Effectively good day everybody, it’s been a minute (or many) since my final weblog submit, however I’m excited to say that the most important mission I’ve been engaged on for the final 18+ months has come to a conclusion (effectively, for me not less than 😉 ) and I’m wanting ahead to investing extra time in blogs, movies, and getting again on the market.
I’ve a number of matters I’m trying to dive into, however getting back from Cisco Stay in Vegas final week, I figured I’d as effectively bounce on the AI hype prepare, chugga chugga chugga, and share a little bit of my very own ideas on the subject.
Let me begin by saying that I’m simply starting to essentially dip my toe into the AI pool. There are lots of different engineers already approach out within the deep finish, and I hope to swim out and be a part of them quickly.
Cisco Stay 2024 in Vegas was simply the compelling occasion I wanted to step down on step one (to maintain up the metaphor), and I included AI in two of my talks through the week. There was Easy methods to be a Community Engineer in an Synthetic Age within the Cisco U. Theater, an replace to my discuss, “Easy methods to be a Community Engineer in a Programmable Age,” that I first delivered at Cisco Stay in 2017. After eight years, it felt slightly bittersweet to depart the programmable age behind, however thrilling to be coming into a brand new age. Synthetic Intelligence additionally made a last-minute “bonus” look in my breakout “Programmability Expertise for Engineers Who Don’t Wish to Code.”
For these talks, I spent a while pondering by how community engineers needs to be occupied with and utilizing AI proper now, and what to probably anticipate for the longer term. I’m not going to undergo all the main points on this weblog submit, however reasonably, I wish to focus in on one particular use case that I discovered shocking and a bit thrilling: Utilizing AI to see evaluate your work. Buckle in, and let’s test it out.
Bridget takes Hank to Community Engineering Faculty
One of many examples in “Programmability Expertise for Engineers Who Don’t Wish to Code” revolves round creating IPSEC VPN configurations for routers primarily based on a configuration template and spreadsheet of knowledge. I first present tips on how to use formulation inside the spreadsheet to create the configurations, and later use Ansible and Jinja2 templates to do the identical factor.
As I used to be rehearsing the session, I questioned… May AI do the identical work?
If I’m sincere, I figured it could get shut, however must be mounted/completed to be achieved. So I crafted this immediate and despatched it to Cisco’s ChatGPT implementation often called “BridgeIT”.
Utilizing the information from the under CSV information,
vpn_name,tunnel_interface,side_1_public_ip,source_network,source_mask,side_2_outside,tunnel_destination,destination_network,destination_mask,preshared_key
VPN_101,GigabitEthernet0/1,203.0.113.101,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.33,172.28.11.0,0.0.0.255,ZA788I
VPN_102,GigabitEthernet0/1,203.0.113.102,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.34,172.28.12.0,0.0.0.255,AM285I
generate a configuration from every row primarily based on the under jinja2 template
! VPN {{ vpn_name }}
crypto isakmp coverage 10
encryption aes
hash sha256
authentication pre-share
group 14
crypto ipsec transform-set vpn_transform esp-aes esp-sha256-hmac
access-list 100 allow ip {{ source_network }} {{ source_mask }} {{ destination_network }} {{ destination_mask }}
crypto isakmp key {{ preshared_key }} deal with {{ tunnel_destination }}
crypto map {{ vpn_name }} 10 ipsec-isakmp
set peer {{ tunnel_destination }}
set transform-setvpn_transform
match deal with 100
interface {{ tunnel_interface }}
crypto map {{ vpn_name }}
I despatched it away and waited… and waited… and waited. However then this reply got here again:
Primarily based on the offered Jinja2 template and the CSV information, listed here are the generated configurations for every VPN:
For VPN_101:
! VPN VPN_101
crypto isakmp coverage 10
encryption aes
hash sha256
authentication pre-share
group 14
crypto ipsec transform-set vpn_transform esp-aes esp-sha256-hmac
access-list 100 allow ip 10.98.128.0 0.0.3.255 172.28.11.0 0.0.0.255
crypto isakmp key ZA788I deal with 198.51.100.33
crypto map VPN_101 10 ipsec-isakmp
set peer 198.51.100.33
set transform-set vpn_transform
match deal with 100
interface GigabitEthernet0/1
crypto map VPN_101
For VPN_102:
! VPN VPN_102
crypto isakmp coverage 10
encryption aes
hash sha256
authentication pre-share
group 14
crypto ipsec transform-set vpn_transform esp-aes esp-sha256-hmac
access-list 100 allow ip 10.98.128.0 0.0.3.255 172.28.12.0 0.0.0.255
crypto isakmp key AM285I deal with 198.51.100.34
crypto map VPN_102 10 ipsec-isakmp
set peer 198.51.100.34
set transform-set vpn_transform
match deal with 100
interface GigabitEthernet0/1
crypto map VPN_102
I used to be duly impressed. Bridget (as BridgeIT is affectionately often called) understood precisely what I wished and was in a position to create the configurations for me completely. Rating one for our artificially clever robotic overlords.
However wait… she wasn’t achieved. The message continued:
Please notice that there’s a typo within the Jinja2 template, particularly within the line the place it says:
set transform-setvpn_transform
There needs to be an area earlier than “vpn_transform”. Right here’s the corrected line that ought to seem within the template:
set transform-set vpn_transform
Oh man… I had a typo in my template? Inconceivable!!! I rapidly went and checked my immediate and the supply Jinja2 template that I copied for the immediate—a template I’ve utilized in my Ansible demo on this presentation for 2 years.
Positive sufficient, I had a typo. Whoops… boy, did I really feel embarrassed. And for those who return and have a look at the configurations that Bridget offered to my immediate, you’ll see that she really mounted the error and despatched the proper configs. Very, very effectively achieved. Rating two and three.
However she nonetheless wasn’t achieved…
Moreover, you would possibly face a problem when making use of two totally different crypto maps to the identical interface. Normally, a bodily interface solely helps one crypto map. If you could help a number of VPNs on the identical interface, you’ll sometimes use the identical crypto map identify with totally different sequence numbers for every peer.
Right here’s how one can modify the second crypto map to make use of the identical crypto map identify with a distinct sequence quantity (assuming you wish to use the crypto map identify VPN_MAP for each):
For VPN_102 (with a revised crypto map identify and sequence quantity):
! VPN VPN_102
crypto isakmp coverage 10
encryption aes
hash sha256
authentication pre-share
group 14
crypto ipsec transform-set vpn_transform esp-aes esp-sha256-hmac
access-list 102 allow ip 10.98.128.0 0.0.3.255 172.28.12.0 0.0.0.255
crypto isakmp key AM285I deal with 198.51.100.34
crypto map VPN_MAP 20 ipsec-isakmp
set peer 198.51.100.34
set transform-set vpn_transform
match deal with 102
interface GigabitEthernet0/1
crypto map VPN_MAP
Discover that the entry listing quantity for VPN_102 has been modified to 102 to keep away from battle with the entry listing for VPN_101. The crypto map sequence quantity for VPN_102 has been set to twenty, differentiating it from the sequence quantity 10 used for VPN_101. If you happen to comply with this strategy, make it possible for all of your VPNs use the identical crypto map identify (VPN_MAP on this case) with totally different sequence numbers.
Okay… this exhibits some severe community understanding. Combining a CSV file and a Jinja2 template collectively isn’t that removed from the code help and co-pilot use instances which have been in place for awhile—probably not that a lot of a stretch. And discovering a typo in a configuration template that’s most likely current in lots of of public Web documentation, weblog posts, and coaching examples? Additionally probably not that shocking.
However making this remaining leap associated to community structure and design… this was actually fairly shocking. I didn’t inform Bridget that every of those configurations can be deployed on particular person routers, so she fairly “nervous” that I used to be trying to deploy the configs on the identical system. And if I did that, it WOULD be a problem. Her steered resolution is affordable, although admittedly follows examples which are additionally effectively documented on the Web.
So what does this imply for us community engineers?
I used to be discussing this instance throughout Cisco Stay with some attendees, and the analogy of a “peer evaluate” was introduced up. This was a use case for AI in community engineering that I hadn’t formalized in my head but, however had been dancing round with different examples.
There’s a very actual threat of engineers utilizing AI-generated configurations “as is” of their community. This can be a unhealthy concept for a similar cause as copying and pasting code from Stackoverflow or one other untrusted Web supply. Earlier than utilizing configurations generated by Bridget or one other generative AI device, it’s important to confirm the accuracy. In any other case, you threat turning into one other sufferer to hallucinations or simply inaccuracies from overconfident AI assistants.
Nonetheless, I feel there’s actual potential in utilizing AI as a peer reviewer for configurations and different artifacts we create. Right here, WE, the community engineers, use our data, abilities, and expertise to construct an answer. Then, we ask AI to have a look and supply some suggestions, just like sending it to a co-worker, companion, or Cisco TAC.
This second-set-of-eyes use case is one which I feel engineers ought to think about making an attempt out for themselves—with a few crucial caveats:
- Test along with your firm and group’s AI insurance policies. Lots of the publicly out there AI instruments take any immediate data despatched to them and use it for future coaching and fine-tuning. Community configurations are thought of confidential for a lot of corporations as there’s a severe safety threat in sharing them publicly.
- I’d nonetheless suggest having one other “natural intelligence” evaluate any important configurations. I’m excited by the potential of AI, and we possible will get to some extent the place AI is so correct we are able to depend on it for a lot of use instances, however let’s take the sluggish strategy to get there.
Effectively, what are your ideas on this use of AI for community engineering? What different use instances are you exploring in your every day work as an engineer? Let me know within the feedback. And keep tuned for extra from me as I proceed to swim into the Synthetic Age!
PS… This weblog submit was written by me, Hank Preston, and never by Bridget or one other AI device 🙂
Join Cisco U. | Be part of the Cisco Studying Community right now without spending a dime.
Observe Cisco Studying & Certifications
X | Threads | Fb | LinkedIn | Instagram | YouTube
Use #CiscoU and #CiscoCert to hitch the dialog.
Cisco Helps Construct AI Workforce With New Expertise Certification
Navigating the Multicloud Journey with Cisco’s New Certifications [Infographic]
Share:
GIPHY App Key not set. Please check settings