Announcing AI-ML

Created by Ratul | April 1, 2019

We are proud to announce Batfish AI-ML®, our latest product. Batfish AI-ML is the industry’s first and only automatic intent extraction solution. It works seamlessly across all networks, be they data centers, enterprise campuses, service provider networks, or hybrid and multi-cloud deployments.

Designing a Network Validation Pipeline

Created by Ari | March 15, 2019

Successfully automating networks requires effective pipelines for network automation as well as validation. Network automation augments the mechanical aspects of engineering tasks such as generating and pushing device configuration, and network validation augments the analytical tasks such as predicting the impact of configuration changes and reasoning about their correctness. Automation and validation go hand-in-hand because automation without validation is risky.

This blog discusses how to design effective network validation pipelines by judiciously combining available approaches.

The what, when, and how of network validation

Created by Samir | January 16, 2019

There is a huge emphasis in the networking community around automation and validation. Network automation builds on the work done for server automation. The solutions are more mature and and the terminology describing the solutions and tasks are well defined. Terms like “idempotent,” “task-based,” “state-based,” “agentless,” etc. are well understood.

Network validation, however, does not have a nuanced vocabulary. The general term “network validation” gets used to refer to a number of disparate activities, and specific terms get used by different engineers to mean different things. This lack of nuance hinders the communication and collaboration required to advance network validation technology. That, in turn, harms the adoption of network automation. It is too risky to use automation without effective validation; a single typo can bring down the entire network within seconds.

In this post, we outline different dimensions of network validation and hope to start a conversation about developing a precise vocabulary. We will discuss the what, when and how of network validation.

We made networks work. Now let’s make them work well.

Created by Ratul | December 12, 2018

A few decades ago, car odometers were designed to roll over to zero after 99,999 miles because it was rare for cars to last that long. But today cars come with a warranty for 100,000 miles because it is rare for cars to not last that long. This massive reliability improvement has come about despite the significantly higher complexity of modern cars. Cars have followed the arc of many engineering artifacts, where human ingenuity brought them to their initial working form and then robust engineering techniques made them work well.

The computer hardware and software domains have also invested heavily in robust engineering techniques to improve reliability. One domain where reliability improvements have lagged is computer networking, where outages and security breaches that disrupt millions of users and critical services are all too common. While there are many underlying causes for these incidents, studies have consistently shown that the vast majority are caused by errors in the configuration of network devices. Yet engineers continue to manually reason about the correctness of network configurations. While the original Internet was an academic curiosity, today’s networks are too critical for businesses and society, and also too complex—they span the globe and connect billions of endpoints—-for their correctness to be left (solely) to human reasoning.

Network Engineers: Time to Restock your Tool Chest

Created by Dan | October 23, 2018

When you compare software and network engineering trends at a high level, the contrast is striking. Application development has become remarkably agile, robust and responsive, while the networks that carry those apps have not. They continue to be slow to evolve and prone to error. The difference is tools.

Software engineers have leveraged a suite of tools to rapidly respond to changing business needs, accelerate development and improve reliability. Network engineers need to follow suit. The tools they need are now available.

We are excited to announce the release of pybatfish, an open-source Python SDK for Batfish. Batfish is an open-source, multi-vendor network validation framework that enables network engineers, architects and operators to proactively test and validate network design and configuration. It is being used in some of the world’s largest networks to prevent deployment of incorrect configurations that can lead to outages or security breaches.

Batfish simulates the network behavior and builds a model just from device configurations, thus predicting how the network will forward packets and how it will react to failures. This capability of building the model from the just the device configurations enables Batfish to evaluate network changes and guarantee correctness proactively, without requiring configuration changes to be first pushed to the network.

Automation without validation: Risky operation

Created by Ratul | June 14, 2018

If you run a large, complex network, you have either already heavily invested in automating key management tasks or are about to. Network automation is a great way to reduce human errors and accomplish those tasks with consistency and speed.

But network automation is not without risks. One risk is bugs in automation logic itself, which occur because handling the diversity of network vendors and devices effectively is hard. Another risk is humans providing incorrect inputs to automation. One senior network engineer recounted to us an incident that drives this point home. His team had automated data center network expansion. A script automatically populated most of the configuration for new devices, but it needed humans to fill in details such as the AS number. Inevitably, one of the many times that the script was used to provision a new device, the engineer fat-fingered the AS number. That disrupted many key services for an hour.


The growing scale and complexity of today’s networks has outpaced network engineers’ ability to reason about their correct operation. As a consequence, misconfigurations that lead to downtime and security breaches have become all too common.

Network-wide specification languages help bridge the abstraction gap between the intended high-level policies of a network and its low-level configuration. A compiler automatically generates the corresponding low-level configurations. This approach is analogous to the trend in software engineering over the last several decades, which has led to ever-higher levels of abstraction and has been a huge boon for the software industry:  Imagine writing today's complex software in machine code!

In this post we will discuss the various attempts in industry and academia to define a higher level specification language for networks, while diving deeper in Propane; an intra- and inter-domain routing policy framework.

The inherent complexity in today's networks means humans are simply incapable of reasoning about its correctness. Yet network engineers are asked to do so on a daily basis. It is no surprise then that we consistently see headlines such as “Comcast Suffers Outage Due to Significant Level 3 BGP Route Leak” or “Google accidentally broke Japan's Internet”. Fortunately, recent advances in network validation, specifically control plane validation, can provide strong guarantees on the correctness of network configuration and completely prevent such errors.

Using network validation tools like Batfish, network engineers can make configuration changes without taking down the Internet, making headlines like those above a thing of the past.

The New Network Engineering Workflow – Formal Validation

Created by Samir | September 12, 2017

At Future:NET 2017, our CEO Ratul Mahajan gave the keynote presentation about how we can help network engineers and operators make their networks highly agile, reliable, and secure by adapting proven approaches employed by hardware and software engineers. In his keynote, Ratul introduced the concept of the new network engineering workflow inspired by capabilities used by hardware and software engineers.

Intentionet © 2019