An Artificially Clever Peer Reviewer Arrives

0
9

[ad_1]

Smartly hi everybody, it’s been a minute (or many) since my final weblog publish, however I’m excited to mention that the key challenge I’ve been running on for the final 18+ months has come to a conclusion (neatly, for me no less than 😉 ) and I’m taking a look ahead to making an investment extra time in blogs, movies, and getting again in the market.

I’ve a number of subjects I’m taking a look to dive into, however getting back from Cisco Reside in Vegas final week, I figured I would possibly as neatly soar at the AI hype teach, chugga chugga chugga, and proportion somewhat of my very own ideas at the matter.

The Ages of Networking
Welcome to The Synthetic Generation, the most recent AGE of networking.

Let me get started through announcing that I’m simply starting to in point of fact dip my toe into the AI pool. There are lots of different engineers already method out within the deep finish, and I am hoping to swim out and sign up for them quickly.

Cisco Reside 2024 in Vegas used to be simply the compelling tournament I had to step down on step one (to maintain the metaphor), and I incorporated AI in two of my talks all over the week. There used to be How you can be a Community Engineer in an Synthetic Age within the Cisco U. Theater, an replace to my communicate, “How you can be a Community Engineer in a Programmable Age,” that I first delivered at Cisco Reside in 2017. After 8 years, it felt a little bit bittersweet to depart the programmable age in the back of, however thrilling to be getting into a brand new age. Synthetic Intelligence additionally made a last-minute “bonus” look in my breakout “Programmability Abilities for Engineers Who Don’t Wish to Code.”

For those talks, I spent a while pondering via how community engineers must be enthusiastic about and the use of AI at the moment, and what to perhaps be expecting for the long run. I’m now not going to head via the entire main points on this weblog publish, however fairly, I wish to center of attention in on one particular use case that I discovered unexpected and somewhat thrilling: The use of AI to look assessment your paintings. Buckle in, and let’s test it out.

Mr Packets prevents Carl from making a network configuration error

Bridget takes Hank to Community Engineering Faculty

One of the vital examples in “Programmability Abilities for Engineers Who Don’t Wish to Code” revolves round developing IPSEC VPN configurations for routers in keeping with a configuration template and spreadsheet of information.  I first display methods to use formulation inside the spreadsheet to create the configurations, and later use Ansible and Jinja2 templates to do the similar factor.

Slides from Cisco Live illustrating Excel and Ansible options for configuration creation.

As I used to be rehearsing the consultation, I questioned… May just AI do the similar paintings?

If I’m fair, I figured it might get shut, however want to be mounted/completed to be carried out.  So I crafted this instructed and despatched it to Cisco’s ChatGPT implementation referred to as “BridgeIT”.

The use of the knowledge from the beneath CSV information,


vpn_name,tunnel_interface,side_1_public_ip,source_network,source_mask,side_2_outside,tunnel_destination,destination_network,destination_mask,preshared_key
VPN_101,GigabitEthernet0/1,203.0.113.101,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.33,172.28.11.0,0.0.0.255,ZA788I
VPN_102,GigabitEthernet0/1,203.0.113.102,10.98.128.0,0.0.3.255,GigabitEthernet1/1,198.51.100.34,172.28.12.0,0.0.0.255,AM285I

generate a configuration from each and every row in keeping with the beneath jinja2 template


! VPN {{ vpn_name }}
crypto isakmp coverage 10
 encryption aes
 hash sha256
 authentication pre-share
 team 14 

crypto ipsec transform-set vpn_transform esp-aes esp-sha256-hmac

access-list 100 allow ip {{ source_network }} {{ source_mask }} {{ destination_network }} {{ destination_mask }}

crypto isakmp key {{ preshared_key }} cope with {{ tunnel_destination }}

crypto map {{ vpn_name }} 10 ipsec-isakmp
 set peer {{ tunnel_destination }} 
 set transform-setvpn_transform 
 fit cope with 100

interface {{ tunnel_interface }} 
 crypto map {{ vpn_name }}

I despatched it away and waited… and waited… and waited.  However then this answer got here again:

According to the supplied Jinja2 template and the CSV information, listed below are the generated configurations for each and every VPN:

For VPN_101:

! VPN VPN_101
crypto isakmp coverage 10
    encryption aes
    hash sha256
    authentication pre-share
    team 14

crypto ipsec transform-set vpn_transform esp-aes esp-sha256-hmac

access-list 100 allow ip 10.98.128.0 0.0.3.255 172.28.11.0 0.0.0.255

crypto isakmp key ZA788I cope with 198.51.100.33

crypto map VPN_101 10 ipsec-isakmp
    set peer 198.51.100.33
    set transform-set vpn_transform
    fit cope with 100

interface GigabitEthernet0/1
    crypto map VPN_101

For VPN_102:

! VPN VPN_102
crypto isakmp coverage 10
    encryption aes
    hash sha256
    authentication pre-share
    team 14

crypto ipsec transform-set vpn_transform esp-aes esp-sha256-hmac

access-list 100 allow ip 10.98.128.0 0.0.3.255 172.28.12.0 0.0.0.255

crypto isakmp key AM285I cope with 198.51.100.34

crypto map VPN_102 10 ipsec-isakmp
    set peer 198.51.100.34
    set transform-set vpn_transform
    fit cope with 100

interface GigabitEthernet0/1
    crypto map VPN_102

I used to be duly inspired. Bridget (as BridgeIT is affectionately referred to as) understood precisely what I sought after and used to be ready to create the configurations for me completely. Ranking one for our artificially clever robotic overlords.

However wait… she wasn’t carried out.  The message persevered:

Please notice that there’s a typo within the Jinja2 template, particularly within the line the place it says:

set transform-setvpn_transform

There must be an area earlier than “vpn_transform”. Right here’s the corrected line that are meant to seem within the template:

set transform-set vpn_transform

Oh guy… I had a typo in my template? Unimaginable!!! I temporarily went and checked my instructed and the supply Jinja2 template that I copied for the instructed—a template I’ve utilized in my Ansible demo on this presentation for 2 years.

Positive sufficient, I had a typo. Whoops… boy, did I think embarrassed. And should you return and take a look at the configurations that Bridget supplied to my instructed, you’ll see that she in reality mounted the error and despatched the proper configs. Very, really well carried out. Ranking two and 3.

However she nonetheless wasn’t carried out…

Moreover, you may face a topic when making use of two other crypto maps to the similar interface. Typically, a bodily interface best helps one crypto map. If you want to improve a couple of VPNs at the similar interface, you might normally use the similar crypto map title with other series numbers for each and every peer.

Right here’s how you’ll be able to alter the second one crypto map to make use of the similar crypto map title with a special series quantity (assuming you need to make use of the crypto map title VPN_MAP for each):

For VPN_102 (with a revised crypto map title and series quantity):

! VPN VPN_102
crypto isakmp coverage 10
    encryption aes
    hash sha256
    authentication pre-share
    team 14

crypto ipsec transform-set vpn_transform esp-aes esp-sha256-hmac

access-list 102 allow ip 10.98.128.0 0.0.3.255 172.28.12.0 0.0.0.255

crypto isakmp key AM285I cope with 198.51.100.34

crypto map VPN_MAP 20 ipsec-isakmp
    set peer 198.51.100.34
    set transform-set vpn_transform
    fit cope with 102

interface GigabitEthernet0/1
    crypto map VPN_MAP

Understand that the entry listing quantity for VPN_102 has been modified to 102 to steer clear of battle with the entry listing for VPN_101. The crypto map series quantity for VPN_102 has been set to twenty, differentiating it from the series quantity 10 used for VPN_101. Should you practice this way, be sure that your whole VPNs use the similar crypto map title (VPN_MAP on this case) with other series numbers.

Ok… this displays some severe community figuring out. Combining a CSV report and a Jinja2 template in combination isn’t that a long way from the code help and co-pilot use circumstances which were in position for awhile—now not in point of fact that a lot of a stretch. And discovering a typo in a configuration template this is more than likely found in loads of public Web documentation, weblog posts, and coaching examples? Additionally now not in point of fact that unexpected.

However making this ultimate bounce associated with community structure and design… this used to be in point of fact reasonably unexpected. I didn’t inform Bridget that each and every of those configurations can be deployed on person routers, so she somewhat “frightened” that I used to be taking a look to deploy the configs at the similar software. And if I did that, it WOULD be a topic. Her advised answer is cheap, even though admittedly follows examples which might be additionally neatly documented at the Web.

So what does this imply for us community engineers?

I used to be discussing this situation all over Cisco Reside with some attendees, and the analogy of a “peer assessment” used to be introduced up. This used to be a use case for AI in community engineering that I hadn’t formalized in my head but, however have been dancing round with different examples.

There’s a very actual possibility of engineers the use of AI-generated configurations “as is” of their community.  It is a unhealthy concept for a similar reason why as copying and pasting code from Stackoverflow or any other untrusted Web supply. Earlier than the use of configurations generated through Bridget or any other generative AI device, it’s important to ensure the accuracy.  Another way, you possibility changing into any other sufferer to hallucinations or simply inaccuracies from overconfident AI assistants.

Then again, I believe there’s actual attainable in the use of AI as a peer reviewer for configurations and different artifacts we create. Right here, WE, the community engineers, use our wisdom, abilities, and enjoy to construct an answer. Then, we ask AI to have a look and supply some comments, very similar to sending it to a co-worker, spouse, or Cisco TAC.

This second-set-of-eyes use case is one who I believe engineers must believe testing for themselves—with a few essential caveats:

  1. Take a look at together with your corporate and group’s AI insurance policies. Most of the publicly to be had AI equipment take any instructed data despatched to them and use it for long term coaching and fine-tuning. Community configurations are regarded as confidential for lots of corporations as there’s a severe safety possibility in sharing them publicly.
  2. I’d nonetheless suggest having any other “natural intelligence” assessment any important configurations. I’m all in favour of the potential for AI, and we most probably gets to some degree the place AI is so correct we will be able to depend on it for lots of use circumstances, however let’s take the gradual way to get there.

Smartly, what are your ideas in this use of AI for community engineering? What different use circumstances are you exploring for your day-to-day paintings as an engineer? Let me know within the feedback. And keep tuned for extra from me as I proceed to swim into the Synthetic Age!

PS… This weblog publish used to be written through me, Hank Preston, and now not through Bridget or any other AI device 🙂

 

 


Join Cisco U. | Sign up for the  Cisco Studying Community as of late without spending a dime.


 

Practice Cisco Studying & Certifications

X | Threads | Fb | LinkedIn | Instagram | YouTube

Use  #CiscoU and #CiscoCert to sign up for the dialog.

 

Cisco Is helping Construct AI Staff With New Abilities Certification

Navigating the Multicloud Adventure with Cisco’s New Certifications [Infographic]

 

Proportion:



[ad_2]

LEAVE A REPLY

Please enter your comment!
Please enter your name here