Making Sense of Data with Machine Reasoning

Samer Salam Principal Engineer, Cisco CHTIOT-1010 Cisco Spark

Questions? Use Cisco Spark to communicate with the speaker after the session

How 1. Find this session in the Cisco Live Mobile App 2. Click “Join the Discussion” 3. Install Spark or go directly to the space 4. Enter messages/questions in the space

Cisco Spark spaces will be cs.co/ciscolivebot#CHTIOT-1010 available until July 3, 2017.

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Agenda

• Introduction

• Climbing the Data Chain: Machine Reasoning Primer

• Use-Cases

• Conclusion Introduction Introduction Challenges in Network & IT Operations

Over 50% of network outages from human factors Orchestration ERRORS

Virtualization driving an explosion in data to be managed Controller / NMS / EMS

Service activation too slow with humans in the loop

Smart “things” connecting to network providing myriad of new data

Paradigm shift: manage system at operator desired level of abstraction

CLI API GUI Easy Button

CHTIOT-1010 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 SDN, Meet IoT

Network Business APP Applications … Applications Machine Reasoning Machine Learning

Device Data Abstraction Base Service Controller APIs Application Communication & Models Functions Layer Services

Laptop

TP Manager Viewpoint

Switch IoT

SDN Viewpoint SDN Network Router Things Devices IP Phone Printer

Call Manager Firewall

Web Server Server Farm WLC Telepresence

CHTIOT-1010 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 7 Making Sense of Data Data Chain for Machine Reasoning

Getting Machine Answers Intelligence

Building the Knowledge

Enriching with Context

Network Data + Understanding the Data Endpoint Meta-Data + Collecting the Application Data Meta-Data [DIKW Pyramid]

CHTIOT-1010 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 8 Climbing the Data Chain: Machine Reasoning Primer Establishing Common Understanding Vocabulary Getting Answers • Did you say “IP Address” ?

Building the Knowledge

Enriching with Context

Understanding • Machine vocabulary is defined using: the Data • Resources, i.e. identified things, that have Uniform Resource Identifiers (URIs) • Literals that have concrete values, and types (also identified by URIs) Collecting the Data Human Vocabulary Machine Vocabulary

Concept or Thing Resource

Word URI or Literal CHTIOT-1010 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 10 Machine Grammar

Resource Description Framework (RDF) Getting Answers • Going from words (URIs) to sentences (Statements) with RDF Triples

< Subject , Predicate , Object > Building the Knowledge isPartOf Linecard Router

Enriching with Context Resource Resource

Understanding the Data hasAddress Interface 10.10.10.1

Collecting the Data Resource Literal

Human Vocabulary Machine Vocabulary

Sentences RDF Statements (Triples)

CHTIOT-1010 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 11 Machine Grammar

Resource Description Framework Schema (RDFS) Getting Answers Defines constructs to describe things (Resources):

• Building the Properties: the relationships between things Knowledge • E.g.: isPartOf, hasAddress

• Classes: the buckets used to group the things Enriching with Context • E.g.: Routers = {ASR1K, ASR9K}, Switches = {Cat9K, N7K}

Understanding the Data

Collecting the Human Vocabulary Machine Vocabulary Data

Relationships between Properties things Buckets to group things Classes

CHTIOT-1010 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 12 From Atomic to Contextual

Linking Statements Getting Answers • Subject of one Statement can be the Object of another, thereby

establishing context Building the Knowledge SFO-ASR9K NYC-ASR9K X Enriching with Gig1/1/1 (10.140.10.3) Gig2/2/1 (10.140.10.1) Context

Subject Predicate Object Understanding SFO-ASR9K hasInterface Gig1/1/1 the Data NYC-ASR9K hasInterface Gig2/2/1

Gig1/1/1 hasAddress 10.140.10.3 Collecting the Data Gig2/2/1 hasAddress 10.140.10.1 Gig1/1/1 isConnectedTo Gig2/2/1 Gig1/1/1 hasLineProtocolState Down

CHTIOT-1010 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 13 Adding Semantics

Web Ontology Language (OWL) Getting Answers On・tol・o・gy Building the Knowledge Formal definition and classification of concepts / entities, and the relationships between them in a specific knowledge domain Enriching with Context

• OWL extends RDF with semantics: Understanding the Data • Relationships between Classes: disjointWith, complementOf • Equality: sameAs, equivalentClass Collecting the • Richer Properties: symmetric, transitive, inverseOf Data • Class Property Restrictions: define Class members based on their Properties

CHTIOT-1010 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 14 Building Knowledge Graphs Getting Answers Seems complicated. Why do all this? Property: hasIPAddress

Building the These constructs allow a Knowledge machine to express and make sense of first order Enriching with logic: Context

• All BGP speakers listen on

TCP port 179. Understanding the Data • Router1 is a BGP speaker.

-2 • Therefore, Router1 must listen Collecting the on TCP port 179. Data -1 (Super) Class Individual (Sub) Class CHTIOT-1010 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 15 Adding Rules

Semantic Web Rule Language (SWRL) Getting Answers • Support for rules, expressed in terms of OWL concepts, to provide

more powerful deductive reasoning capabilities than OWL alone Building the Knowledge • Example: If two interfaces have the same IP Address and the same VRF, then these interfaces have duplicate address Enriching with Context

Interface(?interface1)⌃hasIPAddress(?interface1, ?ip1)⌃hasVRF(?interface1, ?vrf1)⌃ Understanding Interface(?interface2)⌃hasIPAddress(?interface2, ?ip2)⌃hasVRF(?interface2, ?vrf2)⌃ the Data differentFrom(?interface1, ?interface2)⌃equal(?ip1,?ip2)⌃equal(?vrf1,?vrf2)  hasDuplicateAddress(?interface1, ?interface2) Collecting the Data

CHTIOT-1010 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 16 Machine Reasoning

Inference with Semantic Reasoners Getting Answers • Create new triples based on existing triples by evaluating SWRL rules

and OWL relationships / restrictions Building the Knowledge • Deduce new (inferred) facts based on the stated (asserted) facts

Enriching with Context

hasIPAddress hasInterface Gig1/0 SFO-ASR9K Understanding 161.44.210.117 hasVRF the Data

Inference by the

BlueVRF Reasoner Collecting the Data hasVRF hasDuplicateAddress

hasIPAddress Eth3/2 NYC-ASR9K hasInterface

CHTIOT-1010 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 Querying the Knowledge Base

SPARQL Getting Answers • Walking (querying) the knowledge graph results in “answers”

Building the • SPARQL is to a knowledge base what SQL is to a relational database Knowledge

• Example: Which two routers have duplicate addresses? Enriching with Context

SELECT ?router1, ?router2 Understanding WHERE { the Data ?router1 hasInterface ?interface1.

Collecting the ?router2 hasInterface ?interface2. Data ?interface1 hasDuplicateAddress ?interface2. }

CHTIOT-1010 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 18 Use-Cases Use-Cases / Applications

Network Troubleshooting • Mechanize logic that is currently in CCIE & engineers’ brains. Automation • Example: Traffic black hole root-cause determination

• Detect Network control/data plane anomalies. Anomaly Detection • Example: Analyze in-band OAM data (loss, end-to-end delay, per-hop delay) to detect anomaly

• Resolve inconsistency between network devices, or between network devices & Domain/Element controller automatically. Consistency • Example: Verify IGP/BGP configuration matches between PEs

• Monitor network state proactively, analyze data streams, identify faults and Fault Analysis & correlate with applications. Correlation • Example: Fault impact analysis on multicast video streams

• Build custom network operation workflows without requiring any programming Build Your Own Workflow language • Example: Ability to program the network with simple GUI

CHTIOT-1010 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 20 Summary Operational Simplification with Machine Reasoning

Knowledge Engineering Technology Axioms Best Practices

Algorithms / Workflows Business Goals / Policies

Conflict Root Cause Consistency Detection Analysis Checking

Conflict Remedy Consistency Resolution Identification Enforcement

Information Ontologies Reasoning Actionable Inferences Knowledge Generation & Analysis Remedial Operator APIs Action Alert

Data Actions Insights Recommendations

Network / System

Human Applications

CHTIOT-1010 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 22 The Stack

User Interface & Applications

Getting Semantic Reasoner Answers

Rules: SWRL Building the Ontologies: OWL Knowledge Querying: SPARQL Taxonomies: RDFS Enriching with Context Schema Neutral Data Interchange: RDF

Normalized Syntax & Schema Dependent Data Interchange: MIB, YANG, XSD Understanding the Data Syntax: SMIv2, XML, JSON, Natural Language (CLI)

Character Set: Unicode, Collecting the Identifiers: OIDs, URIs… UTF8… Data

CHTIOT-1010 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 23 Complete Your Online Session Evaluation

• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 gift card. • Complete your session surveys through the Cisco Live mobile app or on www.CiscoLive.com/us.

Don’t forget: Cisco Live sessions will be available for viewing on demand after the event at www.CiscoLive.com/Online.

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public Continue Your Education

• Demos in the Cisco campus

• Walk-in Self-Paced Labs

• Lunch & Learn

• Meet the Engineer 1:1 meetings

• Related sessions

CHTIOT-1010 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 25 Thank you