Blogs

Packet Pushers Webinar: Anuta ATOM for Network Automation

Packet Pushers Webinar Replay: Analytics and Closed-Loop Automation with Anuta ATOM

Anuta ATOM is a multi-domain network automation and analytics solution for rapid service provisioning, real-time visibility and compliance. As part of Packet Pushers Virtual Design Clinic, Anuta Networks team demonstrated the ATOM solution for building smart, predictable, and responsive networks with Low-Code Automation, Model-Driven Telemetry, and Closed-Loop Assurance.

Download Slides here.

Learn More about ATOM

Transcript:

Introduction

[Kiran] Hello Everyone. I’m Kiran Sirupa, director of marketing with Anuta Networks. Today, I am supported by Dilip Krishna. Hi Dilip, please say hi to the team. Everyone Dilip here, and we also have Praveen Vengalam who will be our expert commentator, he will answer most of the questions as well.

So let’s get started. We have a very packed agenda as Ethan mentioned. what we will do is we will provide an introduction to Anuta networks. As you may not be so familiar with our product and we will discuss some of the features of Anuta ATOM product and then we’ll go into some case studies.Things where customers have seen the ROI. And then, Dilip will walk you through the demo the presentation should take roughly 20 minutes please ask your questions, you can submit in the q&a panel and then we’ll pick up the relevant questions.

Challenges for Network Automation and Analytics

Let’s get started. We all know the networking is complex and it’s getting very complex with trends, such as 5G, IoT and edge computing networking is going to be even more critical. But when you look at the network automation landscape, the operators have a daunting challenge. They have to have expertise in config management, compliance enforcement, software upgrades. They need to have expertise in designing the policy and troubleshooting. And all the while they have a lot of constraints, they have to reduce the OPEX, they have to deal with multi vendor infrastructure. There is a lot of brownfield deployment and there are a lot of existing scripts that needs the care and feeding. And not to forget that there is a trend towards hybrid multi cloud. So the management is always looking at standardization and automation. When you look at the tools that are available. As you can see, there are many tools. There are tools for documentation. There are tools for provisioning, there are tools for Analytics. And there are tools for remediation. But what is happening is your information is stuck in islands of Databases and there is no cohesive way to look at the entire infrastructure as one unit. There is an urgent need to have a comprehensive solution that delivers documentation, provisioning, analytics and of course troubleshooting.

Introduction to Anuta ATOM

So, let me introduce you Anuta ATOM, a comprehensive network automation solution. It is a software only solution, but it works with multi vendor infrastructure. It helps all the way from onboarding the new devices, configuring the various Day-Zero policies on those devices, it helps with software image upgrades and it introduces the self service capability. So from a simple GUI you can push configurations to hundreds of devices. It also collects analytics Using either streaming telemetry or traditional SNMP and using the concept of closed loop automation. It helps achieve compliance for your infrastructure. We will go into more details of each and every Feature of the atom in that we highlight here.

What is Closed-Loop Automation?

[Ethan] So, Kiran, the closed-loop automation in the slide here as well as does that mean intent based networking. Sometimes those terms overlap.

[Kiran] yes Intent-Based is probably a superset of the closed loop automation. What we are doing is we are identifying the day to day operations, the run books, and the troubleshooting that happens in a day to day scenario. And we created a framework. So for example, let’s say you push a config on to the router to configure QoS policy. How can you guarantee that the same quality is currently available on that network. Of course, you issue a bunch of Show commands and we look at the output. And then you take some corrective action you push more commands to the device, right. So this sort of Activity, we are bringing automation to it. So the atom itself will go provision config, checks the statistics using analytics, and if it detects any deviation,, it goes and refines its policy and pushes the configuration back on to the devices. That’s the concept we are going towards. It’s true it is on the way to the intent-based networking. I like to think this is something you can use today for your existing brownfield deployments.

About Anuta Networks

So, I want to highlight that you know ATOM has been in production in large customers for a long time, we have been in business for more than eight years. And large enterprises, large service providers have deployed ATOM. I will go into a couple of case studies later as well. We have automated 45 DIFFERENT VENDOR equipment. Across multiple domains, including Data Center networks, branch networks, campus networks, MPLS and SD-WAN networks.

Low-Code Network Automation with Workflow

So let’s go into this various features of atom, the first feature I would like to introduce is the Low code automation with workflow. We understand defining a policy can be daunting. So we introduced a graphical designers using which you can drag and drop various decision logic modules onto a canvas. It’s almost similar to a Vizio diagram. We have many, out of the box workflows, but we understand it cannot match exactly what you have in your enterprise. So this workflow can be customized For example, you may say, okay, as part of executing this command. I want to open a ticket in the service now. And only when it’s approved, I will go issue the command. So you can mimic such kind of behavior into our graphical design.

See, this is very powerful. You can have a simple policy, such as pushing ACL rule to thousands of firewalls, or it could be a very complex policy like software image upgrade Which requires many pre-checks and post-checks, etc. And this workflow engine can also be triggered by the analytics module, so if the ATOM detects some deviation happening on the network, it will automatically trigger a workflow and the workflow, as I said, can execute either commands to the devices like CLI or NetConf commands or it can even call API’s or if the device supports a yang model, it will execute the yang model as well.

[Ethan] Workflow engine graphical user interface low code. I think that’s a big piece to focus on for a moment here. And you’re saying, I don’t have to be a programmer in order to automate because what you are giving me is a graphical tool that I can build Automation workflows with. Now I know we’re going to see this a little bit later on but but the big idea here is, with the UI I can create this workflow. That’s going to accomplish tasks for me on the network. Configuration task as the case may be, but it also will interact with other systems. I have is that the point you’re making.

[Kiran] Yes, that is correct. You want us to get IP address from let’s say, Infoblox IPAM. If you want us to, you know, you read the syslog notifications for a particular string. All of those things is the ecosystem, we are providing as part of the ATOM. We have an integration into 45 different vendors, they are not just the networking Devices, but also ITSM tools like service now. IPAM like infoblox and you will see later that it’s a very comprehensive list, Ethan.

[Drew] Hi Kiran. My question is around your ability to interact with devices to pull Configure information out of them or interact with them. Look like, I see across the bottom telnet, SSH. API and so on. So, these are the mechanisms you using to either pull information or push information to these devices.

[Kiran] Yeah. And that is correct Drew. we are on the management plane, we are not in the data plane. So that means we can issue show commands, we can read SNMP statistics and subscribe To any other you know API calls from these devices. So that’s the low-code automation. This is where you define the policy.

Configuration and Compliance Management

Now once you define the policy and the atom pushes the configuration of the devices, we need to ensure the policy stays intact. This is where the compliance feature comes up. See The ATOM is constantly reconciling the policy with the device configuration when someone goes in manually edit the configuration, ATOM can detect it and say that device is now out of compliance. We also have service level compliance feature. For example, let’s say you deleted VIP, but you forgot to delete the ACL on the firewall rules, ATOM can detect it and say, hey, this service is now out of compliance and we can also automate some of the day to day tasks. For example, let’s say you want to change the SNMP community string. You can do that or you want to query the infrastructure and say show me all the devices where VLAN 500 is configured or You can say do not allow any weak passwords on any of my vendor devices, whether it’s a Cisco router, Juniper firewall or F5 load balancer. You can enforce password complexity across multi vendor infrastructure. Like that, there are many use cases where our customers have taken advantage of these compliance.

[Drew] And so as a customer, I have to essentially build or configure these policies into your system.

[Kiran] Yes. So we will show you in the demo as well. The auto reconciliation feature comes by default, you don’t have to configure anything. If someone manually changes, it will automatically detect it. But, with these kind of rules where you want weak password or no SNMPv2, those things you will have to configure into Our system. But it is vendor neutral, So it is fairly easy.

[Ethan] You have here on the bottom left 45 vendors. I’ve seen some folks make the claim that oh, we support all these vendors and what they mean is they support. All the different languages of iOS within the Cisco world. So it’s kind of like, you know, they’re stretching it a little bit. How do you mean 45 plus vendors.

[Kiran] Yeah, and So, it is actually like Cisco is one vendor and inside that vendor, You could have. IOS-XR, catalyst switches or you can have API based like Firepower Or, you know, ACI. We have integration with multiple platforms, but it is considered as one vendor Cisco. So like that we have 45 different vendors. If you’re counting the platforms like IOS-XR separately. We have 150 plus platforms.

[Ethan] You mentioned, I can set a standard for how I want NTP to behave and I don’t have to be code specific, so you’re abstracting like the command details away from me.

[Kiran] That is correct. Once a device is on-boarded into our system, a router looks the same, whether it’s a Juniper router or a Cisco router or you know Fortinet firewall, it doesn’t matter, all of the devices. They look the same. So your policy will be at abstract level. Okay, so I’m really building policies and workflows and I don’t have to think too much about CLI stuff, unless I unless I want to Yeah, like I said earlier, the workflow is there. So you can actually issue CLI commands if you really want to as well. So we try to avoid it, but at the same time, we have the flexibility to issue commands to the devices.

Support for Hybrid Multi-Cloud

[Ethan] And I just noticed it says multi cloud there you’ve got GCP AWS Azure listed. What does that mean, this is this is network provisioning, if I have workloads deployed in the cloud too?

[Kiran] Yeah. So for example, we can configure the back end connectivity between your on prem VPN device and the VPN in the AWS cloud. we can configure the interconnectivity the network plumbing between your data center and the public cloud. In short future, we can also automate workloads inside the cloud, such as configuring the load balancer or set up a Virtual Palo Alto firewall in your AWS. We will be able to bring in the life cycle management of that virtual firewall.So that way, You configure the firewall policy once. It will push to the firewall on prem, but it will also push the policy to the Palo Alto firewall in the public cloud as well. I also want to highlight that ATOM is built based on Kubernetes and Docker containers, so it can be deployed in public cloud as well so you can have an instance of ATOM in AWS Cloud, Google cloud, or Azure.

[Ethan] If I’m not running Kubernetes or Docker myself in my environment. Do I have to be concerned about that?

[Kiran] No, We have a packaged Kubernetes in the product with a simple one click for installation. First it will install Kubernetes and then the ATOM docker will be installed inside that Kubernetes, so you don’t really need to know what Kubernetes is or how to install it. I am just highlighting that as the trend towards multi-cloud is coming up, ATOM is built with microservices from the ground up.

Telemetry and Real-Time Analytics

So, the third benefit after we provision, the service. We’re constantly collecting the data from the infrastructure. It could be your traditional SNMP data or the modern streaming telemetry. ATOM can collect all this data. So it can be SNMP collector, Streaming Telemetry collector. It can subscribe to syslog messages, but if you want us, it can also read through any existing syslogs servers like the Splunk, For example. It can be a NetFlow collector as well.
And it consolidates all of these data and publishes them to Kafka topics. So if you have any external application so they can read this summarized information and everything is stored in a time series database. We support Prometheus database, Influx Database. Or if you have a specific time series database, we can work with that as well. And we package the Grafana as part of our products. So you can build various custom dashboards reports. You can also create threshold based email alerts. Etc. So, ATOM has a really modern software stack when it comes to Telemetry. We will share one case study where one of the financial services provider was able to achieve the full streaming Telemetry in their network.

[Ethan] Okay, we got to park right here for sure. Um, so I get that about software stack. Let’s stay Away from that. Now you’re talking about being me being able to collect a whole lot of telemetry Kind of the the umbrella term these days for collecting data from a lot of different resources and bring it all into Anuta ATOM and having It do things, basically all the normal things I would have like an NMS doing for me. Does this mean I could get rid of my existing NMS. If I wanted.

[Kiran] Yes, potentially, if you are using mainly SNMP, and you don’t have any specific vendor features that that you are using then Yeah, that is the vision where Atom can replace some of those traditional monitoring.

[Ethan] So it will be an SNMP poller. For me, it can go out and pull out SNMP stats.

[Kiran] Yeah. That is correct. You can actually define, which MIBs you want us to collect and how frequently, and then how long you want us to retain this data, you will see that in the demo as well.

[Ethan] The Syslog data. So I can send my Syslogs to Anuta ATOM and it is Happening. How sad that this Syslog is so such a wide ranging topic. There’s so many different message formats out there, how well can ATOM parse out the various Syslog I might send it?

[Praveen] Syslogs, there is a bit of a gray area, as you mentioned Ethan. And so that’s one of the area where we will need to write some decoders or regular expressions to parse the data so that we can map it to the right Attributes so that we can do the post processing like the alert generation on the syslog but rest the scenarios where there is telemetry or like SNMP, SNMP traps where there is a schema or more of a model driven approach. And we don’t need to do any heavy lifting there. But for syslogs, there is a bit of work involved.

[Ethan] Okay, good. Good can be done, you can write parsers. If I wanted something custom that that could happen. Yeah.And then flow data also interesting, a lot of that standardized, but you can get into some, you know, like with IPFIX records, you know, strange metadata coming through. Is this another case of We could make it do whatever we wanted it to do to parse out those flow records.

[Praveen] Yeah, it will be, it will be fairly similar approach. Netflow and sFlow are the two things that we are still working on. So that is something that will go digging in some of our subsequent conversations.

Model-Driven Telemetry

[Ethan] Right model driven telemetry. I’m sorry, I’m asking all of these, it’s just they’re all actually really top of mind here for me. When we talk about Yang models and moving towards a standardized way that our data is presented.And sent up, it can sit there and just listen to telemetry that’s being streamed off of network devices, Atom, can, can receive those streams of parse that info.

[Praveen] That is true. That is true. And there are a couple of mechanisms there. One is the compact payload and the other is more like a JSON payload.But in this scenario, the data is so well described, backed by a schema, so we can consume the data we can put that into our storage.And we can do some like post storage analytics or you can do it real time by connecting to a Kafka directory so yeah it all is facilitated by that more modern Declarative way of sending the streaming data on the device out to the collectors side.

[Ethan] Moving up to the, the second row there we’ve got microsecond granularity.And Praveen, you were just talking about being able to parse that data that real time telemetry that’s coming in. Is that what we’re getting at with microsecond granularity. Are we talking about just your time stamping of events. What are we getting at?

[Praveen] So there’s, a couple of things there, Ethan. So one is the how frequently the device is streaming the data. So that’s more of frequency. It could be near real time. Or maybe not. Not close to near real time, right. So that is where the frequency comes in. And then other is the timestamp itself, as you indicated, what is the timestamp used when we are putting the data into the data store. And depending on the underlying technology, it might be milliseconds. It might be microseconds. And that’s where we have the flexibility to kind of Honor the actual timestamp, that the device is generating the data so that we don’t lose any precision of the data. frequency and precision, both are important for the telemetry.

[Ethan] Top there we’ve got Grafana as a way I can display data. do I have access to that Grafana, that is I can build my own whatever customer data representations whatever I am looking for.

[Praveen] Yeah. You have an API and apart from the API, You can also plug into the Kafka. And the Kafka itself could be the Kafka that we provide along the product or it can be customers own Kafka, and say similarly Grafana can be the one that’s packaged with Atom,or it can be your own Grafana. So we provide API access, Ethan.

Alerting & Reporting

[Ethan] And then I think it is my last question for this side but alerting. So I, I assume that means I can hook from Atom, if you probably have your own alerting, but I could also hook into whatever other systems, I might be running and pass alerts into those other systems as well.

[Praveen] That’s correct. So that’s, when you connect to the Kafka, and you collect the data, and then you write your own post processing application, you put the data back onto Kafka you publish an SNMP trap or some other mechanism like a NETCONF notification also will do so as since ATOM already has the mechanism to consume different sorts of southbound protocols, so we can pretty much like integrate in multiple ways, Ethan.

Closed-Loop Automation

[Kiran] Now that we spoke about telemetry and how atom is collecting all the data, it gives you a powerful framework and we call this concept closed loop automation. Let me explain with an example. You can define the baseline for your infrastructure. Let’s say you don’t expect more than couple of flaps.For every BGP neighbor. Now Atom can look at all the sensors and the data coming from them. So for example, if it’s flapping once every one hour, you can create an alert or a slack notification. But if it’s flapping excessively like, more than four times in every 10 minutes, you can have ATOM execute a workflow or execute a playbook that shuts down the neighbor. Granted, we are not ready for such an automatic remediation. So we integrate with systems like ServiceNow. So it can preview all the remediation steps and only when the operator is happy he can actually approve it, and the ATOM will go push the configuration to the devices. So, we can bring this automatic remediation to the current Networks.

[Ethan] This is an important point. It’s not just configuration and state of network enforcement. You can also react to what is happening on the network and make a change to the network based on what like you gave this example of a neighbor flap neighbors flapping. I want to change what the state of the network is as a result.

[Kiran] Right. So, we are rules based and so you can have different levels of actions based on deviation happening on the same metric.

[Ethan] For those of us that are afraid and at the thought of something automatically based on a set of rules, causing a change in the network is there. A testing method or something. For this we can kind of see what would happen if we lit up the rules?

[Praveen] so whatever we’re doing in this is would’ve gone through a proper DevOps process where we would have been tested and then we would have deployed into production.And even in those scenarios. So it really depends on the comfort level you have with your procedures or MOPs that you have defined And if at all there is any room where you want to be doubly sure, Right. So what we can do is, before we change the we can apply the change, we can actually submit a trouble ticket into Like a favorite ITSM tool. Somebody can come in and see what’s, what is the action that we’re going to take and then we can go and apply the change. But in a data center environment and we are really looking at a very dynamic remediation process. Or we could possibly do the change. And that’s where your trust in the data comes into picture. As long as the data is real time and The MOP is thoroughly tested, it will just depends on the confidence you have in the data and then the rules, you’re doing. But we do have scenarios where yeah I mean to make sure I mean, an admin or operator is kept in the process. We can add an approval cycle.

[Drew] For this closed loop component of it. So after Reviewed whatever changes have been proposed to them personally but like the changes.Does Anuta then go back and double check again to make sure, yes. The changes actually went through when the problem is fixed.

[Praveen] So that’s where the workflow aspect comes in. So, the fact that The fact that we have done a change. Again, syntactically, the device might have accepted that configuration, but is the behavior. As expected, could itself be a step in the closed loop automation. We because we’re going to be observing some other kind of data now possibly Can you see that things are okay so that’s what is going to help us to clear the state of something has been broken. We fixed it. And then we can go back and clear. To clear, What is the condition that we have to check. But all of those can be as part of the alert definition and we can take care of that.

45 Supported Vendors

[Kiran] So, Now I’ll quickly wrap up the presentations, so we can spend more time on the demo here. I mentioned 45 vendors right you can see the list here. We support all the leading vendors switches, routers, firewalls, VPN devices, web proxies, load balancers, SDN controllers, even IP address managers, ServiceNow kind of ITSM tools. Yes. and we have integration with SDN controllers, SD-WAN controllers and this list continues to grow as part of the base package it self. And if a particular vendor is missing, You can add support for it within few weeks, we are using the IETF Yang models, which is a fairly extensible standards. So any customers or partners can also modify these device packages.

Case Study – Cloud DDoS Mitigation at Neustar

[Kiran] So let me quickly walk you through a couple of customer deployments were atom has delivered the ROI. The first customer that I would like to talk about is Neustar. They are a global DNS provider, but they also have a service called site protect That provides cloud based DDOS mitigation service. So when neustar’s enterprise customers are under DDOS attack. All the traffic is redirected to neustar’s cloud. So, on demand neustar has to provision, an end to end circuit. So they have to