Phil Gervasi on Network Observability and Cisco Live

Episode Thumbnail
This is a podcast episode titled, Phil Gervasi on Network Observability and Cisco Live. The summary for this episode is: <p>Phil Gervasi, Kentik's Head of Technical Evangelism stops by Network AF today to speak with host Avi Freedman about all things network observability and to recap their experiences at Cisco Live. Phil was a network engineer for 15 years prior to switching to marketing and finding his way into technical evangelism. In this conversation the two focus on building a foundation for data mining and collecting information that could better inform network intelligence and insights from observability platforms like Kentik.</p><p><br></p><p><strong><em>Highlights of today's conversation include:</em></strong></p><ul><li>[01:23] Avi and Phil discuss highlights from Cisco Live</li><li>[03:35] Everybody is doing observability</li><li>[04:57] Actionable insights</li><li>[06:00] Bridging the gap with education and interest in networking</li><li>[08:18] Network operations-focused innovation</li><li>[10:45] How the industry is assisting engineer operations and architecture</li><li>[12:48] Correlation and machine learning</li><li>[16:19] Telemetry, ML, AI, and marketing fluff</li><li>[22:23] Collecting telemetry and solving difficult problems with automation in a multi-vendor environment</li><li>[26:29] Life Cycle Automation</li><li>[28:53] Building a foundation for intelligence and observability</li><li>[33:03] What Phil is looking forward to next year at Cisco Live</li></ul>
Phil's background as a network engineer and a marketer
00:42 MIN
Avi and Phil discuss highlights from Cisco Live
01:58 MIN
Everybody is doing observability
01:21 MIN
Actionable insights
00:54 MIN
Bridging the gap with education and interest in networking
02:09 MIN
Network operations-focused innovation
02:10 MIN
How the industry is assisting engineer operations and architecture
01:38 MIN
Correlation and machine learning
02:03 MIN
Telemetry, ML, AI, and marketing fluff
02:46 MIN
Collecting telemetry and solving difficult problems with automation in a multi-vendor environment
03:45 MIN
Life Cycle Automation
02:21 MIN
Building a foundation for intelligence and observability
02:17 MIN
What Phil is looking forward to next year at Cisco Live
02:50 MIN

Avi: Hi, and welcome to Network AF. Today, I have my friend Phil Gervasi with me and Phil, could you give us all a little brief intro?

Phil: Hey Avi, it's good to see you again. So I've been a... Let's see. I've been a network engineer, I guess you could say a traditional network engineer for maybe 15 ish years, just working in the trenches, configuring routers and switches and wireless and data centers, that kind of thing. Cut overs at 2: 00 AM. That was my life for a long time. And I got into, I guess, what you could call technical marketing in the past few years, which I thoroughly enjoy. So, that's what brings me here today. But yeah, my heart is still with the nerds, with the engineering teams, for sure. So, I have a foot in both worlds right now.

Avi: Well, thank you for joining us at Kentik and thank you for being on the podcast. I have to say, when we first met, I think was when you were a delegate at networking field day and I enjoyed the operational clue that you and the other delegates and also the lack of respect for authority and over marketing, which...

Phil: Yeah.

Avi: ...sometimes I have as well, as we try to cut through things. So, the main topic we thought might be interesting a few weeks ago was Cisco Live. Cisco Live's always been an interesting venue for me. I come a little bit more from the inaudible and interconnection crowd. I've seen Cisco Live before DevNet really got going, but I guess decades ago, it was more interop was the older school, more enterprise stuff that I got into. So, it's been interesting to see and but it was back, I would say roaring ish, maybe not quite as much as it was a few years ago, but a lot of interesting stuff going on. And our booth was in the middle of a bunch of other... A sea of other folks and I guess, any interesting themes that you saw wandering around talking to people? What were any interesting highlights for you from the Cisco Live?

Phil: Yeah, for sure. Yeah. And I definitely did some wandering around and talking to people. That was... And I have to say, it was cool to be back in a live event, in person. I know that the attendance was a lot lower than in years past. Something like half. I'm not sure.

Avi: Vendors are probably two thirds plus back. There was certainly good vendor entity.

Phil: Yeah. So, but it was still great to see literally dozens or maybe 100 people that I chat with online, that I've met in person in years past and get to see them again, shake hands, talk about packets and things like that. So, I did appreciate that very much and I did a lot of walking around and wandering and looking at various booths and chatting with folks, both friends and just other vendor booth, things like that. And I got to say, I really felt like there was this overarching theme of getting more information out of the network, mining information, network information, application information, whatever, various angles that vendors were taking for sure, but that seemed to be an overarching focus for me. I saw the word observability on almost every single booth.

Avi: I was going to ask you about that, because we're in the center of observability inaudible. I think we were the first to use it, but the packet brokers had been saying... Well, first they said analytics before their... Because they enabled analytics and then, observability. Everyone's doing observability.

Phil: Yeah, absolutely. And I know from talking to some of those quote, unquote independent engineers, the tech field day crowd, that there's not an animosity, but a slight eye roll, when you hear the word observability sometimes. It's like," Okay, it's just another marketing term." And I think you and I are in the same boat where we like to cut through the marketing, get to what problem are we solving here? And what's this technical solution really all about? What do you actually do for me? And so, it was neat to see everybody's take on it, because I really feel like the industry as a whole, we're deriving the definition of observability, basically from whatever various vendors say. There's no real cohesive definition, so I really like talking to folks, hearing how they define it...

Avi: Who are doing it. Yeah.

Phil: Yeah, yeah, yeah. And then seeing, what is the common thread among all those things? Because therein lies the definition. Therein lies what observability is all about, exactly. That's exactly what we do is finding meaning in the data. The topic of the presentation that I gave at Cisco Live was really digging into the visibility as the foundation of observability, but then going to the next step and saying," All right, now that we can see all these pretty graphs and charts and all this information. That's great. I can see what's going on, but what does it mean?"

Avi: What do you do? Yes.

Phil: What do I do now? Right. That's the whole idea of the insights and the actionable insights, right? That's the idea of saying," Okay, now that I see that there's an interface that's hosed over here and memory utilization on this router over here is very high and I have sub... Okay, so what?" What does that really mean? I see all these things. And so, I bet that if we had a team of data scientists in every company, even a 50 person law firm had a team of data scientists looking at all this data, they could do this, but that's where observability comes in. It then takes all that and starts to correlate, it starts to normalize data, standardized data, which is really interesting. I mean, I'll tell you Avi, if I could do it over again in my career, I would go into data science, because it's so interesting. How do we take an interface that's in packets per second, then we look at flow data that's like 72% of your network is HGBS. Those are completely different scales. How do we get them on the same scale? How do we minimize it?

Avi: This is a really interesting topic and I need to preface this. You'll know this is not a marketing podcast because what I'm about to say.

Phil: Yeah.

Avi: I'll preface this by saying we're a big supporter of data science groups. We're a big supporter of customers, especially bringing in data that we don't want to be SAP. There's backend data, there's all sorts of business intelligence and things that the network data is really useful for, even to populate Salesforce or to correlate with other things or to look at churn risk and things like that. But if you don't inject context in data science, if you don't... I'm not saying you have to start and take network people, but you have to have at least an architect or ideally, the practitioners start to understand the context because it can be really tricky. Sort of exactly what you just said, the data looks like the shape of what you thought you were asking, but did you ask the right question?

Phil: Yeah.

Avi: Is the metric, is it package per second or bits per second or what pantiles and percentiles and things like that, are you using? And so, I think that's a real gap that I'd love to... I think we, as networkers, haven't made it easy to learn those ins and outs for people just studying the data and that's an issue, but I've seen that when we were at Akamai trying to get data science approach statistics, we'll just call it statistics. And at Kentik, as we hire and train people. And so, this is something that I wish there was a better answer for and I think comes back to shining light on the network for people in a world where people often think it's just APIs and magic, the people that need to run it do need to look and they're not going to look at the data by hand, so... These are things that I keep thinking about, how do we do better education? And then, how do we bridge that gap with data science, both math in the networking world? Which already is trying to figure out intent and automation and cloud and all that stuff, and then the reverse. So, I don't know if you have any tips and tricks, but I think bridging those worlds is almost as important as operations and security or network and application bridging.

Phil: Yeah. Tips and tricks on how we can solve all the networking problems? That's a good one. I wish I had that answer. That would be pretty awesome.

Avi: Okay.

Phil: I would be patenting... You know what I mean. I'll be printing copies right now.

Avi: Oh, you'd be starting a competitor. Okay. Got it.

Phil: Yeah. So, I mean... But walking around the floor though, the world of solutions though, it was that, it was one particular vendor looking at how we gather this data, another one gathering this data and then what can you do with that data? I didn't see anybody talking about a brand new routing protocol that they invented, which would be cool and interesting, shake up the industry a little bit, but it really wasn't that kind of innovation. It seemed to be a network operations focused innovation, whether that's in large scale enterprise or service provider realms or those eCommerce businesses that serve folks out on the internet on some website. All different contexts, but that's what it seemed like, augmenting a network engineer trying to figure out real problems. So, I have this slow website, right? What's causing that? Well, I have this memory realization thing happening over here in my branch office halfway across the world. Does that have to do with anything? I don't know. What about this suboptimal path in EAMA? Does that have the... We don't know how these things correlate. I think about the whole butterfly effect, right? You have this one wire that you wiggle all the way across the world over here, and all of a sudden it slows down your DNS lookup times over here and now, your website is slow. How do you piece that together just sitting there? You got to pee, one, it's 2: 00 in the morning, all the leadership of your organizations on your back, calling you, your phone is buzzing. How do you figure out that out quickly? So, I really felt like a lot of that was all geared around network operations and making the life of an engineer better by making root cause analysis faster and then, the ongoing stuff, like monitoring the network at both a meta level, right? And a granular level to do your base lining or trend analysis, which is... I prefer that perspective. And then, which leads to all those cool things like capacity planning and things like that. But that's ultimately what I got from it. Everybody seems to be focused on mining more data from the network so we can make network operations better and we can augment the engineer. So, and that makes a lot of sense, because until we start hiring teams of data scientist at every single organization, you need that assistance.

Avi: Data scientists who study network semantics, I would say.

Phil: Okay, fair enough. There you go. Thank you.

Avi: That's my grumpy pitch is looking at the data by itself. It's easy to find correlations and network data. Is it worth waking someone up, is the hard part. I guess, let me ask you a question.

Phil: Yeah.

Avi: Just completely honest and obviously Kentik's a vendor too, but where is the industry on delivering on that promise? We take all the data and I know ways in which we make people's lives easier, but at the same time, you've got vendors talking about closed loop networking and self- driving networks and people thinking that they're behind because they're actually doing work. If you had to go from zero to a hundred percent, where's the industry fulfilling its marketing claims of assisting that engineer operations architecture group?

Phil: Yeah. Wasn't that the point of SDN 12 years ago? Right?

Avi: Well, that was back when there was going to be one flow controller for the whole internet. And I was like," That's a really bad idea."

Phil: And I remember seeing those open flow presentations and all that stuff, but in those days, I remember hearing about it and saying," We're going to be like the enterprise." Right? Where Jordy Laforge is just... Talks to the computer and says," Reroute power." And it just happens and everything... Ultimately, that's not even intent based, right? Because the enterprise computer should be just doing it on its own. But in any case, I think that there's a difference though, between observability and then the automated remediation or the programmatic remediation that can happen from that. So we still, I think as an industry, yeah, we're putting in those push configuration overlays programmatically, that's happening, but there's still a reluctance among engineers to say," All right, now that I have this advanced visibility into observability, great. We're correlating, we're doing machine learning, time series modeling. Cool. Great." I still want a big red button that says, I, as an engineer, need to press this now to approve change.

Avi: Most of our...

Phil: inaudible Change myself.

Avi: Most of our customers that use Kentik to do DDoS mitigation, have that big red button. They tell me and then I will push... Now, they then want everything to push flows back or to trigger something so that they're not manually CLIing it, but still, the human wants to be in the loop for a lot of things.

Phil: Yeah, absolutely. And it's a matter of probability, right? And we can go back to correlation and the whole machine learning component of what we do at both Kentik and other organizations and you ask the question, where is the industry right now? Noticing in various literature out there, there still seems to be a little bit of a struggle with false positives as an example, where folks are making correlations and the probability of that correlations lower than it should be. So there's a matter of probability here. So, I wiggle this wire and then this DNS lookup takes a long time and this interface gets hosed because it's suboptimal routing, but how probable is it that it really was caused by this particular wire wiggling? So that's where there's some organizations working on that. How do we decrease false positive? Now, I know, I know what we've done at Kentik, just talking to our own internal network centric data scientist and how we solve that and what specific algorithms we use to do that, but I think that's still an issue and that's going to be a stumbling block to the next level, which is really more advanced correlation. And I'm talking about doing regression tests and clustering and all those classical machine learning methods to find structure in what's otherwise unstructured data, especially in networking where a lot of it's ephemeral, right? Just interface statistics that disappear, but we want to know what's going on both right now and then historically, and then even incorporating what we do at Kentik with active monitoring with synthetics, where it's not even end user data, right? It's not passive, it's active in the sense that we're sending our own traffic out there and then correlating that in there. That's where we're headed and I think every organization's a little bit different in where they are on that journey, right? So, ingesting more data, that's one thing. I think there are some folks there. There are some that are focused solely on packets and taking them apart and correlating that, fine. I believe that we need a diversity of visibility data because they all provide different angles of what's going on.

Avi: Well, now, you're depending on things that you can't dictate to your SDN vendor what their visibility, what kind of things they're going to enable or necessarily your cloud vendor or any of that. And by the way, I just want to say, I actually need to start saying it more like you do. I always enjoy it when people say correlation more as co- relation, inaudible just to think about. You say a little closer to co- relation, which is actually the way I want to say it, but as a Philadelphian, I speak too fast, it's like correlation, rough water, all that stuff. So...

Phil: I never noticed. I'm originally from Long Island, New York and I don't have much of a Long Island accent, but I'd have a couple words where my kids make fun of me. I say, marry instead of Mary. I want to marry you and things like that and it's terrible. I don't know. Anyway, but ultimately I think, as an industry though, we're heading in that direction because we have the compute resources now, we have just the resources at X 86 and routers and things and switches. We have the ability to get the information, whatever it happens to be, whether it is more traditional visibility information like flow data, SNMP, streaming, telemetry, screen scraping, whatever we have to do, whatever information, all of it. I love it all. Packets, whatever, but ingesting all of that, gives us the various angles of...

Avi: As you said, normalizing it and making sense of it because different...

Phil: That's hard.

Avi: inaudible Different metrics. Yeah. It's...

Phil: That's what's necessary.

Avi: I would give the industry 15 to 20% and I don't know that we'll get to 100% in the inaudible or hello, computer transparent inaudible type stuff...

Phil: Yeah.

Avi: ...tomorrow, but I think it's a journey, but the approach that I like is to surface with stronger insight, a stronger focus on limitating false positives, because again, a lot of the audience wants to be woken up only about the right things, but also use that data to help automate the things that do happen all the time. As you said, capacity planning or auditing bills or things like that. And if you can build towards both directions, the goal ultimately is to be able to let people be more architects and less operations, which ultimately is going to be necessary as all this goes, but it is frustrating for me sometimes at trade shows because you hear the promise and you know that it's far from the reality. So, we talked about observability, getting data out of the network, which I agree is a real trend. That's what people wanted to talk about. It was a great hook to say," What do you do with telemetry? What are you missing in your telemetry? What do you wish the network could tell you about what's going on in the middle of the night?" But any other Cisco Live? Any other what's hot, what you're tired of hearing about from wandering around and talking to folks?

Phil: Well, it's not that I'm tired of hearing about it, but I enjoy getting a little bit contrarian with folks at booths when they start talking about ML and AI and things like that. And then I start to just press them a little bit, in a polite and professional way, right? Because I am wearing a Kentik T- shirt because I want to make sure there's a professionalism there, but just saying" Okay, what do you mean by that? What algorithms are you using and what kind of workflow is behind the scenes there? How do you normalize data? What are you doing to reduce false positives?" Like we were just talking about and the answers vary greatly. Sometimes, I have heard some very impressive answers where I'm sitting there taking notes like," Slow down professor, I'm taking notes." But more often than not, you can sniff out that there's a little bit of marketing fluff there. And then, what's really happening is they're just collecting a bunch of information and then putting it in prettier graphs, making their interfaces a little bit snappier, which I appreciate by the way. Who wants a slow interface on their visibility tool? But that's where it is. So, that was something that I enjoyed from a sadistic level is just sniffing out where the marketing fluff was and then getting into some cool conversations with the folks that really seem to know what they were talking about.

Avi: I got some great kilt recommendations from a couple of your colleagues from...

Phil: Good.

Avi: Yes. So, it is a diverse crowd as you said, and it's always good to get to take... I try to... It's nice that I've been building enough of a network that I can do... So, at Cisco Live and at black hat and DEFCON and adjacent conferences which we don't really exhibit at, but I go to see what's going on and what people are working on, have the hallway track. They're like," Hey, what are you seeing?" Especially people doing consulting, working across customers, what's the reality? Learn about... I mean, God help us. There's now$1, 500, multi 10 gig routers that can take full tables.

Phil: Yep.

Avi: That's pretty fucking awesome.

Phil: Yep. I know what you're talking about, for sure.

Avi: Yeah. I mean, we're not selling sponsorships. We don't have to get them on for ads. That's really cool. For me, automation and intent still, I think people are being confused into thinking that everyone's much further along.

Phil: Yeah.

Avi: And a few years ago, I went to DevNet and I was like," Oh, you're using NSO to write one Python program, to use APIs in Python instead of this one CLI thing with no sort of even GitHub, so you don't do the same thing over and over again." And" Where's the Uber side of it versus the promise?" And I would welcome a little more real talk there and I think some of the automation vendors, I found them more open to like," Yes, this is a toolkit. We're lugging this in and every environment's unique and here's how we help. We make it faster to do these things, but we're not the magic automation engine." But sometimes it can be a little... These are both things that have been there for a long time and that's my AIML is when people go overboard on that, but...

Phil: That true level of intent based network and remember that was a buzz in 2016,2017.

Avi: No, but it still is. IBN, yeah. And it still is. Well, P4, everyone's going to be programming the switches with everything.

Phil: Yeah and that's the thing though. I didn't hear that term at all this particular Cisco inaudible.

Avi: Oh, I thought I saw it.

Phil: Did you hear it once?

Avi: Yeah. Yeah. I mean, it's cool to have the P4 stuff, but like with flow controllers, there definitely can be hype cycles for this stuff.

Phil: Yeah. Yeah. For sure. And I think we're off... I don't know what that hype cycle thing looks like. I'm picturing it in my mind. We're definitely on the end of that now.

Avi: In the trough of despair?

Phil: Yeah, Right. The inaudible spawn. So I think...

Avi: It sounds like a D&D thing. You're now inaudible the trough of despair.

Phil: So I don't think that those intent based network vendors are just done. I noticed that just a couple years ago, not long ago, the language started to change from some of those vendors where instead of saying intent based networking and automated programmatic automation for automated remediation, the language started to change to intent based analytics and intent based...

Avi: I'll have to look for that. I haven't really seen that.

Phil: Yeah. Well, and my theory, I don't know if this is right, but I think it's because, well, geez, in order to do intent based networking, you need to collect a crap ton of telemetry from the network in various forms, any way you can get it, right? And of course, you're hooking back into devices to program, fine, but that first step is to collect everything that's going on, so you have that quote, unquote, single source of truth, right? You need to start with that foundation. You're doing path permutations really and figuring out probabilities of what's suboptimal, things like that. You're creating a reference architecture based on this is what the duplex should look like in this particular data center, so here's my gold standard. So you're collecting all this information and I think IBN vendors at some point were like," Well, geez. We could probably sell this. Maybe we should change our language just a little bit." And that's fine. I mean, because it is still a useful thing, but that's where I think intent based networking can stall a little bit, as far as progressing down the automation route. That's a hard problem to solve, multi- vendor snowflake network environment out in the world.

Avi: I see what you're saying about on the marketing trends.

Phil: Yeah.

Avi: I think the thing that... The way I look at it is there was this great promise and I try not to be the Statler and Waldorf in the network room, as the grumpy old person saying," Oh yeah, we tried that in 1492 and it didn't work and so, we should just stop talking about stuff." But there was a wave of companies that came from people that had never run a network, but studied out of the SDN groups that said we can just mathematically model all of this, which I have always had a problem with because of bugs. The wonderful thing and the frustrating thing is so many bugs in networking and you can't really model the bugs, but... And that worked okay in some data center world, but you have this super long tail of needing to build that unified model. And that for me, is like you're going to be stuck with the piece parts, unless you can do a unified model. And that's why Kentik hasn't taken it on because that's... It's doable, but it's a really hard problem that you have to believe will have the right payoff and in a multi- vendor way and with bugs and with... And not just the big data center, not just the when, not just the edge in campus, it's all that. That doesn't mean I think we can't get there or won't get there, but the approaches of automation without having that model and even just what people want, which is the simpler version, which is the opposite of rancid, the config push, the make it so command, to use the Star Trek analogy. So again, I think we'll have it in the next 10 years, at least the make it so command, but... And better than SolarWinds NCM, which is reg X based. And even Kentik, we use configs and look at, again, it's part of observability and correlating and saying did... Or sorry, co- relating is how I want to say it, which is did I do something... The old," Don't let the butt crack out of the CO." Catch the outage when they spark the wires and took your T1 downs. So...

Phil: Yeah.

Avi: So I am definitely hopeful, but maybe I just found the wrong intent and automation marketing messages. So...

Phil: Well, I mean, it's incremental though, right? I mean, everything that we're doing is... You mentioned something like going zero to 100 earlier when we started recording, but we don't go from automating zero to it's a completely autonomous network that just runs and everything just changes behind the scenes in the...

Avi: But that is what vendors see and vendor J tell the world they have built.

Phil: Yeah. Yeah. That's true.

Avi: That is so...

Phil: And that is a problem because that does... The fluff is out there for sure, but it's still good. It's still progress to say," Hey, we're just changing interface tags to be more consistent. We're going to automate that. We're going to automate these low level things that aren't disrupted to the network if something..." inaudible

Avi: Life cycle automation is like...

Phil: Life cycle automation, there you go.

Avi: inaudible is a great first key step. And the wifi automation the world's been in before Mist and then after what Juniper's doing, there's a lot of really great stuff being done with parts of it, but maybe I'm just too grumpy, because I hear these broad messages about everything is now self- driving or closed loop. And sometimes, I just see some of our customers like," Oh, I suck. I'm so far behind." It's like," No, no, no. It's all good. It's all good."

Phil: Yeah, yeah.

Avi: Yeah, just don't be that network where you have 40, 000 devices and if there's an interface description, it's wrong. Move towards, whether it's NetBox or iPad or whatever, move towards a source of truth. These are journeys that we're taking together and life will get better over time.

Phil: And you can start with a corner of the network.

Avi: Yes.

Phil: You don't have to start, like if you have 100, 000 interfaces and whatever, 2000 sites around the world, you could start with one site, one small branch or one closet, whatever. Whatever, and then say," All right, we're going to do this stack of switches." And then, we're going to look at our wireless infrastructure and... We can just use some programmatic tools and visibility to manage just this particular overlay.

Avi: Yeah.

Phil: And so, that's a good place to start.

Avi: Absolutely.

Phil: And we're going to build on that over time. So where are we today? We're, I think at very, very early stages of that where folks are still doing... I mean, think about it, isn't me typing commands into my Cisco router intent based? I mean, it's kind of... I had this discussion with Greg Farrow back and forth over a couple blog posts a couple years ago, where I was like, inaudible it's kind of a panacea. We're not there. And then, he made the argument that DHCP was intent based networking, right? I'm like," Well, no, it's not because it doesn't have the closed loop." So I went through that whole argument and he made the points like," Well, not exactly because think about the process of back in the day." The discover, offer, request, acknowledge, whatever it is today. I don't know. But that's an automated process to get an IP address. I know this is just a simple, small example, but I'm like...

Avi: Okay, I guess I have to join this blog argument four years later.

Phil: Yeah. Right. It was a few years ago, but I remember that he made a good point.

Avi: I think there's a lot of people on the journey to intent, but I think of it as not just the automation of something that's a single vector, but combining a few vectors so that you're not going to get them out of sync. So, it's make sure that when this happens, that happens. And ultimately, if you actually want to get to intent, you say," I want it to look like this rather than I need the IP address to be like that." So maybe I talked myself into it, maybe DHCP is like that, right?

Phil: It's kind of intent based.

Avi: I would just say that we're probably, unless you count the routing protocols themselves and what they do with figuring out reachability as that, which now we're getting really deep, I would say that again, Kubernetes, for all it's worth and I still have to read that, the iceberg. There's like a bunch of series about all the issues that you need to come up to speed on or that create opportunities for vendors in the Kubernetes space, but has pushed that world forward maybe more than the network world has, despite all the talk about it, but we'll get there.

Phil: And I can say that the ultimate foundation to get there though, is what we're doing now with collecting, mining data from the network and moving forward with much more intelligence with observability now. That is absolutely going to be the foundation of it, because otherwise, you have your reference architecture and you have all these moving parts. And when I say that, that's an understatement, right? You have millions and billions of objects in a network if you count up everything that exists. And like that butterfly effect, this thing over here, I'm putting my hand in the frame here, if you put this thing over here, how does it affect this thing halfway across the world? Ultimately, in the context of a service delivery or an application delivery, right? It's performance or it's reachability, that kind of thing. And so, that's going to be the foundation for layering those programmatic configuration pushes. Programmatic and automated, whether it's remediation or just pushing config and things like that. Whether it's a security remediation as well. That's something where I'm seeing a little bit of advancement. Where there seems to be more automated remediation in the security realm inaudible alone, right? Yeah, we got this issue over here, shut down this port, shut down these things. So...

Avi: Well, and then that becomes data that you need so that you're not trying to figure out looking at the data, why the reports were shut down.

Phil: Exactly.

Avi: So you inaudible as metadata too. I absolutely agree and I think the thing for me that is the single biggest criteria is really the reason that people asked for Kentik in the first place, as opposed to Arbor was squinting at roll ups later in the network world where there's so many different dimensions of things and unique values and things flying around. Having to know the question in advance really limits you in an operational way and only being able to do analytics on summaries of the data is really tough and also limits you. And so, I still struggle when I see, in network world, in application world, in SRE world, everyone says observability because it's the thing, even on top of platforms that have very limited abilities to do, not only whether you call it base lining or trending or anything more than simple redefined things, but especially, ultimately when the engineer she needs to get in there and like," Okay, do I need to validate this before I push the button? What's really going on." And I'll come back to it again, bugs. And I say that not ever wanting to build a router operating system ever, ever, ever, ever, ever, much less the hardware and all that stuff. I don't ever want to do that. And there's a reason I love SAS a lot more than shipping software and people running it and doing all sorts of crazy stuff with it, but there's so many bugs that just even the best models, sometimes you do need to poke around into that, so... What would you love to see more of next year at Cisco Live? Where would you like to see us all be?

Phil: Yeah. Well, first of all, I don't want to go to Las Vegas, but I guess that's already in the cards.

Avi: Oh, it's not in Orlando or San Diego?

Phil: The last one I went to was I think 2019 and it was in San Diego and absolutely loved it. I love San Diego. So, that was nice. But that would be cool, but obviously they've already scheduled it for Vegas. I'd like to see more of a variety of innovation. The industry seems to... Everybody jumps on a similar bandwagon a lot of the time, and I'd like to see what people are doing. The thing is that they're out there, people are doing different things and solving different problems, but when you set up a booth, you're looking at other booths and you want to make... Not comradery, but there's some overlap with what folks are doing. I'd like to see a little bit more variety. I did appreciate that there was a coffee station almost everywhere at this particular Cisco Live, because I'm a big coffee drinker and it was decent coffee. So, I hope they continue to do that. That was good. But I think the advancements in observability and continuing to differentiate it from traditional visibility is going to be a big thing because with intent based networking, I totally saw the marketing fluff. I saw the intent washing that people were doing. Observability, I don't see it the same way. Although you can. You can just say," We're doing observability." And you're not, but to me, it really is a different realm of visibility. It really is the evolution, it's the next step and requires new, underlying technology. So I'd like to see where that goes and if we start scratching the surface of some more automated remediation based on whatever insights. That would be pretty cool. I mean, we have a year, so that's not a lot of time.

Avi: No, the time is pretty fast. I'd like to see that. I think they'll still be a lot of people using terms to describe them that are off and as well as a ton of progress that I look forward to.

Phil: Yeah.

Avi: Maybe we can do some combined vendor inaudible and live blogging, which is breaking down what people are doing and what's cool... Or get a group together. I don't know. Do any of the field day delegates do that at Cisco Live? Okay.

Phil: Yeah.

Avi: inaudible

Phil: I hung out with a lot of those folks. It was fun.

Avi: Okay. Okay.

Phil: Took some pictures. Actually, that's a good point. Next year, I'm going to try to be a little bit more social rather than just learn and absorb and listen and talk to people, which is really... That's great. That's fine. I'm a nerd. I wanted to talk to people about how they plug this into that, but I have some decent cameras and stuff. I have a road podcast mic I can put on, maybe get around and inaudible get perspectives of folks and say," Hey, what do you think?" Right there on the floor.

Avi: And I mean it not to ridicule or demean, but it's just the same thing that I had when I was at Akamai, really the entire time, but I remember 2000, 2001, some of my friends were like," Hey, I know what Akamai does, but I go to the website and extend and control your infrastructure. Where's your metadata manual? How do I understand how does this go with this? And where's that?" It's like," Oh, you have to be a customer."" Don't you think it'd be nice if you could like show that to us?" And at the time, that was not what the world was. And so, I think that world is going more that way. So fair.

Phil: Yeah, for sure.

Avi: I've certainly had plenty of times. I'd love to have someone help me tell the story, so...

Phil: Yep.

Avi: Cool. Well, I'll hold you to that and help if I can. I would look forward to distributed learning from...

Phil: There you go.

Avi: ...enabled by good question asking, so... Well, thanks for the time and insights, Phil and of course, thanks for joining Kentik and...

Phil: My pleasure.

Avi: ...look forward to continue talking.

Phil: Thanks.

Avi: Thanks everybody for joining Network AF. You can listen to us on apple and other forums. We have a website, past episodes, transcripts. You can find me Avi Friedman at LinkedIn, Twitter, the usual places on Avi @ kentik. com. And Phil, how should people find you?

Phil: Well, you can start with Twitter, network underscore Phil. I wish I could get rid of that underscore, but I still have it. Network Underscore Phil at Twitter, you can search my name in LinkedIn. My blog is network Phil. com and PGervasi @Kentik for direct email.

Avi: Okay. Thanks everybody. See you next time.


Phil Gervasi, Kentik's Head of Technical Evangelism stops by Network AF today to speak with host Avi Freedman about all things network observability and to recap their experiences at Cisco Live. Phil was a network engineer for 15 years prior to switching to marketing and finding his way into technical evangelism. In this conversation the two focus on building a foundation for data mining and collecting information that could better inform network intelligence and insights from observability platforms like Kentik.

Highlights of today's conversation include:

  • [01:23] Avi and Phil discuss highlights from Cisco Live
  • [03:35] Everybody is doing observability
  • [04:57] Actionable insights
  • [06:00] Bridging the gap with education and interest in networking
  • [08:18] Network operations-focused innovation
  • [10:45] How the industry is assisting engineer operations and architecture
  • [12:48] Correlation and machine learning
  • [16:19] Telemetry, ML, AI, and marketing fluff
  • [22:23] Collecting telemetry and solving difficult problems with automation in a multi-vendor environment
  • [26:29] Life Cycle Automation
  • [28:53] Building a foundation for intelligence and observability
  • [33:03] What Phil is looking forward to next year at Cisco Live

Today's Host

Guest Thumbnail

Avi Freedman

|Kentik CEO and Co-Founder

Today's Guests

Guest Thumbnail

Phil Gervasi

|Head of Technical Evangelism at Kentik