityDisaggregated Networking - The Drivers, the Software & The High Availability
Disaggregated Networking - The Drivers, the Software & The High AvailabilityOpen Networking Summit
 
IoT in Action: Architecting, Securing, & Scaling Applications
IoT in Action: Architecting, Securing, & Scaling ApplicationsIoT in Action: Architecting, Securing, & Scaling Applications
IoT in Action: Architecting, Securing, & Scaling ApplicationsOpen Networking Summit
 
Open Source Approach to Design and Deployment of Microservices-based VNF
Open Source Approach to Design and Deployment of Microservices-based VNFOpen Source Approach to Design and Deployment of Microservices-based VNF
Open Source Approach to Design and Deployment of Microservices-based VNFOpen Networking Summit
 
OpenStack: Networking Roadmap, Collaboration and Contribution
OpenStack: Networking Roadmap, Collaboration and ContributionOpenStack: Networking Roadmap, Collaboration and Contribution
OpenStack: Networking Roadmap, Collaboration and ContributionOpen Networking Summit
 
Arachne: How does Uber check the health of its Network Infrastructure every 1...
Arachne: How does Uber check the health of its Network Infrastructure every 1...Arachne: How does Uber check the health of its Network Infrastructure every 1...
Arachne: How does Uber check the health of its Network Infrastructure every 1...Open Networking Summit
 

More from Open Networking Summit (20)

Microservice Powered Orchestration
Microservice Powered OrchestrationMicroservice Powered Orchestration
Microservice Powered Orchestration
 
Considerations for Deploying Virtual Network Functions and Services
Considerations for Deploying Virtual Network Functions and ServicesConsiderations for Deploying Virtual Network Functions and Services
Considerations for Deploying Virtual Network Functions and Services
 
Software Defined RAN
Software Defined RANSoftware Defined RAN
Software Defined RAN
 
Design Principles for 5G
Design Principles for 5GDesign Principles for 5G
Design Principles for 5G
 
Disaggregation @Equinix
Disaggregation @EquinixDisaggregation @Equinix
Disaggregation @Equinix
 
Open Source Networking Solving Molecular Analysis of Cancer
Open Source Networking Solving Molecular Analysis of CancerOpen Source Networking Solving Molecular Analysis of Cancer
Open Source Networking Solving Molecular Analysis of Cancer
 
Building Business on Top of Open Source
Building Business on Top of Open SourceBuilding Business on Top of Open Source
Building Business on Top of Open Source
 
Harmonizing of Open Source Networking
Harmonizing of Open Source NetworkingHarmonizing of Open Source Networking
Harmonizing of Open Source Networking
 
Five Trends Enabled by 5G that will Change Networking Forever
Five Trends Enabled by 5G that will Change Networking ForeverFive Trends Enabled by 5G that will Change Networking Forever
Five Trends Enabled by 5G that will Change Networking Forever
 
Container Networking
Container NetworkingContainer Networking
Container Networking
 
Networking Challenges for the Next Decade
Networking Challenges for the Next DecadeNetworking Challenges for the Next Decade
Networking Challenges for the Next Decade
 
A Centrally Orchestrated SD-WAN Building a Green Ecosystem
A Centrally Orchestrated SD-WAN Building a Green EcosystemA Centrally Orchestrated SD-WAN Building a Green Ecosystem
A Centrally Orchestrated SD-WAN Building a Green Ecosystem
 
SDN-Based Enterprise Connectivity Service
SDN-Based Enterprise Connectivity ServiceSDN-Based Enterprise Connectivity Service
SDN-Based Enterprise Connectivity Service
 
Open and Disaggregated Transport SDN - from PoC to Field Trial
Open and Disaggregated Transport SDN - from PoC to Field TrialOpen and Disaggregated Transport SDN - from PoC to Field Trial
Open and Disaggregated Transport SDN - from PoC to Field Trial
 
Disaggregated Networking - The Drivers, the Software & The High Availability
Disaggregated Networking - The Drivers, the Software & The High AvailabilityDisaggregated Networking - The Drivers, the Software & The High Availability
Disaggregated Networking - The Drivers, the Software & The High Availability
 
IoT in Action: Architecting, Securing, & Scaling Applications
IoT in Action: Architecting, Securing, & Scaling ApplicationsIoT in Action: Architecting, Securing, & Scaling Applications
IoT in Action: Architecting, Securing, & Scaling Applications
 
Open Source Approach to Design and Deployment of Microservices-based VNF
Open Source Approach to Design and Deployment of Microservices-based VNFOpen Source Approach to Design and Deployment of Microservices-based VNF
Open Source Approach to Design and Deployment of Microservices-based VNF
 
Container Service Chaining
Container Service ChainingContainer Service Chaining
Container Service Chaining
 
OpenStack: Networking Roadmap, Collaboration and Contribution
OpenStack: Networking Roadmap, Collaboration and ContributionOpenStack: Networking Roadmap, Collaboration and Contribution
OpenStack: Networking Roadmap, Collaboration and Contribution
 
Arachne: How does Uber check the health of its Network Infrastructure every 1...
Arachne: How does Uber check the health of its Network Infrastructure every 1...Arachne: How does Uber check the health of its Network Infrastructure every 1...
Arachne: How does Uber check the health of its Network Infrastructure every 1...
 

Recently uploaded

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 

Recently uploaded (20)

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 

Troubleshooting for Intent-based Networking

  • 1. Troubleshooting for Intent-based Networking Joon-Myung Kang and Mario A. Sánchez Hewlett Packard Labs Open Networking Summit 2017
  • 2. Intent-based Networking Policy Graph Abstraction and Demo Troubleshooting and Demo QnA 2
  • 3. Software-Defined Networking Application Plane (SDN Apps) Control Plane (OpenDaylight, ONOS, etc.) Infrastructure (Data) Plane (Cloud/IT/SDN/NFV) Open APIs Program Languages Abstraction SDN Northbound Interfaces Infrastructure Control Interfaces Vendor specific Low-level specifics Manual operations … 3
  • 4. Software-Defined Networking Application Plane (SDN Apps) Control Plane (OpenDaylight, ONOS, etc.) Infrastructure (Data) Plane (Cloud/IT/SDN/NFV) Open APIs Program Languages Abstraction SDN Northbound Interfaces Infrastructure Control Interfaces Vendor specific Low-level specifics Manual operations … 4
  • 5. Intent-based Networking Application Plane (SDN Apps) Control Plane (OpenDaylight, ONOS, etc.) Infrastructure (Data) Plane (Cloud/IT/SDN/NFV) INTENT North Bound Interface Infrastructure Control Interfaces − Application Plane says “What” (doesn’t care how) − Control Plane reasons “How” (doesn’t care why) Intent − “what”, not “how” (non-prescriptive) − Is portable − Is universal − Is compose-able − Is invariant − Is scale-able Source: Dave Lenrow, “Intent As The Common Interface to Network Resources,” Intent Based Network Summit 2015 ONF Boulder: Intent NBI Intent “I want my headache to stop” Prescription “Give me two aspirins” 5
  • 6. Intent-based Networking Examples WEB/Gold/Working Hour No connect/Wireless Configure new guest WiFi 6
  • 7. Intent-based Networking Examples WEB/Gold/Working Hour No connect/Wireless INVISIBLE Configure new guest WiFi 7
  • 8. Intent-based Networking Open Source Efforts – ONF Open Source SDN Boulder – Define Intent North Bound Interface (NBI) – http://opensourcesdn.org/projects/project-boulder-intent-northbound-interface-nbi/ – https://community.opensourcesdn.org/wg/IntentNBI/dashboard – OpenDaylight NIC – Network Intent Composition – Manage and direct network services and network resources based on the given “Intent” – https://wiki.opendaylight.org/view/Network_Intent_Composition:Main – ONOS Intent Framework – Allows applications to specify their network control desires in form of policy rather than mechanism (Intent) – https://wiki.onosproject.org/display/ONOS/Intent+Framework ONF Intent NBI – Definition and Principles, Draft Version 6, Sep. 2016 https://wiki.opendaylight.org/view/Network_Intent_Composition:Graph 8
  • 9. Policy Graph Abstraction (PGA) PGA overview Troubleshooting for Intent-based Networking 9
  • 10. PGA is Real Public resources ACM SIGCOMM 2015 London, UK Research Paper and Demo Running System and Open Source Contributions OpenStack Summit 2015, 2016 OpenDaylight Summit 2015, 2016 10
  • 11. Policy Management in Practice 11
  • 12. Policy Graph Abstraction (PGA) Mktg&Cmp-B &Normal Engg&Cmp-A &Normal HTTP Web& Cloud DNS DB& Cloud Remedy Service Engg&Cmp-A &Qn Mktg&Cam-B &Qn Ping,SSH HTTP monitor SQL, monitor sync, monitor monitor DNS DNS * * BC BC BCLBFW BCLBFW DPIDPI BC BC graph composition Quarantined Remedy Service Policy sources Graph abstraction Unified, conflict-free policy graph Deploy 12
  • 13. PGA Example − Label namespace across cloud services and network, capturing overlap vs. disjoint relations between labels 13 CPU Utilization > 90% <= 90%
  • 14. PGA Example − Label namespace across cloud services and network, capturing overlap vs. disjoint relations between labels − 4 individual input policies (a) Departments admin Engg. Mktg Ping,SSH Cloud monitor Quarantined Remedy Service * (b) Application admin (d) Cloud operator(c) SDN app: HPE Net Protector Campus Cloud * * HTTP Empl Web SQL sync DBLB Normal DNS DNS (a) Enterprise IT admin DPI FW BC BC Cmp-AMktg Empl App Web CampusDB Net Protector Status Normal Qn Tenant Location Engg: Campus-A Mktg: Campus-B Application: Cloud Empl: Net protector Engg Label Namespace Label Mappings disjoint Cloud Cmp-B 14
  • 15. PGA Example − 4 individual input policies − Label namespace across cloud services and network, capturing overlap vs. disjoint relations between labels − Proactive, automatic composition − Scalable algorithm: 13 mins to compose 20K ACL + service chain policies (a) Departments admin Engg. Mktg Ping,SSH Cloud monitor Quarantined Remedy Service * (b) Application admin (d) Cloud operator(c) SDN app: HPE Net Protector Campus Cloud * * HTTP Empl Web SQL sync DBLB Normal DNS DNS (a) Enterprise IT admin DPI FW BC BC Mktg&Cmp-B &Normal Engg&Cmp-A &Normal HTTP Web& Cloud DNS DB& Cloud Remedy Service Engg&Cmp-A &Qn Mktg&Cam-B &Qn Ping,SSH HTTP monitor SQL, monitor sync, monitor monitor DNS DNS * * BC BC BCLBFW BCLBFW DPIDPI BC BC compose Cmp-AMktg Empl App Web CampusDB Net Protector Status Normal Qn Tenant Location Engg: Campus-A Mktg: Campus-B Application: Cloud Empl: Net protector Engg Label Namespace Label Mappings disjoint Cloud Cmp-B 15
  • 16. PGA Current status PGA implementation and impact − PGA model, composition, deployment, and tool to convert ACL policy configuration to PGA intent specification − PGA prototype for OpenStack (Juno ~ Newton) − PGA Intent APIs and graph compiler contributed to ODL/NIC Beryllium release − Troubleshooting for intent based policy management − Conflict detection − Composition correctness verification − Intent addition/modification/deletion 16
  • 20. Network debugging/troubleshooting a difficult task Picture sources: http://simplearchitectures.blogspot.com/2013/08/addressing-data-center-complexity.html http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Data_Center/ServerFarmSec_2- 1/ServSecDC/8_NIDS.html WEB NO CONNECT Picture source: http://www.ntstn.com/category/troubleshooting/network- troubleshooting Policy Network ping traceroute tcpdump SNMP sflow
  • 21. Systematic troubleshooting –Know intent of the operator –Check network behavior against operator intent Intent-based networking –Policy is a first-class citizen –Intent explicitly expressed at policy layer –Forwarding semantics explicitly defined –Code compiles policy description into lower-level configuration Difficult to achieve in legacy networks Opportunity to rethink network debugging
  • 22. Intent-based Networking Application Plane (SDN Apps) Controller Plane (OpenDaylight, ONOS, etc.) Infrastructure (Data) Plane (Cloud/IT/SDN/NFV) INTENT North Bound Interface Infrastructure Control Interfaces – Control Apps – Specify routing/access control policies – Logical view – Simplified/abstract representation of network – Physical view – One-to-one correspondence with the physical network – Controller’s job to configure the network devices (OpenFlow)
  • 23. Intent-based Networking Application Plane (SDN Apps) Controller Plane (OpenDaylight, ONOS, etc.) Infrastructure (Data) Plane (Cloud/IT/SDN/NFV) INTENT North Bound Interface Infrastructure Control Interfaces – Control Apps – Specify routing/access control policies – Logical view – Simplified/abstract representation of network – Physical view – One-to-one correspondence with the physical network – Controller’s job to configure the network devices (OpenFlow) • Each layer performs one piece of translation process • Every layer should correctly map to every other layer • Most errors in SDN are mistranslations between layers
  • 24. Checking network behavior against intent –Early debugging tools for OpenFlow-enabled networks –Ndb, OFRewind, NetSight, netwatch, netshark, nprof… –Easier to discover the source of network problems [Faulty device firmware, inconsistent flow rules, faulty routing…] –Testing and verification complement network troubleshooting and debugging [Loop freedom, black holes, performance of OpenFlow switches…] Too low level!
  • 25. Knowing the operator’s intent Does the Actual Network Behavior Match the Policy? –If NO… Match the symptoms to responsible system component –If YES… The policy itself is the problem, a human must resolve the discrepancy –If unwanted behavior persists & all state layers are equivalent: –The configured policy must not match the operator’s intent
  • 26. Troubleshooting System Composed graph User/App1 User/App2 User/Appn User Intents Input graphs Infrastructure Controllers PGA Results Metadata GUI Query Query Examples – Reachability/Connectivity checking – Can A talk to B? – Security vulnerability or Risk assessment – Addition/removal/edition correctnessTroubleshooting System
  • 27. Troubleshooting Examples Reachability –Can A talk to B? –What EPG do nodes belong to? –Is there an edge connecting both EPGs? –What security groups should be checked? –What middleboxes should be checked?
  • 28. Troubleshooting example Troubleshooting network connectivity (reachability) (a) Departments admin Engg. Mktg Ping,SSH Cloud monitor Quarantined Remedy Service * (b) Application admin (d) Cloud operator(c) SDN app: HP Net Protector Campus Cloud * * HTTP Empl Web SQL sync DBLB Normal DNS DNS (a) Enterprise IT admin DPI FW BC BC Mktg&Cmp-B &Normal Engg&Cmp-A &Normal HTTP Web& Cloud DNS DB& Cloud Remedy Service Engg&Cmp-A &Qn Mktg&Cam-B &Qn Ping,SSH HTTP monitor SQL, monitor sync, monitor monitor DNS DNS * * BC BC BCLBFW BCLBFW DPIDPI BC BC compose Cmp- A Status Tenant Empl App Mktg Web DB Campus Cloud Net Protector Normal Qn Location Engg: Campus-A Mktg: Campus-B Application: Cloud Empl: Net protector Cmp- B Eng g Label Namespace Label Mappings disjoint web Engg client HR site
  • 29. Troubleshooting example Intent addition/modification/removal (a) Departments admin Engg. Mktg Ping,SSH Cloud monitor Quarantined Remedy Service * (b) Application admin (d) Cloud operator(c) SDN app: HP Net Protector Campus Cloud * * HTTP Empl Web SQL sync DBLB Normal DNS DNS (a) Enterprise IT admin DPI FW BC BC Mktg&Cmp-B &Normal Engg&Cmp-A &Normal HTTP Web& Cloud DNS DB& Cloud Remedy Service Engg&Cmp-A &Qn Mktg&Cam-B &Qn Ping,SSH HTTP monitor SQL, monitor sync, monitor monitor DNS DNS * * BC BC BCLBFW BCLBFW DPIDPI BC BC Cmp- A Status Tenant Empl App Mktg Web DB Campus Cloud Net Protector Normal Qn Location Engg: Campus-A Mktg: Campus-B Application: Cloud Empl: Net protector Cmp- B Eng g Label Namespace Label Mappings disjoint compare 29
  • 30. Troubleshooting example Risk Assessment Indicator may be composed using different data points: e.g. # of compromised hops; # of network functions traversed, etc. What if a host from “Web&Cloud” is compromised? What EPGs might be able to reach host ‘x’ (through intermediate host compromise)?
  • 31. Troubleshooting Demo Marketing Employee Campus Admin 10.10.20.1 Connectivity Problem Intent edition Remote desktop connection
  • 33. Summary –Intent-based Networking is beneficial to simplify network control & management 33
  • 34. Summary –Intent-based Networking is beneficial to simplify network control & management –Policy Graph Abstraction (PGA) is one of the well-defined intent-based management framework and we presented possible troubleshooting examples 34
  • 35. Summary –Intent-based Networking is beneficial to simplify network control & management –Policy Graph Abstraction (PGA) is one of the well-defined intent-based management framework and we presented possible troubleshooting examples –Intent-level troubleshooting can help to easily do troubleshooting network problems 35
  • 36. Summary –Intent-based Networking is beneficial to simplify network control & management –Policy Graph Abstraction (PGA) is one of the well-defined intent-based management framework and we presented possible troubleshooting examples –Intent-level troubleshooting can help to easily identify network problems –What’s next – More More More practical experiences from network operators/administrators/developers… 36