Cisco Artificial Intelligence allows for deep learning to take place on your network.
What does that buy you? This means that rather than just having threshold alarms (that keep generating alarms on every issue), you can intelligently decide when to alert - based on the normal network baseline.
This cuts down false alarms and let's you focus on real issues, as they occur.
This blog focusses on the concept of how AI can help reduce alerts.
Cisco AI Analytics Explainer
Before we dive into the detail, a quick explainer. In your network you will be using Cisco DNA Center to manage alerting. The Machine Learning and AI add-ons to this allow for your anonymised data to be sent to the cloud and analysed.
The insights that come back are then used to provide intelligent alerting.
Since the data is anonymised, it can be compared to other companies data to spot industry issues - for example hack attempts.
The Cisco AI Analytics Engine
The Cisco AI analytics engine is shown in the diagram below:
It starts on the left hand side, with the use of streaming telemetry. This is sent to the cloud (anonymised of course, for your safety and privacy), where it can be analysed.
DNA Center is shown on the middle left hand side. Essentially this is the central control point - gathering the data and sending up to the cloud for analysis.
The interesting part of the model shown above is the capability to compare (anonymised) customer data. Since the AI engine is taking feeds from lots of customers – and being based on the cloud, can quickly be updated for new insights – the output is not limited to the learnings that could be made on your data alone, but on the learnings made on a much wider scale.
This means the value and depth of the insight gained can be so much greater, than if this were taking place on an on-prem AI engine with your data alone.
Cisco AI Analytics in Operation
We’d be remiss to discuss all this theoretical capability to AI insights and not actually show a screen shot of it in action.
The screen shot below shows an actional insight, generated by the Cisco AI engine. The blue line shows the recorded data:
The green shaded area at the bottom of the screen shows the AI at work. The green shading is the expected variation from the baseline that the AI engine has determined should happen.
It has highlighted an area in red, where it thinks the actual has deviated from what it believes the baseline should be and alerted on this.
When you look at this, it’s pretty remarkable. It’s a world away from an up/down trap style alarm and really illustrates where the power of AI is taking us.
Cisco Machine Learning and AI: Reducing Unnecessary Alarms
One of the major hassles for a network administrator is the large number of alarms that are triggered. Genuine issues can so easily be lost in all that fog. The prime theory in reducing these is to build a hierarchy of alarms – for instance, you don’t need to alert on every switch port failing, only that the switch itself has failed.
AI takes this a stage further though – can you use past behaviour and the specific combination of alarms to reduce the alarms to only present those that actually matter. This has a couple of key benefits:
- Reduce Alarm Fatigue: Alarm fatigue exists when you can’t see the wood for the trees. There are so many alarms that you just end up giving them lip service or ignoring them altogether. The chance of a critical alarm passing you by and causing major issues is quite high
- Spot Complex Issues: The volume of alarms are impossible to anyone to comprehend the bigger picture. When presented with thousands of alarms per day, most people are unable to spot any bigger picture issues. Reduce the volume and apply some machine learning and otherwise invisible patterns can be seen
The bottom line is that using Machine Learning and AI you can reduce the overall number of alerts (around 75% is typical) and really focus on those alerts that matter.
Cisco AI Analytics: Summary
Coupled with the concept of Cisco Artificial Intelligence and Cisco Machine Learning is the simple base reason for implementing this technology in the first place: it's easier to manage a network when you only alert on real issues.
The reason for AI in this case is just that - learn how the network baseline normally looks and then alert based on anything outside of that.
The problem with standard alerting is that it's threshold based - so every month when planned activities occur on your network, you get an alert - you waste time investigating that, when you could really just use the help of machine learning and AI to determine that it's a normal part of network operation.
Cisco SDA Deployment is a good blog to read about how the use of automated networking is likely to be deployed and as an opener to full automation, What is Cisco SDA Fabric would be a great place to start.