Today’s networks are too complex for manual network management and updates.  With most enterprises composed of tens of thousands of devices spanning multiple geographical locations, on-premises hardware, Virtual environment, and multiple clouds – it’s virtually impossible to push updates manually.   Also – the sheer volume of vendors and coding languages can be overwhelming for a network operations engineer.  In most cases learning a new language or new platform takes eight weeks to achieve basic proficiency; its not realistic to expect human skills to scale at the pace of network innovation (aka network complexity)

Fig 1. Itential Automation Example

Which is why we decided to integrate the Forward Networks platform with the industry-leading network assurance platform, Itential.  Their low-code automation platform makes it easy for network operations teams to deploy and manage multi-domain infrastructures.  Itential’s cloud-native software as a service offering provides a low-code interface that seamlessly connects to any IT system, cloud, or network technology for end-to-end closed-loop network automation and orchestration. Forward Enterprise enables network operators to deploy automated changes with the assurance that they are in compliance with network policies and won’t have any unintended side effects.

Fig 2. Closing the Loop: Automation + Verification

Forward Enterprise helps network operations engineers avoid outages through its unique mathematical model. The platform creates a digital twin of the network (across on-premises devices, private and public cloud) enabling network operators to map all possible traffic flows, instantly troubleshoot, verify intent, predict network behavior, and reduce MTTR (mean time to resolution). Itential simplifies and accelerates the deployment and management of multi-domain network infrastructure. Both platforms support major network equipment vendors and AWS, Azure, and Google Cloud platforms.

Fig 3. Automate Service Provisioning with Forward Networks and Itential

The Closed Loop Automation process enabled by the integration of Forward Networks Platform and Itential Automation Platform (IAP) acts as a safeguard to prevent any issues from becoming pervasive following a change window.  Using the pre-built automations, templates, form builder, automation builder within Automation Studio makes it easy for network operations engineers to build an automation catalog that enables changes at scale.  By using the API integration with Forward Networks, they can verify routing, add intent checks, verify new service connectivity, check for side effects and send notifications and verifications via Slack, Microsoft Teams, Cisco WebEX, and email.  Integration with change management systems including ServiceNow and Jira ensure everyone is working from a single source of truth and expedites collaboration. In the event of an issue, the diff check functionality within the Forward Networks platform makes it easy to pinpoint which changes are causing any unplanned behavior.

For more detail on how the integration works, please view our ONUG Spring 2021 session.

If you wait long enough, as any good procrastinator knows, tasks sometimes drop off your to-do list on their own. Maybe a deadline has passed. Maybe your employer has changed direction or shifted priorities. Or maybe new technology has rendered the undertaking obsolete.

If you’re an IT administrator who’s been putting off learning Python to help automate tedious network checks, then that last reason just might apply to you. So hold off plunking down the deposit for that online class. Again.

Here’s why: Forward Networks has built its Network Query Engine, or NQE, right into its Forward Enterprise platform. Which means you can now write and execute queries in minutes. Without Python – or any other programming language, for that matter.

To write a query in the app, all you need to do is follow this basic, three-step process:

Continue reading...

Read more about Forward


Network Query Engine (NQE) is my favorite Forward Enterprise feature and is one of the reasons why I decided to join Forward Networks. After working on Network Programmability and Automation for years, the idea of a single platform able to provide network device data, fully parsed, normalized, structured in OpenConfig-like format, across switches, routers, firewalls, and load balancers from different vendors, on-prem and in the cloud was (and still is!!) mind-blowing.

Based on my experience, vendors devote massive effort to provide native and OpenConfig YANG data models over common device APIs (e.g. NETCONF and RESTCONF) for the main network OSes. I doubt we’ll see any device APIs for legacy platforms from any networking vendor…ever. This inconsistency in the data formats and protocols creates a complexity that, more often than not, leads network automation projects to inevitable failure.

So, how can customers have all the benefits of structured data and device APIs and eliminate the inconsistency issues? Unless I’ve missed a recent announcement (and I’m pretty sure I’ve not), there is no networking vendor able to provide such a platform (or capability or functionality). The only option available is to rely on a solution like NQE.

With NQE customers can easily develop scripts applications to perform sanity checks or to display information across the entire fleet of devices in their network in a matter of minutes.

It’s an awesome solution for customers with development skills and a good knowledge of JSON format and YANG data models. Those skills are pretty common in DevOps or NetDevOps teams, but what if the customer doesn’t have those skills or they want to avoid building and maintaining those scripts/applications?

The answer is pretty easy, and it’s called… In-App NQE Checks!

In-App NQE Checks augments NQE by enabling customers to create custom verification checks, using the NQE data model, directly in the Forward Enterprise browser-based interface. No development skills needed, no scripts to build and maintain, just a simple and intuitive 3 step process:

  1. Explore the Data Model
  2. Create the Check
  3. Execute the Check and Save

The NQE Data Model can be explored using the built-in data model explorer that helps users find the relevant fields needed for the check, as shown in the picture below:

Fig 1. NQE Data Model explorer

The Check queries for violations uses 3 simple constructs, foreachwhere and select (sounds familiar, right?) and the violations will form the failure diagnosis.

If no violations are found, the check will pass.

The picture below shows a check that queries for interfaces with administrative status UP but with operational status other than UP– a fairly common scenario operators often need to monitor to validate the links’ health.

Fig 2. In-App NQE Check Example

This video shows the process needed to create and save the check described above.

Have you noticed how long is the query? 

Fig 3. In-App Check example

It’s a 9-line script for easy readability, but it’s essentially only 4 lines!

You can find some simple query examples like the one in the video as well as the Documentation in the tabs close to the data model.

Fig 4. Documentation and Examples

Moving forward, we’ll add more examples in the GUI but what we’re most excited about is building a knowledge base of useful checks shared with our customers and partners.

We’ve created a new dedicated In App NQE Checks examples repository on GitHub. It currently includes an initial list of examples and it’s waiting for your contribution ☺

Fig 5. In-App NQE Checks Examples repository

In summary, we did it again! We took something already amazing like NQE and we brought it to the next level with In-App NQE Checks. Now it’s your time to contribute!

Further reading:

In-App NQE Checks @ Tech Field Day 21:

NQE repositories in GitHub:

NQE presentation @ ONF Sep 2019:

Top cross