Building network automation solutions

9 module online course

Start now!

Machine Learning in Networking Products

AI is the new SDN, and we’re constantly bombarded with networking vendor announcements promising AI-induced nirvana, from reinventing Clippy to automatic anomaly- and threat identifications.

If you still think these claims are realistic, it’s time you start reading what people involved in AI/ML have to say about hype in their field. I posted a few links in the past, and the Packet Pushers Human Infrastructure magazine delivered another goodie into my Inbox.

You REALLY SHOULD read the original article, here’s the TL&DR summary for differently-attentive:

  • Training AI models is hard and expensive;
  • Deep learning model complexities are growing faster than Moore’s law;
  • Many AI applications rely on “humans in the loop” to deliver high level of accuracy;
  • Every new customer deployment is likely to deliver data that has never been seen before, requiring model retraining and even more human involvement.

If that sounds like a never-ending SAP deployment, you’re about right.

Now to networking. It seems to me we have two types of networking-related challenges that the AI/ML solutions are trying to address:

  • Global challenges - things that affect everyone like identifying malware;
  • Network-specific challenges like anomaly detections. What is anomalous for your network might be perfectly reasonable for mine. Also, keep in mind that we tend to build snowflake networks, so anything a ML model might have learned from data gathered in one network might not be applicable to another one (would love to see pointers to non-marketing material proving me wrong).
I’ve listened to presentations in which people working for companies offering cloud-based threat identification solutions told the same story: new threats start as anomalies detected by automated systems, and get classified and recognized by humans who augment the automated systems with new rules. Those solutions scale because the same set of tools gets used to attack most everyone on the Internet.

Assuming we might be interested in deploying AI/ML in our network, how realistic is it to expect to get it from an existing networking vendor? Greg Ferro wrote a wonderful article in the same issue of Human Infrastructure magazine explaining why networking vendors deliver unreliable and insecure products (TL&DR version: because they can).

Now match the two observations, and draw your own conclusions…

Finally, remember the SAP deployment analogy I made? Companies making money off SAP deployments are services companies, and networking vendors (apart from traditional telco vendors who always understood the value of selling never-ending services) are still mostly focused on selling boxes.


  1. This comment has been removed by the author.
  2. Another story around using AI/ML is that if you go this way, it is very hard to understand what is going on inside. An algorithm is making a decision by it is very hard to understand why this decision actually been made. This is a risk if you want to own whatever you are trying to automate and show stopper for many cases (especially if your infrastructure is critical for business continuity)
  3. So almost same challenges still persists a year later.
Add comment