Artificial Intelligence for Intent Based Networking

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] hello welcome everybody welcome to the inaugural find yourself on the Future program launching for the very first time across the US and Canada this series of live broadcasts Tech Talks connects academies and their students as well as the general public directly with Cisco experts focused on the newest technology trends as part of this program in the future we will conduct virtual career fairs connecting soon-to-be graduates of our Cisco Networking Academy courses with our ecosystem of partner companies who are looking to hire qualified individuals to join their tech force it's an exciting time to have a career in networking intent-based networking can dramatically improve performance agility security and reliability of the network combine that with the awesome artificial intelligence we hear so much about and we see significant improvements to the network which often appears somewhat magical to keep you up to date with these new technologies Cisco Networking Academy offers its new CCNA courses designed for participants who are seeking associate level jobs in IT the three core series provides an integrated and comprehensive coverage of networking topics including IP routing and switching fundamentals network security and services which are critical and network program ability and automation while also providing learners with extensive opportunities for critical hands-on practice and career skills to kick-start your exciting career in networking enroll today by finding the Academy near you that offers CCNA courses we have placed the QR code on the screen and the URL link in the chat window so take a look at that in the interest of time we will take any questions you have today for our guest speaker directly after his session before the end of the hour thanks and let's get started I would like to welcome our guest speaker John a pasta lopoliths Cisco's vice president and CTO for enterprise networks welcome John thanks for joining us today and we look forward to your talk Thank You Rebecca very much appreciate the invitation to share this very exciting topic with you and all our colleagues join in online so as mentioned I'm going to talk about artificial intelligence for intent-based networking and here's the outline of how I'm gonna use our time together first I wanted to give a little brief overview of what are some of the challenges that people face with network in a network applications this is kind of the motivation for why we need intent-based networking then I'll give a conceptual overview of what we mean by antenna basically what I mean by intent-based networking and then we'll talk about why do we need artificial intelligence or AI and what is AI then I'll look at for examples about how we can bring AI plus intent-based networking together to provide its significant improvements in the four areas you see right here intelligent automation intelligent assurance understanding what's on the network and detecting threats in encrypted traffic so with that let's begin and what I want to do to start is look back a little bit at what networks were once upon a time would say like 20 years ago and see how things have progressed maybe 20 years ago or so a network looks sort of like this you had a campus and branch you had a mainframe server that connected by a LAN and the network perimeter was pretty clear on the right hand side you see some conceptual views of what complexity was and security and the expectations the users had as well as the rate at which people want to make changes in the network and and back then all of these numbers were pretty low okay so this was relatively simple then an internet error we added the data center we people wanted to connect to the internet and to SAS services on the Internet and also on the left-hand side here you see that people started bringing in laptops home and want to connect to the campus branch via the VPN so things started to get more complicated now today we have massive advances in IOT and in multi cloud so for instance in the Campus Center branch on the left-hand side here you see a much wider diversity of devices tablets phones wearables various IOT devices like surveillance cameras and so forth also on the right hand side not only do you see the data center in the internet but you see the public cloud and a ever increasing amount of SAS services in between the two we have software-defined LAN to help connect them in a very efficient and cost-effective manner as well as the cloud edge so there's a lot happening on the with multi cloud on the right hand side and if we look back now at the left hand side we see some other things too some of these devices they actually even though they're on premise in the campus or branch they no longer connect view the campus of branch it would instead connect over cellular directly to the cloud ok so as you can see the perimeter has like completely disappeared now and by the way this is one of the reasons that cisco acquired duo about two and a half years ago to help the users with those mobile devices be able to securely access SAS services okay so this shows some of the complexity that we have today here's another view and in this view what I try to do is I try to show three classes of customer challenges and these three different classes correspond to these three columns so each one of the columns is a class of a challenge the top row describes the challenge and the the bottom row described how ibn and AI can help solve the challenge so let's look at these challenges the first one digital acceleration what happens here as you know really well is that everybody is using mobile everybody is using multi-cloud more and more IOT devices are coming online in essence there's a there's a huge number of new devices coming online continuously and what happens is that people who operate networks they don't know what these devices are and they don't know how to deal with them and how can interact with them one of the ways that intent-based network in an AI can help is it can help the network operator identify what is on the network and based on the network you can learn you can decide how you want to treat those devices okay the second big challenge is complexity as you know networks are complex and it's an example of this some studies have shown that companies spend about sixty billion dollars annually on network operations so why do they spend so much in network operations they spend so much because mostly operations are still manual and also because these operations often because they're done manually it takes a long time to make changes and we can make mistakes so it's also error-prone the way that ibn and I can help here is of course automation but we want more than automation we want to intelligent automation we want to figure out not just how to automate one of these network operations but we want to figure out how to automate it in a way that's that is optimized for example that could be multiple paths to the internet which is the path that provides the lowest latency also how do you automate things to support compliance and so forth another thing we want is we want we want to understand what's happening in the network and it's slowly possible to get data from across the network but we don't want a tsunami of data because we can't actually consume or understand a tsunami of data instead we want to take that data and from it we want to analyze it and identify the useful relevant insights and share those insights with people running the network so they can understand what's happening and decide to do and decide what to do next a13 area is assurance we want to know is a network behave in the way it should if yes awesome we're done it not why not what's the problem of how we can fix it we call that assurance and I'll talk more about that later in my talk the third set of challenges is insecurity as you know because they're more and more IOT devices get on the network the attack surface is dramatically increasing also we have very sophisticated hackers often backed by large organization sometimes backed by countries and its lead into more and more sophisticated attack so one of the ways intent-based networking and AI can help here is for faster detection of these threats and then faster remediation so what I'm gonna do later in my talk is I'll give you an example I'll give you two examples of how we address complexity especially in improving automation and assurance I'll also give you an example in the first column of identifying what's on the network it'll also be an example of the third column of how we identify threats in the network in particular malware and encrypted traffic so we'll give examples of all of all these classes of challenges so now let's look at a conceptual view of intent-based networking let me describe the motivation here as many of you know if you are going to roll out a new service let's say a new video conferencing service or something like that you would probably want to go and change the QoS settings throughout the network crawl supported and as you know that's really complicated very detail-oriented and can take a huge amount of time one of our aspirational goals was the following what if we could just state what we intend to do and have a network figure out the rest that is we we state we want to have bring on this new video conferencing application and then network figure out how to apply the QoS Rothen throughout the network to get the job done this is our aspirational goal okay now this is a journey we don't have this yet though we've made major inroads toward this goal and we're going to continue to work toward this let me describe this a little bit more detail here's my conceptual overview of intent-based networking and basically five five key parts of this diagram at the bottom in gray is the physical and virtual infrastructure these are the wireless APs and the switches and the routers and the servers and storage and so forth at the top these are we have the people who are trying to do something or machines we're trying to do something and they provide the intent the intent that is processed by these three different operations translation activation and assurance and let me give you a concrete example of what we mean by intent and what we mean by intent to the translation so here is an example of intent I have a telemedicine session at 10 a.m. with Monica okay that's a very easy to understand attack it's something that a human would describe now the goal of translation is to take that intent and translate it to what are the network and security policies that we want to turn on in the network to enable that intent so for example we want to create a high-definition video connection between the sender and the receiver we then want to prioritize it with end-to-end quality of service across all the elements in between the while the Wi-Fi wireless the campus which in the land so forth we want to keep the communication safe with authentication and encryption we want to validate the performance by that I mean during the session during the telemedicine session we want to track what is the performance and if everything's going great awesome if there any problem so we want to proactively identify that there's a problem figure out the root cause and try to solve it quickly so it doesn't affect the session if finally at the end we want to turn down the connection after the call so this is an example of it's of an intent a human express intent and how it gets translated to various network and security policies and as you can guess we can go into much more detail in terms of the network and security policies but this is just a relatively simple example so that's what the top green box does it does a translation from the intent to translate it to the network and security policies now the activation box there in blue what it does is it takes those networking security policies and it automates them on the network okay basically turns them on in the network it does more than just automation it tries to optimize those automations to figure out what is the right thing to do for instance you wanted first of all to implement the best practices second of all you want to if they're like like the example I gave before if the multiple paths we can take which is the path that will give the best performance of application for some applications they want to lower latency other applications may want really high bandwidth a third class of applications may want both so if we want to do is choose optimize and choose the right path for the right application so that's also part of the activation step here by the way the reason we call this activation instead of automation is that one of the things that does is automation but it is much more than that it also does this optimization I described in addition all three of these colored boxes here activation translation and assurance - all automated so if we call that automation you know it would be a little confusing so that's why we chose the term activation I hope that makes sense do you know now we don't just want to activate these services on the network we also want to check is the network behave in the way it should is this top telemedicine session between John and Monica is it operating with the desired quality of experience for all their users and that's the goal of the assurance box there well what happens is in insurance is we monitor what happens in the network the monitoring can come from the network elements from the network devices and the applications so forth and we see is that network operating as B as intended if yes awesome we show a grinning light to the operator if no we try to identify why not what is root cause as well as candidate solutions that root cause and we share that information with the operator who then can decide hey I see this problem I agree that this is the right way to solve it let's activate it so then activate in the network and then once again we can use this feedback loop to monitor the network see hey is the problem fixed if yes great if not what else do we need to do so hopefully now you got a quick understanding of what we mean by these three conceptual well these to be fun in this conceptual diagram of intent-based networking and I'll give you some more examples of it shortly many of you may want to know may want to deeper dive in terms of traditional networking and intent-based networking I co-wrote a white paper that's available that describe that gives a very detailed comparison what you can see at the bottom here is some of the terms you can do a search on the internet to find that black paper so I encourage you to look at it if you want to learn more and I also want to mention that we have built multiple systems to do intent-based networking the first one in the data center we built cisco ACI in the campus and branch we built Cisco DNA and an SD wet I'm sorry in the when we built Cisco STM software-defined Wham so each one of these architectures was optimized to do really well in the data center in the campus for the web and now one of our major efforts is to go across all of these and to provide an integrated intent base that can architecture across ok so now let me move on to artificial intelligence and say why do we care about our official intelligence here and what is AI the basic situation is that we we as humans we need help often if you think back to the Industrial Revolution where we got steam engines and cars and so forth what happened is the steam engines liberated us as humans from the limits of our physical capability you know our capability to move heavy things or to travel distances fast and so forth so the Industrial Revolution helped us in many ways now we're - we're at a different stage and for example in terms of networks our networks are often really really big and very complicated taking thousands of network elements or tens of thousands and maybe hundreds of thousands of clients there so the network is really complicated the apology's complicated things are changing all the time there's a huge amount of data no no human can be able to understand what and and react quickly enough and that's why we need more help so with the digital revolution that's occurring we're trying to leverage all these digital technologies to help us liberate us from the limits of our mental capabilities okay and the Khan in the context of networking what we're doing here is trying to leverage the huge and diverse amount of data we get from from the network apply artificial various forms of artificial intelligence to kind of summarize and see hey what is the really important piece of information we need to share with with the operators with the humans and then sure using rich visual human-computer interactions the human can very quickly understand what's happening and decide what to do next so once again AI is to is to try to help us overcome and some of the huge amount of complexities exists in networks so we can quickly understand what's happening and and figure out what to do next now let me briefly describe what artificial intelligence or AI is and I describe this because many of you I think have a reasonably good understanding but some of you may still be unsure so just try to put together these this simple description so artificial intelligence is a field of study to make computers have human-like intelligence when performing a task now usually this is for specific tasks the task could be something like speech recognition where the computer hears somebody speak in and translate that to text it could be for playing a game like chess or or playing a computer game like like for example a la space invaders there's some recent advances in that as many of you may know so that's that's essentially what AI is now the three very importance of the many subfields of AI but the three that are especially important for us and I've listed them here in green the first is natural language processing and often referred to as NLP and this gives the computers the ability to interact with humans via speech recognition and natural language understanding and be able to understand what humans are talking about of what humans are trying to are trying to do okay second key area is machine learning or ml this gives computers the ability to learn from data without actually being programmed for example many of you are familiar that recently deep learning has made major advances in identifying cats and videos okay well how can you it's really hard to program a computer to figure out what what a cat looks like in a video but machine learning is an automated way such as you give it tons of examples with with cats labeled in the examples the computer can figure out itself how to be able to identify cats in this case in essence what happens is with machine learning the computer has the ability to identify patterns which which is very hard for human to actually describe or which may be hard for human to even notice the third key area is machine reasoning and this includes organizing domain-specific knowledge bases by domain-specific think about this as wireless or switching or router or security these are domain-specific areas and in each of these areas organize different information about it such as facts a relationship between the facts and rules and so forth and manipulation of this knowledge to try to answer questions a machine where machine reason you can think about as kind of like the evolution of expert systems from the 80s and 90s back then we had to put what's called expert systems which we use knowledge from humans from human experts to try to figure out various problems here machine reasoning has had twenty years additional improvements including semantic understanding and various sort of other CS developments which making machine reason and much more much more practical today and I'll describe some concrete examples of where we use each of these three types of AI shortly okay so here's our picture of intent-based not working where does AI come into play here it actually comes into play in all three of these conceptual building blocks translation activation and assurance for translation it could come into play in terms of this in terms of recognizing the human speech and translate it to text and then understanding what the text actually means that is what is a human trying to do it comes into play in the activation as part of the optimization we have many paths for instance to selecting internet which is the best path to select okay and then how can I do that efficiently it also comes into play and assurance for assurance you want to identify hey is there a problem in the network turns out machine learning is very good for identifying problems and it can detect it probably even before human often would be able to detect that a problems occur so so machine learning is very useful for assurance try to detect problems and once we detected a problem we can use machine reasoning to identify what is the root cause of the problem and how we fix it so AI comes into play in all three of these functional building blocks and another thing I want to point out is that we have this feedback loop here and this feedback loop is immensely powerful many of you may know from your from your classes that feedback is incredibly powerful well this feedback is something that we didn't have before with Sdn you basically had automation - - the infrastructure so it's more than feed for a path but we didn't really have a low latency feedback path the feedback is immensely powerful and the AI and feedback complement each other and amplify the benefits of each other for example let's say we have a problem in the feedback path with assurance we can identify what the problem and the root cause we can then activate it in the network and then we can check to see is the network operating the way it should if yes great if not how can we what other changes we do to fix it so feedback loop really helps us amplify the value of the work being done and helps us converge much quicker to work in efforts okay let me now talk about four examples of how AI and intent-based networking can help provide significant improvements I'll talk about intelligent automation then intelligent assurance then understanding what's on the network and finally how can we detect threats in encrypted traffic so let's begin with intelligent automation so let me let me motivate this with a use case I think most of you Figment familiar with augmented reality and maybe if many of you have used augmented reality to play games and so forth well if augmented reality what happens is you've seen the natural world but you are placing some additional information in top of that visual field you augment in the real world with some additional information relevant to the task at hand this could be for education this could be for playing games this can be for understanding how the network works or how to do an operation for instance well one of the areas that people want to do for a long time is interactive multi-user of method reality now by Interactive multi-user augmented reality what we mean is that the multiple people doing a are at the same time in an interactive manner that is playing the same game or trying to design a project together or being involved in a complicated task together and for these things to be successful what you need is all of the individuals to see the exact same thing at the exact same time everything has to be synchronized under displays either the handheld display they are displays or their glasses or head mounted displays well my guess is that very few of you have ever done this before with the interactive multi-user AR at least not for a challenging task and the reason that you haven't is because we can't synchronize these various ARR systems the reason we can't synchronize it is we can't get the wireless to work in using prior technologies to two thousand synchronized well now as some advances it with Wi-Fi six as well as with AI four Ibn maybe we can solve this problem so let me talk to you about what's happening with Wi-Fi sex as many of you may be aware Wi-Fi six is the newest Wi-Fi standard it's officially known as 802 11 ax what happens is because the prior standards were 11 B 11 G 11 a lemonade and 11 AC 11 ax it's hard for people to keep track of this alphabet soup so they decided okay we're just gonna have a simple numbering system Wi-Fi one two three four five six it's easier to remember right so that's why 802 nine eleven ax is now called Wi-Fi six and by the way this is available on iPhones and on Android phones already and and in chip in Cisco ATP's wife at six provides a number of benefits as you see here on the left hand side one of the things that provides as much higher data rates for instance it can use 1024 qualms so it can get up to nine point six gigabits per second for for an eight radio system now that's that's in theory and that's under an SFI layer so so don't really give too much attention to that number of nine point six gigabits in practice you have much less but still it's a really big number what we can achieve in practice it'll also increase your overall network capacity will be able to support much higher throughput to multiple devices in in the network that's where we've shown the second column in the third column what happens is we'll be able to reduce the latency and provide greater reliability this is because we're gonna have scheduling now at the at the AP both of the downlink and the uplink and this is very powerful in addition we'll have improved power efficiency for example the AP can tell the mobile device to turn off its radio for a while and then because it there's nothing to send to the mobile device and then the the mobile device can save on battery life okay well I want to talk about well as you can see there a variety of benefits from Wi-Fi six I want to talk about two of these which correspond to the second and the third column here so the first thing I want to talk about is how scheduling can allow us to provide much more deterministic services and let's look at what is the latency and what is the aggregate throughput we can get in these cases what you see on the left hand side is a graph where I describe latency on the vertical axis and the number of users on the horizontal axis and something that many of you may be familiar with is that for Wi-Fi because historically it's used a technique called listen before talk or carry a sense mobile axis what happened is then as a number of users for an AP increased usually the latency also increased and can increase dramatically and that's what you see by these red lines and these orange lines and so forth and that's very bad because if you have applications that want a low latency basically what this means is the application quality degrades as a number of users increase well what happens with Wi-Fi six because we can use centralized scheduling this the AP can decide who to transmit to next and it can ensure that it could delivers all the packets with low latency and it can achieve these light blue line at the very bottom so it can achieve much lower latency than prior versions of Wi-Fi this is really good especially for interactive applications now let's look at an aggregate throughput on the right hand side the aggregate throughput is the total bitrate delivered to all the eight to all the clients around a single ap okay so you may also be familiar that as a number of users increased for given ap because of this listen before hoc approach the variety of inefficiencies there and the aggregate throughput can fall significantly as a number of users increase you know that is as you go from ten users to twenty to thirty to fifty the total throughput you're delivering can fall which is very bad on the other hand I haven't it's deterministic scheduling we can ensure that the aggregate throughput stays high even as the number of users increases that's what you see with this light blue curve at the top as we increase from 10 to 20 to 40 users the aggregate bitrate delivered to all of the users for that single ap stays constant so what happens here as you can see is with this deterministic schedule and at the AP we can dramatically reduce latency and keep consistent throughput this allows y56 to also deliver service level agreements on on latency and throughput and this was something that was not possible before here's another advantage of Wi-Fi 6 on the Left I show prior versions of Wi-Fi which uses the technology called a final frequency division multiplexing OFDM ok and basically what happens there is that each time up at each time transmission opportunity as you see in the bottom the prior versions of Wi-Fi would use all the spectrum to transmit to a single user let's say to that the first time slots of the blue user the second time slot to the dark green and the third time slots the light green okay well as you can see here there's actually a lot of wasted spectrum because you didn't need to use all those frequencies to transmit maybe a little packet to the to the dark green user there so the improvement the Wi-Fi 6 has is something called orthogonal frequency-division multiple access there's an a at the end and I colored it green here on the right hand side and what this basically means is that at each transmission opportunity the AP can transmit to multiple clients at the same time so now in this case of the first transmission opportunity the AP can transmit to the light green and the light blue clients at the same time and the second transmission opportunity it can transmit to five clients at the same time and so forth so in this way with OFDM a can do a much better job at packing all of the transmissions in and to deliver to more clients in each time slot another way to view this off also is that the latency is now reduced because you can transmit to more clients sooner ok so this is a very valuable technique now what I showed you before with us with a schedule and is very valuable what I showed you here which is another form of scheduling with or FDMA is also really valuable so these ApS now have tools to do really complicated things but the question is how to in real time figure out what to do you have these tools but how do you figure out for all the devices that are talking to give an AP with the different applications that are running with the different packets and in each of the queues and stuff what is the right packet to transmit next turns out that's a complicated problem and it's actually coming a torrent problem and solving it in AP which is which you want to build at low cost this is challenging the good news is a lot of these techniques from AI especially for machine learning and related techniques can be used to dramatically help improve the optimization for all these scheduling problems I mentioned so they can help do the intelligent automation for Wi-Fi 6 and can help us potentially turn interactive multi-use AR into reality ok now let me talk about the second area intelligent assurance it's the goal of assurance is to make sure that the network's operate and the way it should that is provided really good performance now as many of you know when there's a problem it's often really hard to identify where the problem is and let me just illustrate why that's the case with this simple diagram here what you have here are for instance some clients all the way on the left hand side who want to talk with application on the server on the right hand side and these clients need to go for the Wi-Fi network then through the access point over the campus network maybe to the local wireless controller then over the LAN to the data center to the data center network and so forth edge of the server so the quite a few different steps it has to go through and actually the quite a few places the problem can occur so when when a problem doesn't curve figuring out where that problem actually cause can be quite challenging what we want to do with assurance is we want to figure out is there a problem if there is what is the problem where is the problem and of course how can I quickly fix the problem okay these are very natural questions right these are the natural things you do whenever you're faced to the problem then I describe it like this because this is the type of things we want to address in an automated way with the show's okay I'll talk about these next the one thing that happens is sometimes people may think oh it's easy to know when a problem occurs and I that may or may not be the case for example let's say it takes 200 milliseconds for me to get on board on the Wi-Fi network it's that good was that bad how do you know if that's a problem it's hard to tell for certain problems you find out because you get a trouble ticket or somebody's called up to complain well I would argue in those cases a problem occurred but it already has negatively impacted the productivity of somebody and rather than us finding out by them calling us and complaining it would be much better if we had proactively identified that there was a problem and proactively figured out how to solve it to solve it before they would have complained that is like that's the ideal situation that's what we'd like to go to ok let's look at how we can automatically detect if there's a problem with that and let me begin by describing the conventional way to detect a problem the conventional way to detect a problem is to look at various attributes of the system you know like the onboarding time for a client or wireless AP and to kind of figure out what is the normal range of operation for example there may be a parameter there onboarding time and there may be a min and a max and as long as the operations within those between the min and the max everything is good and if it's outside you say oh maybe a problem occurs ok this is this is trying to to meet the baseline with a normal operation of network such that if the network operates outside its baseline then identify problem well this approach has challenges in this example I gave with these min and the max thresholds um how do you know how to choose those and how do those vary as things in network vary or as for instance the number of people on the wireless network change it actually would be natural for the onboarding time to change if there if the ten people on the network worth or 500 people on the network right so choose the thresholds is one issue and other issues that every time we raise an alert that gets somebody's attention and if we have raised too many alerts and these alerts of false positives that is that there's an alert but it's actually not a problem then whoever receives the alerts gets very frustrated and if they get too many of these false positives they stop paying attention and then this whole system becomes useless so false a lot of false positives are really bad we want to identify when there's a problem but we don't want to have these false positives these false alerts so one of the things that we've invested quite a bit on with AI here is to do what we call more dynamic or customized baselines where we do a much more sophisticated approach as a machine learning to identify he is the network operate in a way it should or is their anomaly as a result of this we get much more relevant anomalies and many fewer false positives okay I show it here with this simple example let me give you some concrete numbers from a from a customer study here's a customer study with 11 customers over a three month period and for these 11 customers they had about 8,000 alerts during that three-month period where these alerts were found using common statistical models okay that's the big yellow orange circle over here now using some context of our baseline we're able to reduce it from you from 8,000 to 1192 and then using some more sophisticated technique the AI driven baselining we reduced it to 303 by the way these are all wireless issues and we can further SiC meant these wireless issues and seven of them were on board issues as you see on the bottom middle here and 296 Worth well all onboarding issues are bad because if there's a problem get it on the network then then that's really bad 296 of them were throughput issues and some of those throughput issues are really important and some are not as important so we also use the AI to prioritize which of the important throughput issues and we had 85 of those there so then as a result of all this work and when we started out with 8000 alerts we brought it down to 85 plus 7 or 92 prioritized real Ertz so the 98% reduction in the number of alerts which was shown to the network operator as you can guess they were thrilled by this because there are many fewer false positives and their Lords they saw were really relevant to what to help and improve the operation for customers okay so how does Cisco assurance work first of all we gather together data from throughout the network all kinds of rich data rich classes of data as you see here on the left hand side we then do complex event processing across this data correlations and so forth and then we try to identify insights insights from the clients perspective from the application perspective the network's perspective see which of those are the most important if we we try to detect if the problems if there is a problem we then try to identify root cause and then how can we fix the problem so we can guide the user to remediate it I'm not going into detail about this here we have a lot of material online for those who are interested the key thing I want to stress to you though is that assurance is a very new capability and they're huge opportunities here to apply machine machine learning to identify problems and the Machine reasoning to help diagnose what is the cause of that problem and this can lead to dramatic improvements for our our customer let me give you an example of this from a from university is pretty close to us here in San Jose California they had a Wi-Fi onboard an issue and my Wi-Fi onboard and we mean the people for the mobile device get an on the university's Wi-Fi network the problem they had was that some of the students were sometimes having a problem getting on the network and as you can get some of the students sometimes that's a really annoying situation because that's hard to debug fortunately they were having some of our wireless assurance technology and they turned it on and they gathered analyze the data and within five minutes they were able to detect that there was only a specific set of users of students that ever had a problem they only had a problem they connected to a specific set of ApS turns out that subset of ApS were connected to a specific wireless controller which was updated the night before in terms of software the software update was fine the certificate on the the wireless controller was fine but the certificates on the clients are out of date versus server and that caused the problem okay why did I show you all these different steps I mentioned all these different steps because a network and experts like you and me could take hours or days or sometimes even weeks figuring this out because it's often complicated going from the observed problem trying to figure out what the root causes in this case because the system was able to automatically gather all the data and perform a huge number of automatic checks and use machine learning tape techniques to define the patterns and so forth they were able to identify the issue within five minutes so this is an example of some of the huge benefits that wireless assurance can provide to help speed up troubleshooting and so forth some of these capabilities are connected as part of are now available as part of DNA AI network analytics this was announced at Cisco live last June for example the personalized baseline and was included here intelligent analysis to get insights about what's happening in the network and then root cause analysis followed by accelerated during mediation that is fix and the problems that flare costs okay now I'm going to talk about the next section understanding what's on the network what's on the network is a pretty fundamental problem but at first sometimes we don't realize how important it is I meant what's on the network I mean what devices sound enough quick what applications what users and so forth the reason this is important because once you know what's on the network then you can decide how you want to treat it you for example you can take some applications and need low latency and put them on a little latency path you can take other applications need high bandwidth put them on a high bandwidth path so forth it's also really important for security so for example maybe you have HR databases you probably only want the HR people to access those databases and you don't want anybody else to access those databases similarly the certain devices that you may only want certain people to access so not what's on the network really helps them as an example from a security perspective some of you may have heard of the nut petia virus this was a virus that started out in the Ukraine but affected companies throughout the world and this was one of the most destructive viruses and according to the US Department of Homeland Security it caused about 10 billion dollars of damage there's a very interesting article in Wired in August 22nd 2018 that describes what happened here but to summarize it what happened is that the malware was able once once it got a single computer in a company it was able to spread very easily laterally across a company and that's what caused all the trouble even the article describes the network segmentation would have been able to dramatically reduce the problem but to do network segmentation you do need to know what's on the network once you know what's on the network then you could do the segmentation very easily this is a nice example of some work done about three years ago actually by an academic groups cisco co-sponsored this effort and i like this because it really shows an example of how you can identify the different devices on the network that various columns here correspond to different iot devices for example amazon echoes Dropcam cameras various healthcare monitor is connected light bulbs and so forth the various rows correspond to different attributes of the network and what the authors here have done if they have classified the attributes intensity on a scale from one to five and color-coded it from purple to blue to orange to green and red and the reason I love this is if you look at each column you see a color pattern and that color pattern basically describes the fingerprint of that device now what's nice is as you look across all of these different call columns you can very easily see their color fingerprints are different and that's what allows us to identify these devices this is an example of applying machine learning to identify the different devices on a netbook so so let me talk a bit more about how machine learning is used here first what we want to do is you want to identify what devices and apps on the network once we know the devices we want to use intent-based network and to separate them into different network segments into different virtual networks then apply best practices to alkali this is the performance of each device each application and then also perform behavioral analytics to ensure that behave in the way that was expected for example that could be an anomaly which may mean the device is malfunctioning or it could have been compromised and a security attacks going to occur and I want to point out here that points 1 3 & 4 all of these are done with machine learning so as you can see machine learning helps a lot in significant ways to accomplish what I just described let me go quickly now to the fourth example of identifying malware in encrypted traffic and the prior example I I talked about identifying devices on network and I also mentioned the importance of security well we want to identify if there's malware going in the traffic on the network because it is malware we want to stop it okay the conventional way of doing it is the following if we've seen some malware before we make us as we find a fingerprint of that malware and we store it in a database and then if the if the traffic is unencrypted what we do is we have a box in the middle of the network as you see here shown in orange and as all the traffic goes through the Box we look at each packet to see if we see that fingerprint if we see that thing in print we stop it if we don't see that fingerprint we let it go so this is a simple way of identifying malware in unencrypted traffic now as you know the world's going to an encrypted traffic with end-to-end encryption that's really good it's really good for you I hope you use into an encryption it's good for your security it's good few privacy so forth the problem is the bad guys can also use encrypted traffic to hide the malware and the question is how do we identify malware in encrypted traffic the way that it's conventionally done here is that once again you have the Box in the middle of the network and you give it the keys to actually take the encrypted traffic and then first decrypt it then look for the fingerprints on the unencrypted traffic and then re encrypt it at the other end okay that's what's currently done today this is very bad it's very bad because they decrypt the traffic so it breaks your privacy also you send it around the keys which can lead to security issues the contents in plain text in the middle so it can be attacked and it's also very computationally intensive so this is really bad we'd prefer not to do this so that motivated us about five six years ago to examine the problem of can we identify malware in encrypted traffic without requiring decryption okay that is can't identify malware an encrypted traffic without decrypting the data that's why you see here I have a key at the bottom with with all with a red line through it so no keys no decryption turns out with this a with a careful use of machine learning we can solve this problem and we can do it a really elegant way some of my colleagues Dave McGrew and Blake Anderson have written some have developed this and they've written some really nice papers on it it's also available as cisco product called encrypted threat analytics for those interests that I highly recommend to to read up on it about online because it's a very very fascinating example of the use of machine learning to improve security so let me mention that in finishing here that's a very exciting time in networking intent-based networking can dramatically improve the performance the agility security and reliability and I showed how a i+ ibn can enable us to do really fascinating things you can help do automation much better than before and assurance and helping you know what's on the network as well as the technodroids for those of you who want to learn more information their variety of sources available on the on the web I'm not including the links here cuz the links are really long but included some information so that essentially if you do a search with your favorite search engine such as Google you'd be able to find it for example this white paper and ibn and if you just search for Cisco ibn PDF you'll be able to find it I have some vlogs directly on these topics of AI phibn there's an intent based networking website that has a huge amount of information we also have an AI for networking primer and we also have a twenty20 global network in trends report which has a huge amount of information about networking trends and use cases and so forth and as mentioned the network Academy has a variety of additional sources new CCNA things on intent-based networking and I have AI which incredibly valuable so thank you very much for for listening I'm happy to answer any questions thank you John for that fabulous presentation I the ability to determine threats and encrypted traffic I just I can't wrap my head around that that's fascinating so thank you for sharing that we will take some questions now we got a few questions in John so I'd like to share them with you one of the questions is how are software-defined networking and intent-based networking related how do those two things work together okay great maybe I'll go back to one of the slides here so I've gone back to my slide that shows a conceptual view of intent-based networking and you can see that the three conceptual building blocks there are translation activation and assurance well Sdn is really part of activation and it's the bottom half part it's the automation part so a human or somebody specifies what the what you're trying to accomplish and then it's automated in the network so it's just that feed-forward part from that blue part from the blue activation going downward to physical and virtual infrastructure a key part of intent-based networking is we have this feedback loop which includes the insurance so we're looking at what's happening the network we're monitoring we provide visibility we try to detect that the problems and if there's a problem we try to figure out how to solve it so the assurance is completely new the translation is new and the optimization part of activation is also a new thing so you can view the relationship between Sdn as AI and IBM as Sdn was originally focused on various forms of centralized automation and iBM is after decades more work we've taken that and extended it to have this with his system with the feedback that also does assurance translation and various forms of optimization oh that was a good answer thanks John I think that cleared it up another one that I think is pretty interesting is you hear a lot about zero trust so how does zero trust security fit in to this intent based networking model what's the intersection point of those two Oh excellent question excellent question so one of the things with zero trust is you want to verify first before giving access okay this is true for zero trust for the work force like us with our mobile devices and so forth device on network this is true for zero trust for the workplace and it's also true for zero trust for workloads in all these cases we want to verify first and then provide well what intent-based networking does it provides a lot of eyes and ears to really understand what's happening and help with the verification and then if a problem is identified it's able to very quickly react to that and remediate it for example maybe some malware gets on my device it wasn't there initially but it comes on to the device once the network realizes that it can quarantine my device like so the malware cannot spread to affect other devices on the network that's good so all the techniques that you've mentioned are really sort of a little army out there for us kind of helping build up the zero trust model kind of you know little robots in a way out there so here's a good question I think which is do you we've talked about AI ml do you have to be an expert at AI ml to apply them successfully to intent-based networking do I have to go off and get a PhD an AI ml to be able to actually implement intent-based networking oh that's an awesome question that's great thank you for asking um short answers know what you need to be expert in is whatever that primary domain you're working in for example a PP networking or wireless or computing or a router in or switching you want to be an expert in that and what happens is what all what we're doing with the AI is we're trying to make your job easier so instead of you having to go out and pull information from all these possible data sources throughout the network and then look through it yourself the whatever is your favorite word process or other way to to examine the log files and everything else and then identify what the problem is and go across all those steps we're trying to do that automatically for you and then be able to provide your information saying hey we think this is a problem this is the data we've seen that suggests that this is a problem based on that we believe this is a possible root causes and for each of these root causes these are some candidate solutions now you based on your network expertise your domain expertise you can look at this say hey does that make sense if it does make sense yeah based on data I do think that that's the right problem and yeah that's the right way to solve it then you can press GO to activate that and then it'll be activated in the network but so what you need is to have expertise in your domain so that if we provide you all the data in a summarised forum you can look at it you can see if it makes sense and you can choose what is the right course of action to do next because oftentimes there may be multiple candidate solutions especially in the complicated cases the mobile candidate solutions and your expertise will be key to figuring out which is the right one to do to do okay well John we've got a lot more questions you really stimulated a lot of interest out there but I think we only have time for one more so this is a tough one so here we go how do you see let me go back up to this one where does the AI itself sit or where is it located on the network how is it that it cannot be hacked or manipulated to infiltrate the same network that is helping us to monitor that's an awesome question thank you for asking that also two things here first of all this is like but this is like the top priority right because whenever you have a controller manage infrastructure like we have the attackers are going to try to go after the controller and go after other key elements to try to take over so one of the main things we focus on is ensuring security of that as you know scope as you may know Cisco is the leader in terms of build and trustworthy network systems where we build an extra eight chips we design our own Asics include extra capabilities there to prove the trustworthiness of the hardware then of the firmware then of the OS then of the application running on top so we have this route of trust and this chain here which we use to ensure the integrity of these devices so there's a lot of work done in the space I highly encourage you to look at trustworthy systems and look at some of the other efforts that Cisco does ensure that people cannot hack this because as you mentioned if somebody can't hack it that can be incredibly bad if they can they will thank you so much John we really appreciate you taking time out of your your schedule to talk us through this Ibn and answering these questions so thanks so much for your time and for all of you out there I think this has opened your eyes I hope to how exciting and all the changes are occurring in networking today right it's it's really an amazing time and so we're going to show you that QR code again we'd love to you to complete the survey we'd also like you to investigate some of our courses that John mentioned and we're not stopping with education folks on the next series here we're going to have a virtual career fair because that netacad we believe it's important not only to train the next generation of IT and network technology folks but also help you move into the career field because as we know there are a lot of openings out there and we need well-trained people so thanks so much for joining us today check out this QR code check out netacad check out the resources that John linked showed the links to because there's a lot to learn out there thanks so much and enjoy the rest of your day take care everybody and be well bye now [Music] okay so here we go I want to talk about real news we're gonna launch today [Music] you have made some pretty amazing things possible over the years we got WebEx we got teeth

Info

Channel: Cisco

Views: 5,748

Rating: 4.9581151 out of 5

Keywords: cisco systems, fyif, writ, event, global, live, ciscotv

Id: CFHHrxyntvs

Channel Id: undefined

Length: 60min 58sec (3658 seconds)

Published: Thu Jan 30 2020