Properly hey everybody, it’s been a minute (or many) since my final weblog submit, however I’m excited to say that the key challenge I’ve been engaged on for the final 18+ months has come to a conclusion (nicely, for me no less than 😉 ) and I’m wanting ahead to investing extra time in blogs, movies, and getting again on the market.
I’ve a number of subjects I’m seeking to dive into, however getting back from Cisco Reside in Vegas final week, I figured I’d as nicely leap on the AI hype prepare, chugga chugga chugga, and share a little bit of my very own ideas on the subject.
Let me begin by saying that I’m simply starting to actually dip my toe into the AI pool. There are lots of different engineers already approach out within the deep finish, and I hope to swim out and be a part of them quickly.
Cisco Reside 2024 in Vegas was simply the compelling occasion I wanted to step down on step one (to maintain up the metaphor), and I included AI in two of my talks through the week. There was Tips on how to be a Community Engineer in an Synthetic Age within the Cisco U. Theater, an replace to my speak, “Tips on how to be a Community Engineer in a Programmable Age,” that I first delivered at Cisco Reside in 2017. After eight years, it felt slightly bittersweet to go away the programmable age behind, however thrilling to be getting into a brand new age. Synthetic Intelligence additionally made a last-minute “bonus” look in my breakout “Programmability Abilities for Engineers Who Don’t Wish to Code.”
For these talks, I spent a while considering by means of how community engineers ought to be serious about and utilizing AI proper now, and what to presumably count on for the long run. I’m not going to undergo all the main points on this weblog submit, however somewhat, I wish to focus in on one particular use case that I discovered shocking and a bit thrilling: Utilizing AI to look assessment your work. Buckle in, and let’s test it out.
Bridget takes Hank to Community Engineering Faculty
One of many examples in “Programmability Abilities for Engineers Who Don’t Wish to Code” revolves round creating IPSEC VPN configurations for routers primarily based on a configuration template and spreadsheet of knowledge. I first present the best way to use formulation throughout the spreadsheet to create the configurations, and later use Ansible and Jinja2 templates to do the identical factor.
As I used to be rehearsing the session, I questioned… Might AI do the identical work?
If I’m trustworthy, I figured it will get shut, however should be mounted/completed to be accomplished. So I crafted this immediate and despatched it to Cisco’s ChatGPT implementation referred to as “BridgeIT”.
Utilizing the info from the under CSV information,
vpn_name,tunnel_interface,side_1_public_ip,source_network,source_mask,side_2_outside,tunnel_destination,destination_network,destination_mask,preshared_key
VPN_101,GigabitEthernet0/1,203.0.113.101,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.33,172.28.11.0,0.0.0.255,ZA788I
VPN_102,GigabitEthernet0/1,203.0.113.102,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.34,172.28.12.0,0.0.0.255,AM285I
generate a configuration from every row primarily based on the under jinja2 template
! VPN {{ vpn_name }}
crypto isakmp coverage 10
encryption aes
hash sha256
authentication pre-share
group 14
crypto ipsec transform-set vpn_transform esp-aes esp-sha256-hmac
access-list 100 allow ip {{ source_network }} {{ source_mask }} {{ destination_network }} {{ destination_mask }}
crypto isakmp key {{ preshared_key }} tackle {{ tunnel_destination }}
crypto map {{ vpn_name }} 10 ipsec-isakmp
set peer {{ tunnel_destination }}
set transform-setvpn_transform
match tackle 100
interface {{ tunnel_interface }}
crypto map {{ vpn_name }}
I despatched it away and waited… and waited… and waited. However then this reply got here again:
Based mostly on the offered Jinja2 template and the CSV information, listed here are the generated configurations for every VPN:
For VPN_101:
! VPN VPN_101
crypto isakmp coverage 10
encryption aes
hash sha256
authentication pre-share
group 14
crypto ipsec transform-set vpn_transform esp-aes esp-sha256-hmac
access-list 100 allow ip 10.98.128.0 0.0.3.255 172.28.11.0 0.0.0.255
crypto isakmp key ZA788I tackle 198.51.100.33
crypto map VPN_101 10 ipsec-isakmp
set peer 198.51.100.33
set transform-set vpn_transform
match tackle 100
interface GigabitEthernet0/1
crypto map VPN_101
For VPN_102:
! VPN VPN_102
crypto isakmp coverage 10
encryption aes
hash sha256
authentication pre-share
group 14
crypto ipsec transform-set vpn_transform esp-aes esp-sha256-hmac
access-list 100 allow ip 10.98.128.0 0.0.3.255 172.28.12.0 0.0.0.255
crypto isakmp key AM285I tackle 198.51.100.34
crypto map VPN_102 10 ipsec-isakmp
set peer 198.51.100.34
set transform-set vpn_transform
match tackle 100
interface GigabitEthernet0/1
crypto map VPN_102
I used to be duly impressed. Bridget (as BridgeIT is affectionately referred to as) understood precisely what I wished and was capable of create the configurations for me completely. Rating one for our artificially clever robotic overlords.
However wait… she wasn’t accomplished. The message continued:
Please notice that there’s a typo within the Jinja2 template, particularly within the line the place it says:
set transform-setvpn_transform
There ought to be an area earlier than “vpn_transform”. Right here’s the corrected line that ought to seem within the template:
set transform-set vpn_transformOh man… I had a typo in my template? Inconceivable!!! I rapidly went and checked my immediate and the supply Jinja2 template that I copied for the immediate—a template I’ve utilized in my Ansible demo on this presentation for 2 years.
Positive sufficient, I had a typo. Whoops… boy, did I really feel embarrassed. And in the event you return and have a look at the configurations that Bridget offered to my immediate, you’ll see that she really mounted the error and despatched the right configs. Very, very nicely accomplished. Rating two and three.
However she nonetheless wasn’t accomplished…
Moreover, you would possibly face a difficulty when making use of two totally different crypto maps to the identical interface. Normally, a bodily interface solely helps one crypto map. If it is advisable assist a number of VPNs on the identical interface, you’d usually use the identical crypto map title with totally different sequence numbers for every peer.
Right here’s how one can modify the second crypto map to make use of the identical crypto map title with a distinct sequence quantity (assuming you wish to use the crypto map title VPN_MAP for each):
For VPN_102 (with a revised crypto map title and sequence quantity):
! VPN VPN_102
crypto isakmp coverage 10
encryption aes
hash sha256
authentication pre-share
group 14
crypto ipsec transform-set vpn_transform esp-aes esp-sha256-hmac
access-list 102 allow ip 10.98.128.0 0.0.3.255 172.28.12.0 0.0.0.255
crypto isakmp key AM285I tackle 198.51.100.34
crypto map VPN_MAP 20 ipsec-isakmp
set peer 198.51.100.34
set transform-set vpn_transform
match tackle 102
interface GigabitEthernet0/1
crypto map VPN_MAPDiscover that the entry listing quantity for VPN_102 has been modified to 102 to keep away from battle with the entry listing for VPN_101. The crypto map sequence quantity for VPN_102 has been set to twenty, differentiating it from the sequence quantity 10 used for VPN_101. For those who observe this method, guarantee that all of your VPNs use the identical crypto map title (VPN_MAP on this case) with totally different sequence numbers.
Okay… this exhibits some critical community understanding. Combining a CSV file and a Jinja2 template collectively isn’t that removed from the code help and co-pilot use circumstances which have been in place for awhile—not likely that a lot of a stretch. And discovering a typo in a configuration template that’s most likely current in tons of of public Web documentation, weblog posts, and coaching examples? Additionally not likely that shocking.
However making this closing leap associated to community structure and design… this was actually fairly shocking. I didn’t inform Bridget that every of those configurations could be deployed on particular person routers, so she moderately “apprehensive” that I used to be seeking to deploy the configs on the identical gadget. And if I did that, it WOULD be a difficulty. Her prompt answer is affordable, although admittedly follows examples which might be additionally nicely documented on the Web.
So what does this imply for us community engineers?
I used to be discussing this instance throughout Cisco Reside with some attendees, and the analogy of a “peer assessment” was introduced up. This was a use case for AI in community engineering that I hadn’t formalized in my head but, however had been dancing round with different examples.
There’s a very actual danger of engineers utilizing AI-generated configurations “as is” of their community. It is a unhealthy thought for a similar cause as copying and pasting code from Stackoverflow or one other untrusted Web supply. Earlier than utilizing configurations generated by Bridget or one other generative AI instrument, it’s essential to confirm the accuracy. In any other case, you danger changing into one other sufferer to hallucinations or simply inaccuracies from overconfident AI assistants.
Nonetheless, I believe there’s actual potential in utilizing AI as a peer reviewer for configurations and different artifacts we create. Right here, WE, the community engineer, use our data, abilities, and expertise to construct an answer. Then, we ask AI to have a look and supply some suggestions, just like sending it to a co-worker, accomplice, or Cisco TAC.
This second-set-of-eyes use case is one which I believe engineers ought to take into account making an attempt out for themselves—with a few crucial caveats:
- Examine together with your firm and group’s AI insurance policies. Lots of the publicly obtainable AI instruments take any immediate data despatched to them and use it for future coaching and fine-tuning. Community configurations are thought of confidential for a lot of firms as there’s a critical safety danger in sharing them publicly.
- I’d nonetheless advocate having one other “natural intelligence” assessment any essential configurations. I’m excited by the potential of AI, and we probably will get to a degree the place AI is so correct we will depend on it for a lot of use circumstances, however let’s take the sluggish method to get there.
Properly, what are your ideas on this use of AI for community engineering? What different use circumstances are you exploring in your each day work as an engineer? Let me know within the feedback. And keep tuned for extra from me as I proceed to swim into the Synthetic Age!
PS… This weblog submit was written by me, Hank Preston, and never by Bridget or one other AI instrument 🙂
Join Cisco U. | Be a part of the Cisco Studying Community right this moment totally free.
Comply with Cisco Studying & Certifications
X | Threads | Fb | LinkedIn | Instagram | YouTube
Use #CiscoU and #CiscoCert to hitch the dialog.
Cisco Helps Construct AI Workforce With New Abilities Certification
Navigating the Multicloud Journey with Cisco’s New Certifications [Infographic]
Share:
0 Comments