Follow on Twitter using the following hashtags or usernames: #CiscoLive26, #TFDx
Watch on YouTube
Watch on Vimeo
Forward introduces a solution to a fundamental, long-standing gap in networking: the lack of a deep, end-to-end behavioral understanding of complex, multi-vendor environments and the inability to test intended configuration updates safely. To address these vulnerabilities, Forward developed a mathematically accurate digital twin platform that connects to all physical, virtual, and cloud-based network devices. By collecting device states and configurations, the platform proactively traces every potential packet path to create a reliable behavioral model. Building upon a decade of monitoring current and historical network behaviors, Forward recently launched Forward Predict, a foundational technology that allows operators to safely simulate, analyze, and refine multi-vendor network modifications in a production-equivalent sandbox before actual deployment.
The presentation features a live, operator-driven demo where a complex cross-site service migration, routinely requiring several weeks for enterprise network teams to plan and execute, is successfully simulated and validated by an engineer in just 15 minutes. Using an integrated, syntax-aware AI command window, the engineer designs the migration from a legacy data center to a new spine-and-leaf facility. The platform’s deterministic analysis quickly reveals that while the primary connection goals are achieved, a critical security regression is introduced that inadvertently exposes the payroll server to the internet. Catching this risk at design time allows the operator to instantly append a zone-based firewall rule to the multi-vendor change set, rerun the predictive analysis, and ensure all predefined compliance and security checks pass flawlessly before generating a deterministic verification report for final change control approval.
Beyond manual operator workflows, Forward Predict accelerates business agility by translating its full functionality into REST APIs that seamlessly integrate into existing change management systems. In a standard ServiceNow workflow, Predict automatically reviews proposed changes during the assessment phase to document risk levels, propagation ranges, and regressions before final approval. For organizations utilizing automated CI/CD pipelines, the technology can be embedded directly into Jenkins and Ansible playbooks to serve as an automated pre-approval circuit breaker, halting the pipeline if any network anomalies or security vulnerabilities are detected. Ultimately, this predictable validation loop serves as a blueprint for truly autonomous networking, empowering emerging AI networking agents with the logical reasoning and deterministic tools necessary to iteratively propose, test, and safely execute network changes at scale without the risk of breaking production environments.
Personnel: Mike Lossmann, Nikhil Handigol
Watch on YouTube
Watch on Vimeo
Elyor Khakimov details how the combination of a definitive network digital twin and advanced AI logic shifts network engineering from manual risk mitigation to fully autonomous execution. Traditionally, complex migrations require weeks of coordination, leaving engineers with immense anxiety right up to deployment. By utilizing an AI networking agent powered by a large language model for reasoning, Forward bridges this operational gap. The agent operates as an intelligent coworker with programmatic access to a point-in-time snapshot of the network harvested by a centralized collector. Empowered with specialized tools for path mapping, configuration ingestion, and routing analysis, the agent leverages deterministic data to safely research, design, and validate network changes entirely within a virtual sandbox.
The presentation demonstrates this capability by replaying a 240-step fully autonomous migration of an internal web service from San Jose to Atlanta. Given only a high-level user intent prompt, the agent independently identifies endpoints, reviews topology context, and builds destination NAT and BGP configurations at machine speed. Crucially, the system defines intent-based validation tests before drafting commands so it knows exactly what success looks like. When its initial configuration proposal fails in Forward Predict because a BGP route advertisement fails to reach the core, the agent enters an autonomous feedback loop, diagnoses the routing issue, and corrects its own commands. It then runs a regression analysis that catches an unintended security risk where internal servers are exposed to the internet. Recognizing this vulnerability, the agent seamlessly switches to an exposure review skill, traces the end-to-end path, writes a deny rule for a Palo Alto edge firewall, and resolves the issue before code ever touches production.
While the demo showcases the agent’s ability to automatically commit multi-vendor code and push changes directly to live Cisco and Palo Alto devices, production environments are designed to integrate this pipeline with external orchestration platforms like Ansible or ServiceNow. Once changes are executed on the wire, the digital twin automatically takes a new live network snapshot, verifying post-execution reachability against the predicted state to guarantee a zero-regression outcome. Addressing panel questions regarding capacity and out-of-band updates, the speakers emphasize that Forward Predict serves as an isolated validation gate separate from the agent’s proposal engine, ensuring the AI cannot bypass security guardrails or execute dangerous changes. Ultimately, this integration establishes the foundational blueprint for autonomous network operations, introducing a powerful loop of programmatic feedback and design-time testing that delivers total operational confidence.
Personnel: Elyor Khakimov
Thank you for being part of the Tech Field Day community! Our mailing list is a great way to stay up to date on our events and technical content, and we appreciate your signup.
We promise that we’ll never spam you, send ads, or sell your information. This list will only be used to communicate with our community about our events and content. And we’ll limit it to no more than one message per week.
Although we only need your email address, it would be nice if you provided a little more information to help us get to know you better!
