6.3 AI and Machine Learning in Network Operations
Key Takeaways
- Predictive AI uses historical data to forecast future network issues before they cause outages.
- Generative AI can create network configurations, documentation, and troubleshooting guides from natural language prompts.
- Machine learning improves network security by detecting anomalous traffic patterns that rule-based systems miss.
- Cisco AI Network Analytics (in DNA Center/Catalyst Center) uses ML for baseline comparison and proactive alerts.
- AI-driven automation shifts network operations from reactive troubleshooting to proactive prevention.
AI and Machine Learning in Network Operations
This topic was added in the CCNA v1.1 update (August 2024). It covers how AI and Machine Learning (ML) are being applied to network management and operations.
AI in Networking — Overview
| AI Type | What It Does | Networking Example |
|---|---|---|
| Predictive AI | Analyzes historical data to forecast future outcomes | Predict when a link will fail based on error rate trends |
| Generative AI | Creates new content (text, code, configs) from prompts | Generate an ACL configuration from a natural language description |
| Machine Learning | Learns patterns from data to make decisions | Detect anomalous traffic patterns indicating a security threat |
Predictive AI in Network Operations
Predictive AI analyzes historical network data to identify trends and forecast problems before they occur.
Use Cases
| Use Case | How Predictive AI Helps |
|---|---|
| Capacity planning | Predicts when links/devices will reach capacity based on growth trends |
| Failure prediction | Identifies devices likely to fail based on error patterns |
| Performance forecasting | Predicts latency/jitter issues during peak usage periods |
| Maintenance scheduling | Recommends optimal maintenance windows based on traffic patterns |
Example
A router's Gi0/0 interface shows increasing CRC errors over 30 days. Predictive AI:
- Identifies the upward trend in errors
- Correlates with historical patterns of cable failure
- Alerts the network engineer: "Interface Gi0/0 likely to experience link failure within 7 days"
- Recommends preventive cable replacement
Generative AI in Network Operations
Generative AI creates content from natural language inputs, reducing the need for manual configuration creation.
Use Cases
| Use Case | Example |
|---|---|
| Configuration generation | "Create an OSPF configuration for Area 0 with interfaces Gi0/0 and Gi0/1" → produces IOS commands |
| Troubleshooting assistance | "Why can't VLAN 10 reach VLAN 20?" → analyzes configs, suggests fixes |
| Documentation creation | Generates network diagrams and runbooks from device configurations |
| Policy translation | "Block social media for the guest network" → generates appropriate ACLs |
| Natural language queries | "Show me all devices with high CPU utilization" → queries monitoring tools |
Machine Learning for Network Security
ML excels at detecting patterns that rule-based systems miss:
Anomaly Detection
ML builds a baseline of normal network behavior, then alerts on deviations:
- Unusual traffic volumes at unexpected times
- New communication patterns between servers
- Unexpected protocols or port usage
- Geographic anomalies (login from unusual locations)
Threat Detection
| ML Approach | What It Detects |
|---|---|
| Supervised learning | Known attack patterns (trained on labeled data) |
| Unsupervised learning | Unknown attacks by detecting anomalies vs. baseline |
| Reinforcement learning | Optimal response actions through trial and error |
Cisco AI Network Analytics
Cisco integrates AI/ML into Catalyst Center (formerly DNA Center) for network assurance:
- AI-Driven Insights: Proactive identification of network issues
- Baseline comparison: ML learns normal network behavior and alerts on deviations
- Root cause analysis: AI correlates multiple symptoms to identify the underlying problem
- Automated remediation: Suggests or automatically applies fixes
Example: Cisco AI-Driven Troubleshooting
- Detection: ML baseline shows Wi-Fi onboarding normally takes 2 seconds; current average is 8 seconds
- Correlation: AI correlates the issue with a recent RADIUS server configuration change
- Root cause: AI identifies the RADIUS server is timing out for 802.1X authentication
- Recommendation: "Revert RADIUS server change or adjust authentication timeout"
On the Exam: This is a conceptual topic — you won't be asked to configure AI/ML. Understand the difference between predictive AI (forecasts from historical data), generative AI (creates content from prompts), and machine learning (learns patterns for anomaly detection). Know that Cisco integrates these into Catalyst Center.
Which type of AI analyzes historical network data to forecast future problems before they occur?
How does machine learning improve network security?