Stopping Network Outages Before They Start
How do you detect buggy network configuration changes? My guess is that you use post-deployment checks and monitoring systems. And you should! But if that’s the only thing you’re doing, then you are unnecessarily risking network outages, breaches, and more. Those tools help you cure incidents after they occur, but they do nothing to prevent…
Read MoreIncrementally automating your network
Network automation can significantly benefit your organization. Gartner found that automating 70% of the network changes reduces outages by 50% and speeds service delivery by 50%. But achieving these results is elusive for most organizations—-they never get to the point where a substantial fraction of changes are successfully automated. A key hurdle is creating a…
Read MoreThe networking test pyramid
An automated test suite is the key to continuous integration (CI), the DevOps practice of rapidly integrating changes into mainline. The test suite is run on every change to check that individual modules and the full system continue to behave as expected as developers add new features or modify existing ones. A high-quality test suite…
Read MoreClosing the loop on testing network changes
Test automation is key to minimizing the chances of change-induced network outages. This article describes “closed-loop test automation” that makes the change process highly resilient and catches problems as early as possible, by testing changes both before and after deployment.
Read MoreAutomating the long pole of network changes
When it comes to automating network changes, most network engineers want to start with automatic config generation and deployment. It just feels like that is the heart of the challenge, and it certainly feels like a fun thing to do. But assume for a moment that you’ve automated config generation and deployment. Have you now…
Read MoreTest drive network change MOPs without a lab
Imagine that you could predict and test the full impact of every single change to the network. Imagine also being able to do this within minutes, for the production network itself (not a small-scale replica), and without having to set up and maintain a test lab. Will this capability enable you to reduce the risk…
Read MoreNetwork test automation: Rock, Paper, Scissors, Lizard, or Fish?
When building a network automation pipeline, one of the most important questions to consider is: How do you test network changes to prove that they will work as intended and won’t cause an outage or open a security hole? In a world without automation, this burden falls on network engineers and approval boards. But in…
Read MoreDon’t be afraid of (network) change
Companies large and small crave agile, resilient networks. They crave infrastructure that adapts rapidly to business needs without outages or security breaches. But changing the network is a risky proposition today, be it adding a firewall rule or provisioning a new rack. 50-80% of network outages are caused by bad network configuration changes. This high…
Read MoreValidating the validator
Batfish provides a unique power to its users: validate network configurations before pushing them to the network. Its analysis is production-scale—unlike with emulation, you don’t need to build a trimmed version of your network. It is also comprehensive—considers all traffic, not just a few flows. These abilities help network engineers proactively fix errors that are…
Read MoreLesson from a network outage: Networks need automated reasoning
In the afternoon of October 23, within a few minutes of each other, two friends sent me a link to the recently-released “June 15, 2020 T-Mobile Network Outage Report” by the Public Safety and Homeland Security Bureau (PSHB) of the FCC. Given what Intentionet does, the report sounded interesting and I started reading it immediately….
Read MoreThree ways to break a network (and one to save it)
When people mention network configuration bugs, the first thing that comes to your mind is likely typos–or if you prefer technical terms, “fat fingers”. Of course, if you are an experienced network engineer, you know there is more to config bugs than keyboard gremlins. At Intentionet, we work on a network validation engine called Batfish…
Read MorePre-deployment validation of BGP route policies
A common culprit behind some of the biggest outages in the Internet is misconfigured BGP route policies. For example: BGP Leak Causing Internet Outages in Japan and Beyond How a Tiny Error Shut Off the Internet for Parts of the US Telia engineer error to blame for massive net outage Such outages typically occur…
Read MoreA practical approach to building a network CI/CD pipeline
Continuous integration and continuous deployment (CI/CD) is the practice of automatically packaging, testing, and deploying code, generally in small increments. This modern DevOps practice has made software development agile and reliable, and it holds the same promise for networking as more environments transition to the infrastructure-as-code (IaC) model. In this post, we’ll outline a practical…
Read MoreNetwork-model-based security: A new approach that blends the advantages of other leading methods
Effective network security is largely based on a central challenge: making sure that only authorized communication among security principals (users, systems, or groups) is allowed. But meeting this challenge has gotten harder as security methods grow more granular and complex. As organizations deploy microsegmentation and move from coarser methods like subnet-level security to finer-grained controls…
Read MoreCome and get your free Batfish Enterprise Cloud View trial for AWS
As your company moves applications from on-premises datacenters to the cloud, your network toolchain can become a bottleneck. Simply visualizing your cloud infrastructure can be a challenge. And forget about using traceroute as a mechanism to see where packets are being dropped when machines in the cloud can’t talk to each other. With our…
Read MoreNetwork as code: From hype to substance
Last week, Arista and Cumulus hosted webinars on building CI/CD pipelines for the network (see Arista Webinar, Cumulus Webinar). Both webinars communicated a vision that included generating configuration (changes) automatically, pre-deployment validation, and automated deployment, followed by post-deployment validation. I found these webinars exciting for two reasons. The first was the emphasis they placed on…
Read MoreAnnouncing Ansible modules for Batfish
We are excited to announce Ansible modules for Batfish. Now, network engineers can invoke the power of Batfish within Ansible-based automation workflows. Network automation is like a car with a powerful engine— it may get you places quickly, but does not guarantee that you’ll get there safely. Safe driving requires advanced collision prevention systems. Similarly,…
Read MoreAnnouncing AI-ML
We are proud to announce Batfish AI-ML®, our latest product. Batfish AI-ML, or Automatic Intent Mind Link, is the industry’s first and only automatic intent extraction solution. It works seamlessly across all networks, be they data centers, enterprise campuses, service provider networks, or hybrid and multi-cloud deployments. Why Batfish AI-ML? Network engineers have told us repeatedly that the…
Read MoreDesigning a Network Validation Pipeline
The networking industry is on an exciting journey of automating tasks that engineers have historically done manually, such as deploying configuration changes to devices and reasoning about the correctness of those changes before and after deployment. These capabilities can tame the complexity of modern networks and make them more agile, reliable, and secure. Success on…
Read MoreThe what, when, and how of network validation
When historically tasked with configuring and managing a computer network, engineers have been forced to do almost everything manually: generate device configurations (and changes to them), commit them to the network, and check that the network behaves as expected afterward. These tasks are not only laborious but also anxiety-inducing, since a single mistake can bring…
Read MoreWe made networks work. Now let’s make them work well.
A few decades ago, car odometers were designed to roll over to zero after 99,999 miles because it was rare for cars to last that long. But today cars come with a warranty for 100,000 miles because it is rare for cars to not last that long. This massive reliability improvement has come about despite…
Read MoreNetwork Engineers: Time to Restock your Tool Chest
At Future: Net 2017, our CEO Ratul Mahajan introduced a new network engineering workflow. Designed to evaluate the operation of ever more complex and scaled networks, this workflow aims to eliminate misconfigurations that can lead to a downward spiral of outages, security breaches, and other failures; and to make networks less of a long pole…
Read MorePlug the hole in your network automation — validate changes before you deploy
We are excited to announce the release of pybatfish, an open-source Python SDK for Batfish. Batfish is an open-source, multi-vendor network validation framework that enables network engineers, architects and operators to proactively test and validate network design and configuration. It is being used in some of the world’s largest networks to prevent deployment of incorrect configurations…
Read MoreAutomation without validation: Risky operation
To err is human; to really foul things up requires a computer. — BILL VAUGHAN If you run a large, complex network, you have either already heavily invested in automating key management tasks or are about to. Network automation is a great way to reduce human errors and accomplish those tasks with consistency and speed….
Read MoreIntent specification languages – simplifying network configuration
The growing scale and complexity of today’s networks have outpaced network engineers’ ability to reason about their correct operation. As a consequence, misconfigurations that lead to downtime and security breaches have become all too common. In his keynote presentation at Future: NET 2017, Ratul Mahajan, the CEO of Intentionet, introduced a new network engineering workflow…
Read MoreDon’t accidentally break the Internet like Level 3 (or Google, Telia, Telekom Malaysia, …)
How to safely make network configuration changes On Monday, Nov 6th, 2017, Level 3 Communications (now part of CenturyLink) made national headlines when a configuration error resulted in a massive outage for many users in the USA. The impacted users were customers of several large ISPs, including Comcast. It took 90 minutes for Level 3…
Read MoreThe New Network Engineering Workflow – Formal Validation
At Future:NET 2017, hosted by VMWare in Las Vegas on August 30th and 31st, our CEO Ratul Mahajan gave the keynote presentation. Ratul spoke at length about how we can help network engineers and operators make their networks highly agile, reliable, and secure by adapting proven approaches employed by hardware and software engineers. Ratul observed that…
Read More