We made networks work. Now let’s make them work well.

Created by Ratul | December 12, 2018

A few decades ago, car odometers were designed to roll over to zero after 99,999 miles because it was rare for cars to last that long. But today cars come with a warranty for 100,000 miles because it is rare for cars to not last that long. This massive reliability improvement has come about despite the significantly higher complexity of modern cars. Cars have followed the arc of many engineering artifacts, where human ingenuity brought them to their initial working form and then robust engineering techniques made them work well.

The computer hardware and software domains have also invested heavily in robust engineering techniques to improve reliability. One domain where reliability improvements have lagged is computer networking, where outages and security breaches that disrupt millions of users and critical services are all too common. While there are many underlying causes for these incidents, studies have consistently shown that the vast majority are caused by errors in the configuration of network devices. Yet engineers continue to manually reason about the correctness of network configurations. While the original Internet was an academic curiosity, today’s networks are too critical for businesses and society, and also too complex—they span the globe and connect billions of endpoints—-for their correctness to be left (solely) to human reasoning.

Network Engineers: Time to Restock your Tool Chest

Created by Dan | October 23, 2018

When you compare software and network engineering trends at a high level, the contrast is striking. Application development has become remarkably agile, robust and responsive, while the networks that carry those apps have not. They continue to be slow to evolve and prone to error. The difference is tools.

Software engineers have leveraged a suite of tools to rapidly respond to changing business needs, accelerate development and improve reliability. Network engineers need to follow suit. The tools they need are now available.

We are excited to announce the release of pybatfish, an open-source Python SDK for Batfish. Batfish is an open-source, multi-vendor network validation framework that enables network engineers, architects and operators to proactively test and validate network design and configuration. It is being used in some of the world’s largest networks to prevent deployment of incorrect configurations that can lead to outages or security breaches.

Batfish simulates the network behavior and builds a model just from device configurations, thus predicting how the network will forward packets and how it will react to failures. This capability of building the model from the just the device configurations enables Batfish to evaluate network changes and guarantee correctness proactively, without requiring configuration changes to be first pushed to the network.

Automation without validation: Risky operation

Created by Ratul | June 14, 2018

If you run a large, complex network, you have either already heavily invested in automating key management tasks or are about to. Network automation is a great way to reduce human errors and accomplish those tasks with consistency and speed.

But network automation is not without risks. One risk is bugs in automation logic itself, which occur because handling the diversity of network vendors and devices effectively is hard. Another risk is humans providing incorrect inputs to automation. One senior network engineer recounted to us an incident that drives this point home. His team had automated data center network expansion. A script automatically populated most of the configuration for new devices, but it needed humans to fill in details such as the AS number. Inevitably, one of the many times that the script was used to provision a new device, the engineer fat-fingered the AS number. That disrupted many key services for an hour.


The growing scale and complexity of today’s networks has outpaced network engineers’ ability to reason about their correct operation. As a consequence, misconfigurations that lead to downtime and security breaches have become all too common.

Network-wide specification languages help bridge the abstraction gap between the intended high-level policies of a network and its low-level configuration. A compiler automatically generates the corresponding low-level configurations. This approach is analogous to the trend in software engineering over the last several decades, which has led to ever-higher levels of abstraction and has been a huge boon for the software industry:  Imagine writing today's complex software in machine code!

In this post we will discuss the various attempts in industry and academia to define a higher level specification language for networks, while diving deeper in Propane; an intra- and inter-domain routing policy framework.

The inherent complexity in today's networks means humans are simply incapable of reasoning about its correctness. Yet network engineers are asked to do so on a daily basis. It is no surprise then that we consistently see headlines such as “Comcast Suffers Outage Due to Significant Level 3 BGP Route Leak” or “Google accidentally broke Japan's Internet”. Fortunately, recent advances in network validation, specifically control plane validation, can provide strong guarantees on the correctness of network configuration and completely prevent such errors.

Using network validation tools like Batfish, network engineers can make configuration changes without taking down the Internet, making headlines like those above a thing of the past.

The New Network Engineering Workflow – Formal Validation

Created by Samir | September 12, 2017

At Future:NET 2017, our CEO Ratul Mahajan gave the keynote presentation about how we can help network engineers and operators make their networks highly agile, reliable, and secure by adapting proven approaches employed by hardware and software engineers. In his keynote, Ratul introduced the concept of the new network engineering workflow inspired by capabilities used by hardware and software engineers.

Intentionet © 2018