Result Build a Self-Driving Network

SELF-DRIVING NETWORKS “LOOK, MA: NO HANDS”

Kireeti Kompella CTO, Engineering Juniper Networks

ITU FG Net2030 Geneva, Oct 2019

BUILD A FULLY AUTONOMOUS GROUND VEHICLE IMPACT • Programmers, not drivers • No cops, lawyers, witnesses GOAL • Quadruple highway capacity Drive a pre-defined 240km course in the Mojave Desert along freeway I-15 • Glitches, insurance? • Ethical Self-Driving Cars? PRIZE POSSIBILITIES $1 Million

RESULT 2004: Fail (best was less than 12km!) 2005: 5/23 completed it 2007: “URBAN CHALLENGE”

Drive a 96km urban course following traffic regulations & dealing with other cars 6 cars completed this

No steering wheel, no pedals— a completely autonomous car Not just an incremental improvement

This is a DISRUPTIVE change in automotive technology!

BUILD A SELF-DRIVING NETWORK IMPACT • New skill sets required GOAL • New focus • BGP/IGP policies  AI policy Self-Discover—Self-Configure—Self-Monitor—Self-Correct—Auto-Detect • Service config  service design Customers—Auto-Provision—Self-Diagnose—Self-Optimize—Self-Report • Reactive  proactive • Firewall rules  anomaly detection RESULT Free up people to work at a higher-level: new service design and “mash-ups” POSSIBILITIES Agile, even anticipatory service creation Fast, intelligent response to security breaches

CHALLENGE Build and operate a self-driving service network that greatly increases agility and vastly improves service quality by proactive maintenance Autonomously run the end-to-end life-cycle of a service Learn user behavior and anticipate changing user requirements

Intent

contextualize

Intent

1. Observe 2. Orient 3. Decide 4. Act

Intent

1. Observe 2. Orient 3. Decide Act: while braking, must stay within lane 4. Act Act: may decide to change lanes instead of (or even while) braking As subsystems interact, you get more complex and more capable systems

Simple example, but consider the following: 1. Streaming Telemetry from all network nodes 1. Need this for real- 2. Are SLAs being met? time operation! 2. SLAs getting more 3. Decide that Link L1 L1 is dropping traffic complex, critical 3. Decisions must 4. Recompute all paths address root that pass through Link L1 cause 4. Action must not violate other SLAs

© 2019 Juniper Networks 11 Juniper Public BREAKING THIS DOWN Architecture 1. Observe: build a robust 2. Orient: understand how data ingest engine the data fits together All kinds of data: stats, Needs deep knowledge of traps, syslogs, thresholds, …. implementation, debugging, and NOC expertise & experience expertise and experience 3. Decide: does the behavior 4. Act: return behavior to the match the intent? intent (via netconf, etc.) Needs deep knowledge of the Needs clear understanding of service, SLAs, deployment, consequences, careful sequencing expertise and experience of steps, expertise and experience

YOU SHOULD BE HERE  All processes with YOU closed loop  EDI automation ARE  Automatic service placement SELF-DRIVING HERE  Self Healing NETWORKS  Intelligent Peering OR  Health Monitoring ?  Capacity planning AUTONOMOUS HERE  Resource PROCESSES 5 monitoring  Enhanced security

?  Streaming telemetry ANALYTICS  Telemetry-based 4 insights  NETCONF/YANG  Visualization  Automation frameworks FINE GRAINED 3  API MONITORING  OpenConfig.  ZTP  Minimal human intervention AUTOMATED  Infrequent human  Intent based  CLI 2 NETWORKS intervention declaration  SNMP  Network decisions  Automated  Autonomous vs. MANUAL  Deeper insight powered by response to most automated  Visualization NETWORKS 1 analytics events  Fully Event driven

What does it take to put this in action?

Photo: SoftBank/ Photo: www.dotmed.com Photo: www.cio.com.au Photo: newyorker.com Aldebaran Robotics

The Three Laws of Robotics 1. Don’t hurt/kill humans 2. Obey a human’s orders Photo: erobots.in 3. Protect yourself

Search: one pixel attack Amazingly accurate in its domains

Limitations • Opaque & un-understandable — Explainable AI?

• Blind, goal-seeking — Ethical AI?

• No “common sense” — but will that change?

• Easy to fool — adversarial techniques

• Three-year-olds can do much better in most contexts Pragmatic approach: rule-based decision making

SDN goes beyond this Software

Hardware SDN is about control

Program for machine vision Machine Learning

look for feature X if this then that image else the other

look for feature Y label cat cat dog cat

custom feature definition; difficult to write; new image model prediction complex, fragile All you need is lots of labeled data

Self-driving cars have raised some trust issues Autonomous, closed loop • Why should I let it drive? operation absolutely requires: • How do I know it’s driving well? 1. Customization • What are its inner workings? 2. Feedback • My driving style is different 3. Man-machine cooperation 4. Building confidence 5. Tangible benefits

1. Give up control (but not all control) 2. ML is sexy, but may not be the place to start 3. Customization is crucial 4. Building trust is crucial

“Autonomous system”  transfer of control Closed loops + effective • from human to machine decision-making = self-driving • what does the machine use for control?

Partial autonomy can be dangerous Does this mean total • Who’s in charge? abdication of control? • Can the transfer of control be Fortunately, no done seamlessly?

In networking, partial autonomy (Stage 4) is indeed practical

Reap the benefits! ML does the Gain heavy lifting with built-in control confidence

Retain control Gradually replace rules by ML

Build a controlled rule-based infrastructure for autonomousparadox closed-loop operation

© 2019 Juniper Networks 24 Juniper Public ENABLING CONTROLLABLE AUTONOMOUS CLOSED LOOPS Intent Playbooks Machine 1 Define n Human GUI access Playbook Playbook Playbook Learning m Machine Programmatic access

rd 3 party 5 Visualize EMS Netconf Customize analytics apps REST API Python … API Server

Store 3rd party Notifications: slack, email, web hook,… 3 Rules provisioning Time series DB Engine 6 Notify Kafka publish 4 Analyze

Kafka pipeline Ingest layer Telemetry Net- SN CLI Sys Infra JTI OC conf log MP 7 Act 2 Collect

The same architecture can be The key is the playbook, written in a DSL used for various use cases: • Playbooks are the result of collaboration of • Device health engineers, support and network operators • Service health • Playbooks are in a github repo, and can be • Underlay management customized by each network operator • … (https://github.com/Juniper/healthbot-rules)

Things get really fun when playbooks interact This is where there is a • For example, a “gray failure” of a link can need for more control lead to remapping the underlay until the interactions are • Service (non-)health can be traced to an better understood unhealthy device, which can then be fixed

The goals of Self-Driving Networks are: Many OPS groups face loss of talent 1. Capture human expertise & experience 2. Reduce mundane work (and thus To free up time for innovation, for errors) paying down “technical debt”, etc. 3. Effectively utilize all possible data (telemetry, logs, …) Humans can’t possibly process all the data available, nor prioritize it well 4. Improve efficiency on all fronts 5. Move to predictive operations Better utilization of resources, (maintenance, service creation, …) dynamic shifting of workloads, …

This is the game-changer, but first, Human-Machine cooperation! the infrastructure must be built

As networks get bigger and more complex As the data plane evolves (densification, IoT) … to meet new needs (e.g., in-band telemetry) … As SLAs get tougher (e.g., latency  holographic) As control plane actions have … more serious consequences (e.g., remote surgery) …

Let’s bring new tools to bear on the problem of managing networks!

I’ve presented a new approach to managing networks, and a general architecture for controllable autonomous closed loops • The starting point is rule-based, maintaining control via playbooks • Playbooks capture and distill human expertise and experience • This approach builds confidence and trust • Closed loops can interact with each other, giving new use cases • Eventually, rules  ML, while retaining control and trust • Check out the playbooks on GitHub!