Summary
Cisco Digital Network Architecture describes the requirements and operations of a network infrastructure of an enterprise at a functional or abstract level. Cisco DNA achieves this abstract description by dividing the requirements of the enterprise network into several functions and design principles. It does not describe how to use or implement that network architecture.
Intent-Based Networking (IBN) describes, using a powerful methodology, how a campus network can be built and operated using Cisco DNA as network architecture. IBN is based on the premise that every endpoint that connects to the network consumes a predefined set of services (that include access, connectivity, security policies, and other network functions). In essence, every endpoint has a specific intent (or purpose) when connecting to the network, and each intent is defined as a set of services to be delivered to that endpoint.
This set of intents (that are deployed on the network) are defined dynamically based on which endpoints are connected to the network. As soon as an intent is not required anymore, its configuration is removed automatically from the network infrastructure.
Although IBN itself is not based on Cisco Digital Network Architecture, its description and methodology are so similar to Cisco DNA that you can state it is a perspective of Cisco DNA. IBN describes how a network based on Cisco DNA can be configured and operated by the network operations team. Figure 5-5 describes the systematic approach IBN describes in providing intents to the network (by defining Intents as repetitive pieces of configuration).
)
FIGURE 5-5 IBN Systematic Approach to the Network
Figure 5-5 is similar to Cisco DNA, and IBN is based on six steps in a continuous loop:
Request intent; business or network operations request a specific intent.
Request steps; the intent is translated into a set of configuration changes to be executed.
Execution of configuration changes; network configuration changes are executed via automation.
Network-driven feedback; the network infrastructure provides feedback on its operation.
Validation & metrics; the analytics component validates the received network-driven feedback with the requested intents to validate that the requested intents are operating as requested and designed.
Intent-Based feedback; business-outcome based values are used to report on the status of the requested intent and its operation.
Two Designs
Two network designs are available to implement IBN:
Cisco Software Defined Access (SDA) is based on Cisco DNA and is the most complete technology that can enable IBN on the campus network, but Cisco SDA does have specific requirements on the network infrastructure devices (and Cisco DNA Center).
Classic VLANs with VRF-Lite can be used, with limitations, as an alternative to SDA for those organizations that are not (yet) able to meet the requirements of SDA.
IBN itself, and therefore both designs, relies on three key requirements on the campus network to be successful:
Policy-centric network: The campus network is not configured port-by-port but uses a policy-centric identity server so that based on the identity of the endpoint the specific network policies (and thus the intents) can be pushed to the appropriate network infrastructure device.
Microsegmentation: Microsegmentation is used within IBN to allow for more granular security policies than those based solely on IP addresses.
Feedback from network: IBN relies heavily on the feedback that network infrastructure devices provide back to the analytics component; it is used to validate whether the requested intents are operating as designed and requested.
In conclusion, IBN is a perspective on Cisco Digital Network Architecture, and it describes a powerful methodology of how a Cisco DNA-based network infrastructure can be operated and managed. IBN can be used to provide the network operations team with the tools and methods to cope with the exponential growth of devices connecting to the campus network.