Guest post by: Mathias Zimmermann, Senior Manager, Solution Architecture, Network Services, NTT Communications

AI reacts before the network goes on strike

Deep Packet Inspection monitors and filters data packets. Machine learning and AI help process information from multiple data sources to better understand specific data streams and even to detect malicious traffic. The AI assesses the data packets and connections according to whether the application is business-critical or only consumes a lot of bandwidth and can therefore be deprioritized. The AI automatically determines the DSCP value, which indicates the routing behaviour of data packets from aggressive, bandwidth-hungry applications in the event of congestion - and initiates reactions before a downtime occurs.

Silver Peak and Cisco attribute an important role to AI when it comes to automating network control. Silver Peak is already using AI at deep packet inspection. Cisco plans to expand these further, combining them with a firewall including IDS/IPS and integrating them into the SD-WAN software. The intention is to identify malware or strange behaviour in real-time and block it directly at the edge of SD-WAN appliances.

So-called 'predictive SD-WAN' can reconfigure QoS settings and reduce bandwidth for best-effort applications, thereby reserving network resources for applications with higher priority. AI will be able to better predict the impact of additional application-related real-time traffic on the network - such as blocking or reducing bandwidth for real-time video in favour of audio applications.

Capacity management will in the future be able to recognize three months in advance that bandwidth needs to be expanded. The network manager can finally take proactive action instead of just reacting and wasting time.

Hybrid WAN and AI for the best possible connection at all times

SD-WAN already dynamically connects various cloud platforms with each other. With AI, bandwidths can be proactively switched on or off so that users have the best possible connection at all times. The costs depend on the actual use of capacity.

The idea behind hybrid wide area networks (Hybrid WAN) is to decide based on the requirements - such as SLAs with guaranteed availability and latency values - whether the user should route part of their traffic via cost-effective public internet links instead of MPLS networks.

Change real-time firewall settings and protect the network 

NTT Com, for example, provides an SD-WAN with zone-based firewalls that can segment the network. Security events can be sent to NTT Com's AI-based Security Operations Center (AI-SOC) to prevent attacks through log file management and behavioural analysis. In the future, the AI-SOC can directly access the SD-WAN orchestrator, along with REST APIs, to change firewall settings in real-time and prevent malware from attacking or spreading.

NTT Global Operations Center already uses machine learning to filter out critical log data and network events for faster action. There is great opportunity to use AI to further minimize downtime of lines or network devices and to further improve the quality of prediction.