arrow down
Arrow down
Arrow down
Arrow down

Natural language prompts put the power of NQE into the hands of every networking engineer

As featured in Network World, Forward Networks has raised the bar for network digital twin technology with AI Assist. This groundbreaking addition empowers NetOps, SecOps, and CloudOps professionals to harness the comprehensive insights of NQE through natural language prompts to quickly resolve complex network issues.

See the feature in action.

AI Assist: Transforming Network Operations:

Recognizing the persistent challenges faced by engineers in accessing hybrid, multi-cloud network data amid vendor diversity and network complexity, Forward Networks introduced AI Assist, available today as part of release 24.1. The new feature facilitates Network Query Engine (NQE) searches using natural language prompts, allowing engineers of varying skill levels to conduct sophisticated network queries with a minimal learning curve. The feature also generates natural language explanations for queries, fostering improved collaboration and understanding within teams.

Building on the Industry’s Most Comprehensive Networking Data Library:

Leveraging its extensive NQE library, the capability will be continuously improved through use. A world-class networking large language model (LLM) combined with the industry’s most comprehensive network digital twin delivers the AI outcomes that users can trust.

Learn more about Forward Networks’ AI implementation at

Your network, security, and cloud teams spend a lot of time and energy trying to extract timely insights from your enterprise network data, so your organization stays on top of risks and continually improves network performance. But what if they could quickly search your network environment like a database to better understand everything in it — and whether those objects were operating as they should?

Forward Networks’ Network Query Engine (NQE) not only makes that possible — but also easy. NQE is a unique, user-friendly, end-to-end experience in the Forward Enterprise platform, and it’s a powerful tool for surfacing your network data gold, so you can use it to your advantage. The insights you can bring to light with NQE can help you make more informed decisions to improve the health, functionality, and security of your enterprise network environment, including your hybrid and multi-cloud environments.

We developed NQE a few years ago in response to requests from our customers who wanted to do more with the configuration and state data that our platform collects, parses, and normalizes. NQE provides an open platform for accessing structured data about your enterprise network as human-readable, JavaScript Object Notation (JSON) data in a fully parsed form. By structuring and normalizing this data, NQE makes it actionable for your entire IT team — as well as for other key stakeholders in your IT organization who need quick answers about network behavior, security, and more.

NQE query results can be turned into verification checks that the Forward Enterprise platform runs with every snapshot it takes of network configurations and device state, so you can monitor trends over time. Importantly, once NQE queries are written, they will continue to perform as the network changes and ages. (NQE also integrates with data about your network that you already have!) 

This Thursday, July 28th at 11am PT, Dr. Andreas Voellmy, the inventor of NQE himself, will be discussing how NQE is used to automate design validation, inform decision-making with accurate inventory, and proactively check for misconfigurations to prevent incidents. Register for Dr. Voellmy’s talk here!

If you’d like to learn more about NQE — including why it’s unique and the many benefits of using it for your business — check out our new white paper, Make the Impossible Possible With Forward Networks’ Network Query Engine (NQE). It includes real-world use cases that highlight the bottom-line business value that organizations are realizing by using Forward Networks’ NQE. (For one of these companies, that value was over $6 million in savings from identifying and eliminating unnecessary IT costs!)

When you’re ready to see for yourself how the NQE feature included in the Forward Enterprise platform can help you surface your enterprise network data gold faster while easing the workload burden on your teams, you can schedule a demo.

We just released our 22.5 Release to Forward Enterprise and boy what a surprise to have our NQE external data sources finally ready to show the world.

Very simply, this allows you to pull in data from external HTTP sources (currently we support HTTP GET) and automagically model the data in our data model explorer and our integrated development environment.

To enable this you simply need to add the resource endpoints for the HTTP API of the data you are interested in. i.e. /api/dcim/sites, configure the authentication if required and you are ready to collect.

Once you run our collection framework we will pull all of this information into our already extensive data model.

All the data available from the external resource definition is modeled in our platform and can be used to build custom evaluations across external/internal resources and unify multiple data sources into a representation that can be consumed from external systems.

Our import includes a type inference capability to determine if values can be elevated from String, Number to more specific types such as IPAddress.

Once we have added our external resource endpoints. We can run our collection to pull the external data into our platform as a JSON encoded file.

Building out our custom integration layer

Now that we have the data, we compose queries using our rich IDE capabilities. Below you can see our code completion displays all the available collections under the NetBox external source.

Because NQE is an extensible query language we can join two or more collections together by simply binding common fields leveraging the where clause.

The two where clauses in lines 8 and 9 below join the existing Forward Enterprise device collection with the NetBox devices inventory as well as joining the NetBox devices collection with sites collection allowing us to create a composite output of three independent data sources.

The final query below combines data from these three sources allowing us to take the device name, site name and manufacturer from the NetBox devices collection, Site address from the sites collection, and interface IP addresses from Forward Enterprise Data model to produce an aggregate report.

Below is the output from our IDE but you can also export this data to an Excel spreadsheet for offline review.

Hold on to your hat!, Now that we have our query committed in the NQE Library, it automatically becomes available as a custom API endpoint. Now any external systems can make a simple REST call providing just the unique queryId, (think of this like a SQL Stored Procedure) to the /api/nqe endpoint and you get back the data in JSON!

In the below example, we create an Ansible module to call the NQE API interface as a task so it can be combined with additional workflows.


With about 20 lines of code you can build an API aggregation layer for network information combining external data sources with the rich database of network configuration and state available in the Forward Enterprise platform.

Thanks to Andreas Voellmy and his team for building NQE and continuously adding these great features for our customers to leverage.

Here at Forward Networks our mission is to "Transform networks to be agile, predictable and secure" and now with external data sources we have another arrow in our quiver to accomplish that.

Way more to come.

Come check us out.

The cloud offers agility and speed for DevOps teams. Being able to spin up environments and create applications in a fraction of the time previously required helps organizations launch new capabilities for customers, employees, and vendors quickly. For most companies, this means reduced time to market and the ability to recognize revenue faster.

IT teams recognize the benefits of a DevOps culture, but they also know that by their very nature, new applications are prone to security errors that can put the business at risk. So, they require a security review prior to pushing new applications live. Nobody would argue with the need to ensure security compliance; however, most people would also agree that slowing down the process of launching new applications is not ideal. Companies today cannot afford to choose between speed and security — nor do they need to.

The only way to effectively address this issue is to automate the process of verifying the connectivity and security posture of cloud applications. Without automation, your IT teams cannot keep up with the demand to prove compliance for the rapidly growing volume of cloud applications.

The verification feature within the Forward Enterprise platform enables automated compliance checks for new applications in hybrid and multi-cloud environments. Developers are notified of the required changes if there's an issue, and compliant apps can be provisioned automatically with confidence. The intent and Network Query Engine (NQE) check feature also lets you continuously audit cloud configurations to prevent real-time changes from diluting security policy. If a non-compliant change is detected, the appropriate teams will receive specific, actionable data as to what the issue is and why it’s happening, enabling rapid resolution.

The ability to automate security for cloud app provisioning is just one of many powerful features in the Forward Enterprise platform that can help your organization reduce risk and enforce critical security policies as you deploy new cloud apps or migrate on-prem apps to the cloud. To learn more about how Forward Networks can help your business take the security and compliance guesswork out of cloud application deployment for good, read this use case or join our educational webinar.

Today's enterprise IT teams are well acquainted with the pressures of ensuring network security, while also managing the time it takes to do so. The recent experience of one multinational technology company perfectly illustrates how Networks Query Engine (NQE) can be used to quickly and effectively bolster network security.

As with most companies, this company's IT team was asked on a regular basis to locate IP addresses in the network. While some of these queries are more general in nature, others stem directly from concerns over network security.

For instance, IT might learn that a particular host isn't supposed to be on the network. Or someone might raise a red flag after seeing a tablet logged into another machine. Regardless of the cause, however, it's imperative that IT quickly locate and isolate potentially dangerous IP addresses.

Traditionally, the process of doing so has taken anywhere from a few minutes up to as long as 20 minutes. And if there's anything that enterprise IT teams agree upon, it's the need to reduce time-intensive projects.

According to one recent study, 72 percent of technology professionals say the shift to support remote work – whether fully remote or hybrid – has created additional work for IT departments, as they struggle to support employees in multiple locations. Furthermore, a quarter of the IT workforce is either looking for a new role, changing jobs or switching careers in 2022.

Not surprisingly, 97 percent of IT professionals cite feeling burned out as the primary driver for leaving the field and/or finding a new company. That burnout is driven by increasing demands from employers and other stakeholders – and many of those demands stem from unplanned interruptions like the need to locate an IP address.

In this particular case, the enterprise IT team found that by utilizing NQE to locate an IP address, they were also able to find the associated advertised subnet. Likewise, they quickly found the upstream layer 3 distribution switch and its associated media access control (MAC) address, enabling them to pull the associated virtual LAN and access the specific switch that's being used by a specific device.

Moreover, using NQE to locate the IP address reduced the amount of time needed to do so to just a matter of seconds vs hours or days of manual work. This frees the IT team to work on more strategic projects and eliminates a mind-numbing task that contributes to burnout.

Learn more about how you can use NQE to solve common IT tasks by scheduling a demo today. Be sure to read our other blogs in this series about how Forward Networks is impacting enterprise networks around the world, including The Show Must Go On: NQE Helps Entertainment Venue Avoid 'Spectacular Customer Service Fail.'

When Heraclitus wrote in the 6th Century that the only constant is change, he had no way of knowing just how apt his words would prove for contemporary enterprises.

Consider, for instance, the effect that the Great Resignation has had on enterprises. In 2021 alone, almost 4 million workers quit their jobs per month – the highest yearly average record of all time for employee turnover. Meanwhile, the number of mergers and acquisitions (M&A) in the United States alone totaled more than $2.6 trillion – again, the largest year for M&A activity on record.

Without question, these global events have significantly impacted enterprise IT teams. Companies that have undergone mergers, hired new IT staff, or otherwise made adjustments that impact the enterprise network face a common challenge: understanding what's on the network, why it's there, whether it's needed, and what can be changed to drive savings.

Several such companies have used the dynamic inventory capability of Network Query Engine (NQE) to answer those questions.

Traditionally, enterprise IT teams have relied upon spreadsheets to track information about the different hardware and software on the network. However, that manual system has always been problematic because it depends upon people updating those spreadsheets with accurate information.

But as enterprise IT teams have undergone massive upheaval since the beginning of the pandemic, those manual processes have proven completely ineffective – especially for companies that have undergone mergers or had significant turnover in IT staff.

NQE's dynamic inventory overcomes those challenges by enabling IT teams to immediately see everything that's on the network from a single dashboard. NQE's dynamic inventory enables users to see granular details (e.g., configurations, state, interfaces, counters, power supply serial number, module firmware rev, etc.) for the network.

For instance, users can quickly identify devices on the network that need software updates. Likewise, if you're replacing certain pieces of network equipment, dynamic inventory enables you to find that equipment in a matter of seconds. Dynamic inventory also enables IT teams to better secure the network by quickly identifying end-of-life devices and ensuring that code is updated and less vulnerable to attacks. Network planners can also quickly produce a report of network inventory with serial numbers and use it for support contract negotiations.

Forward Networks has worked with several companies that have used dynamic inventory in NQE with great success. In one case, two companies that merged used it to visualize the combined network and make the transition faster and smoother than it would have been otherwise.

We recently published a blog that describes how one company used rapid insights on NQE to achieve $6 million in savings. Let us show you how to use NQE for dynamic inventory with a free demo today.

NQE Helps Entertainment Venue Avoid 'Spectacular Customer Service Fail'

As any company that specializes in live entertainment knows, you're only as good as your last success. In fact, most entertainment venues are well aware that the difference between good and bad press attention often comes down to something as simple as whether a single bulb lights up at the right second.

Proper maintenance for such venues is so vital, in fact, that the International Association of Amusement Parks and Attractions (IAAPA) says ride and attraction maintenance is the second-highest expense they face – with only employee payroll costing more. The average cost of an attraction “going down” is $100K per hour, not including the impacts of negative press.

However, as one such entertainment venue recently discovered, it's not only vital to ensure that the proverbial light bulb is turned on at the right second, it's just as important to ensure that backup systems work properly should a failsafe become necessary.

One network engineer who works in infrastructure operations and service delivery with such a venue recently encountered this situation when his team was tasked with verifying the network design. Traditionally, his team has had to assign several engineers to manually verify the integrity of designs for rides and attractions – a process of logging into network devices and visually reviewing configurations. Not surprisingly, that process can eat up hours of effort, and it's not unusual for problems to be overlooked.

By utilizing Forward Networks' NQE checks for design verification, however, his team reduced the process to less than five minutes, creating massive savings in terms of labor and time. But most importantly, NQE checks enabled the team to validate circuit redundancy and identify missing links. Had the primary circuits or links failed during a live show, the redundant circuits or links would not have kicked in to keep the show running smoothly – or at all.

"It was a problem we didn't even know we had, and we weren't even looking for it," he said. "If we hadn't run these checks on NQE, any failover scenario we might have had would have been unsuccessful, causing massive segments of the show to go down. We avoided an outage that would have been impossible to calculate by preventing a spectacular customer service fail."

That experience led him to expand the use of NQE with Forward Enterprise during the company's biannual Power Redundancy Drills. During these events, the venue effectively kills the commercial power feeds to different areas of the park to ensure that UPS, battery strings, and backup diesel generators function properly. Prior to doing so, the IT team is tasked with verifying the operational state of all network devices that will be affected, including verifying device states while they're on backup power and when commercial power is restored.

Traditionally, these processes have been completely manual, requiring considerable time and personnel resources. When a device fails to come back online or enters a "hung" state, the team is forced to deploy “boots on the ground” to conduct a building-by-building, closet-by-closet hunt to visually inspect the physical devices.

"Leveraging Forward Enterprise and NQE enables us to quickly identify any network device that doesn't come back in the proper operational state within minutes," he said. "In the event that we have to direct our technicians to physically inspect a network device, we can do so with far greater precision and minimize – if not entirely eliminate – the need to hunt for a failed element. This is a game-changer for our team."

To learn more about how you can use Forward Networks to simplify network operations, schedule a demo today. Be sure to read our other blogs in this series about how Forward Networks is impacting enterprise networks around the world, including UNDER PRESSURE: Enterprise IT Teams Use NQE To Reduce Time-Intensive Processes.

Did you hear about the change window that went exactly as planned? No? That’s because the odds of winning the PowerBall without buying a ticket are better than the odds of executing a change window on a global network without a glitch. 

What about the story of the tier one network engineer that diagnosed and resolved an ACL in seconds? That one also seems as mythical as staying friends with your ex—but it’s not. 

Instead of telling you the story, I want to show you how it’s done, which is why I recently hosted a workshop showcasing how we use search and intent verification within the Forward Networks Platform to tame ACLs (Access Control Lists). 

I’ve spent untold hours trying to troubleshoot an ACL issue after a change window and that was on a network I’d been running for decades, for tier-one admin, or even a more advanced engineer working on a new (or newly blended) network, it’s like trying to find a needle in a haystack while wearing a blindfold and being chased by rabid badgers.

On the face of it, the process for resolving ACL issues is pretty straightforward:

  1. Determine where your ACLs are running (which interfaces)
  2. Locate the ACL creating the issue
  3. Analyze the ACL to find the problem and resolve the issue

Except—networks have evolved over decades and include tens of thousands of devices from dozens of vendors and cloud providers running billions of lines of config. The fact is network complexity is outpacing IT support capabilities. Today, nothing about running a global network is straightforward without a comprehensive understanding of the network’s behavior and detailed visualization of traffic paths. 

Managing ACLs  shouldn’t be that hard

At Forward Networks, we think that the hard stuff should be easy, so we’ve done something unique. We developed a mathematical model that creates a network digital twin with Google-like search capabilities. By collecting and analyzing device state and packet forwarding data over time, we provide more than network visualization – we put the humans back in control of the network by providing them synthesized, actionable insights around network behavior. 

The Morning After the Change Window Before

The call comes in—a user can’t access an application – or worse, unauthorized users are accessing a secure app. What to do?  The network team always gets the call first, but the firewall tribe and security squad were also making changes – so how do you know which change created the problem?

The Forward Networks Platform (which functions as SaaS or be loaded onto an on-site VM) collects snapshots of the network over time including state data (ARP tables, route tables, interface tables, and so on) to develop a behavioral model of the network, providing detailed information on how packets are forwarded, filtered, and mutated. The end result is not only detailed visualization of the network but also advanced behavior modeling. For the ACL workshop, I focused on two ways to solve the issue, search and intent verification.

Search Two Ways: Text and Behavioral Path

Wouldn’t it be great if your network was indexed the same way the Internet is, and you could search it as easily as using Google? Ima ‘bout to rock your world by doing it right in front of your eyes.

Maybe you only know the IP address of a device that’s misbehaving. Our text search bar lets you enter that IP address (or any other atomic network information) and instantly gives you everything you need to know about that device (including which ACL rules/policies are applied to it). Maybe you want to search by ACL names—you can do that as well, and the platform returns config information with the ACL-related lines highlighted. This is ridiculously helpful when firewall configs have tens of thousands of lines. Now, even Tier-one support engineers can diagnose the problem and route it to the correct team with the context they need to immediately resolve the issue—no more searching manuals or paging through thousands of lines of config. 

By conducting a behavioral path search from the Internet to a specific application, you can see the exact path(s) traffic takes to the application in blue.  The gray lines denote detailed information about what happens to the packets as they flow through the network and the functions that are applied to them which is explained in the path’s pane. The platform serves up the relevant information without the network admin having to know details about the firewall or its syntax. The search shown above tells us that there is a path, and helps us easily identify that there are issues are with the firewall config, saving tons of time (conversely, it would tell us if the network path is broken). 

Behavioral searches can be saved as expected behaviors (intents) so that anytime the platform gathers information about the network, it will confirm that path is working as expected. In the workshop, I show how this function also can be used to verify if the “fix” applied by our friends in the tribe of firewall worked as expected (spoiler—it didn’t but network operations saves the day) without any risk to the production network, by using the predictive capabilities of the platform within the network digital twin. 

NQE – Your ACL management BFF 

In-App NQE (Network Query Engine), checks the data collected from the network and looks for states in the network that should (or should not) exist. For instance, an NQE Check can look for ACLs that are defined on a device but not applied to an interface. Custom checks can be written from inside the browser using syntax within the browser. There’s nothing to download; all of the reference information such as the data model and documentation is available within the browser window. This is a much better way to roll than my days of custom coding queries trying to pull information from the dozens of tabs I’ve opened to write code in the past. 

Sound interesting?  Watch the full ACL workshop (30 minutes of live-demo content). We host Forward Fix Live every month – On April 21, 2020 we’re going to dive deeper into one of our most popular features—NQE. There are two sessions, so no matter what time zone you are in! one for the East Coast and one

April 21, 2021 10:00 a.m. Eastern Time

April 21, 2021 10:00 a.m. Pacific Time

Only have a few minutes but you want to see more content by engineers for engineers?  Check out our YouTube playlist Forward Fixes – no hype, just actionable information, in roughly five-minute chunks. 

In network operations, it’s never the same day twice.

Most network engineers love this aspect, but it has a dark side. The best plans often fall to the wayside—in an instant work stops and firefighting begins.

In the last year, I’ve been part of a whole-day colo move, diagnosed an outage in the middle of the night, and resolved a slow performance issue. I know what the networking operations experience is like, and I know how much better it can be. 

Enabling others to solve every network problem at “global enterprise-scale”—faster and with more confidence is… let’s just say, very motivating. Especially when the networks are composed of multiple clouds, tens of thousands of devices, and are managed by multiple operations teams. I think about it like this:

If network behavior and insights were instantly available, you could speed up pretty much every network operations or engineering task.

In over seven years, I haven’t come across anyone who disagrees!  Everyone who has personally felt the stress of an outage, wasted a week tracking down a problem that ultimately was outside the network, or even spent too long with a simple ticket, doesn’t just agree—they feel it.

People in network operations and engineering wonder—is this even possible. The first questions are always of the “does it really work,” “how long will it take to set up,” “how much risk does it add,” and “can my team use it” variety. Not only do I hear these questions—I ask them of my vendors. Yes, it’s possible; we’ve been doing it at full scale for lots of companies you know, including Goldman Sachs for years.

Network operators and engineers don’t just need to see it to believe it. They need to deploy it, use it, and then have their coworkers use it, to believe it. 

The first step is seeing it. We joined Networking Field Day 24 to show what a day in a network operations professional’s life using the Forward Enterprise Platform looks like, from unboxing to integrations—covering killer use cases between. Instead of death-by-PPT, our field engineers, the technical experts who work side-by-side with our users to deploy Forward Enterprise, gave live demos and took questions. To make it easy for you to find content that’s relevant, we chunked it into short segments.

If the potential of instant network insight excites you—and you think maybe, just maybe—more time in the day could enable your team to be more proactive—then I’d like you to pick one thing you’ve recently had to spend time on, and check out the corresponding video below.

With the hands of our field team driving this, you’ll see what it’s like with the Forward Enterprise Platform. And if that passes your sniff test, as it’s done for many Fortune 500 enterprises already—reach out and schedule a personal demo. We’ll answer your toughest questions. We want to!

In fact, I dare you to pick one task from the list below that you or your team have done recently, and show me why instant access to info and insights WOULD NOT transform the speed of that task, and get your team on a path to faster, more proactive operations. 

Here’s what we covered, over a complete “day in the life”:

Unboxing to Up-to-Date, Searchable Network Model—15 minutes to Insight

Knowing the network topology’s detailed state is the first step in ensuring that your network is agile, predictable, and secure. Watch our Technical Solutions Architecture team leader, Elyor Khakimov, create a usable map and comprehensive collection of network data in less than 15 minutes without disrupting the network.

Path Analysis—Using Automation to Combat Complexity

After spending 20 years in the field helping network operations teams resolve issues, Technical Solution Architect Glen Turner knows that immediate access to actionable network behavior information is key to solving complex problems quickly. In this live demo, watch Glen use the search functionality within the Forward Networks Platform to analyze paths and reduce time spent troubleshooting to the seconds it takes him to type in a query into a search bar. 

Security Breach—Going back in time to resolve a leak

Need to find and resolve a data-leak issue but don’t have hours to do it? Armed with only four MAC address characters and the Forward Enterprise search bar, Senior Technical Solution Architect Scot Wilson shows how he’s used the Forward Networks platform to do it in four steps and under 10 minutes.

Audit—Search Billions of Lines of Config in Seconds

A simple typo caused a major network outage. The Forward Networks Network Query Engine (NQE) ‘s Google-like search capabilities helped resolve the issue in seconds – not hours. Customer Success Manager Jack Shen demonstrates how he did it and how NQE makes audits faster and more accurate.

Workflow Integrations—Solve Problems Faster by Getting the Right Data to the Right People

Without context, even the best applications only partially streamline ticket resolution. Senior Technical Solutions Architect Kevin Kuhls takes you through a live demonstration of our ServiceNow and Splunk integrations to show how quickly incidents can be resolved when context is automatically shared. 

Do you want to see more content by engineers for engineers and have only 5 minutes?  Check out our YouTube playlist Forward Fixes – no hype, just actionable information, in roughly five-minute chunks.

Still skeptical? I get it, and I challenge you to put us to the test, request a demo and give us your toughest challenges.

Here we are with yet another blog on the Forward Network Query Engine (or NQE for short).

If you have been reading our previous blogs on this topic, you already know how passionate I am about NQE.

In my first blog Query Your Network like a Database, I talked about how NQE helps to solve common challenges in network automation when it comes to retrieving network device configuration and state to verify the network posture, especially in large networks comprised of many different vendors, technologies, spread across on-prem and cloud deployments.

In a subsequent blog, In-App NQE Checks Examples Now Available on GitHub I described how In-App NQE Checks helps build network verification checks based on the NQE data entirely in the Forward Enterprise user interface, and I’ve introduced a GitHub repository with some examples.

If you haven’t read those blogs and you are not familiar with NQE, well, you might want to do some reading on the topic before coming back here 🙂 

Still (or back) here? Great!

In this blog, I’m going to talk about a big improvement we have made in our latest release, the NQE Library.

Many of our customers are enthusiastic about In-App NQE Checks. They say it’s very easy to find violations to their network intent using the intuitive language, the built-in documentation, data model schema based on OpenConfig, the provided examples, and so on.

As it frequently happens, the more customers use a product extensively, the more use cases come up.

One of the use cases that came up from several NQE users has been:

“In some scenarios, we are not looking for violations [yet] but network insights instead.
Can we do that with NQE?”

Now you can with the NQE Library!

At a very high level, we have decoupled the NQE queries from the NQE Checks to enable the new use case (find network insights) while preserving the original use case (find network violations).

In a nutshell, the NQE Library allows you to easily create and organize collections of NQE queries.

The NQE Library workflow consists of the following steps:

  1. Create a query
  2. Commit it
  3. Use it in Verify optional

As shown in the NQE Library page below:

Fig 1. NQE Library Workflow

Create a query

To simplify the creation of NQE queries we have built the NQE Integrated Development Environment (IDE).

Fig 2. NQE Integrated Development Environment (IDE)

It consists of 4 different panes:

All the panes are collapsable and resizable to allow you to manage the screen space more efficiently.

If you are familiar with the IDE we built for the In-App NQE checks you will notice that the biggest difference is the introduction of the Files pane to organize the queries.

The easiest way to get started is by using one of the examples in the Help pane.

For instance, the first check can be used to find every interface whose admin status is UP but operational status is not UP.

The query iterates through all interfaces on all devices of any vendor and returns the device name, the interface name, the admin state,  the operational state, and finally, the violation field is set to true if the admin state is UP but the operational state is down for the given interface.

Fig 3. Edit query

Simply copy the example of your choice by clicking on the Copy query icon, paste it in the Editor pane and optionally click on Prettify to properly align all the lines in the query to make it more readable.

The NQE Editor supports many useful features like auto-completionauto-save and, automatic error fix suggestions based on the Data Model among the others.

When you are done editing a query, select the Network and Snapshot you want to run the NQE query against and click on Calculate to see the query result.

Fig 4. Query results

Commit it

All the changes made to a query are automatically saved but they are visible only to you in the NQE Library application.

You need to commit the NQE query to make them available to everybody in your organization as well as to be used as NQE Verification Checks.

Fig 5. Commit a query

Use It In Verify

A quick refresh on NQE Verification Checks: they are formulated as queries for violations.

If the query finds no violations, then the check passes. If the query finds violations, the check is marked as failed, and the identified violations form the failure diagnosis.

By default, all the NQE queries published in the NQE library are disabled (inactive state) in the Verify NQE page.

To turn an NQE query in an NQE Verification Check, simply enable it by clicking on the toggle button on the left side of the query.

Fig 6. NQE Verification Checks in the Verify application

If the NQE Verification Checks fails, you can see the violations as well as the queries by clicking on the Failed status link.

Fig 7. NQE Checks result

In a networking world that is moving at a steady pace toward network automation and network-as-code, versioning of code, configuration, intent, etc. has become a prerequisite for adoption. The same concept applies to NQE queries. 

Every time an NQE query is modified and published, a new version of the query is made available in the Verify NQE application. You can select a specific version or always run the latest version available via the Version used option:

Fig 8. Query versioning

I always try to stay away from product roadmaps in customer-facing publications but…rest assured this is not the last time you are going to see a blog on NQE, so stay tuned!

In the meantime, check this demo video out and happy querying with the Forward NQE Library!

Top cross