Executive Outcomes
1 UI
Ask in English; get device‑level answers
↓ Noise
Grounded responses reduce alert fatigue
Trust
Every answer verified vs intents & snapshots
Speed
RCA and change plans in minutes
Guardrails first: No free‑form commands. All outputs are validated by IP Fabric intent rules & path analysis before action.
1) Deep Theory — LLMs, LRMs & RAG for Networks
Standard LLMLarge Reasoning Model (LRM)RAGVerification
- LLM vs LRM: LLMs are next‑token predictors; LRMs plan before acting — essential for multi‑step change planning and playbook execution.
- Network‑grounded RAG: Retrieval must prefer fresh truth (current snapshot, intents, path slices) over static docs.
- Reasoning & Verification: CoT/ToT/GoT guide structured thinking; CoVe & Self‑Consistency reduce hallucinations; all answers must be checked against intents.
- Evaluation: Context Precision/Relevancy (pipeline), Faithfulness & Answer Relevance (model), plus task KPIs (MTTR, CFR).
IP Fabric mapping: Snapshots = time‑indexed truth; Intent Verification = objective pass/fail; Path Analysis = topology‑aware evidence for answers.
2) Network RAG — Architecture & Contracts (No raw code)
Contract: POST /nlq/query
Request:
{
"q": "Why is BGP flapping between R1 and R2?",
"hints": ["BGP","flap","R1","R2"],
"data_sources": ["snapshots:latest","intents","configs","runbooks"],
"rerank": true,
"max_context": 5
}
Response:
{
"answer": "...root cause ...",
"citations": [{"type":"config","device":"R1","section":"router bgp ..."}, {"type":"intent","policy":"bgp-redundancy","status":"fail"}],
"evidence_pack_url": "/packs/qa/ef12ab.html",
"confidence": 0.82
}
Pseudo‑code: Hybrid Retrieval + Verification
function NLQ(query):
seeds = extract_entities(query) # devices, VLANs, intents
docs = dense.search(query) ∪ bm25.search(query,seeds)
docs = rerank.cross_encoder(query, docs)
ctx = enrich_with_state(docs, snapshot.latest(), intents.latest())
draft = llm.generate(query, ctx, require:cite_devices)
check = verify_with_intents_and_paths(draft, ctx)
if check.pass: return draft + citations(ctx)
else: return escalate_with_gaps(draft, check)
Index Strategy
Indexes: {configs, intents, snapshots, runbooks}
Chunking: network‑aware (section markers: interface/router/vlan/acl/policy)
Ranking: recency boost for snapshots; topology proximity boost for related devices
Caching: per‑tenant LFU cache keyed by (q, snapshot_id)
3) Intent‑Based Networking — From English to Verified Change
Translate natural‑language intents into vendor‑specific changes, but gate every step via twin simulation and policy verification.
Contract: POST /intent/parse
Body:
{
"text": "Create VLAN 120 for Finance on access ports of edge‑sw1 and edge‑sw2",
"schema": "v1"
}
Returns:
{
"type": "connectivity",
"action": "create",
"targets": ["edge-sw1","edge-sw2"],
"params": {"vlan":120,"name":"Finance","mode":"access","ports":["Gi1/0/10","Gi1/0/11"]}
}
Contract: POST /intent/synthesize
Body:
{
"intent": { ... },
"inventory": ["edge-sw1","edge-sw2"],
"vendor_matrix": true
}
Returns:
{
"configs": {
"edge-sw1": ["vlan 120"," name Finance","interface Gi1/0/10"," switchport mode access"," switchport access vlan 120"," no shut"],
"edge-sw2": ["..."]
},
"tests": ["verify vlan exists","port in vlan","no err-disable"]
}
Contract: POST /intent/verify
Body:
{
"configs": { ... },
"snapshot_id": "SNAP_2025_09_12",
"policies": ["intent:segmentation","intent:redundancy"]
}
Returns:
{
"intent_results": [{"policy":"segmentation","pass":true},{"policy":"redundancy","pass":true}],
"blast_radius": {"devices": 4, "paths": 7},
"decision": "APPROVE|REJECT|NEEDS_REVIEW",
"evidence_pack_url": "/packs/change/aa81c9.html"
}
Pseudo‑code: NL → Config → Verify → Plan
function PLAN_CHANGE(nl_text):
intent = parse_intent(nl_text) # type/action/targets/params
inv = ipf.inventory(intent.targets)
cfgs = synthesize_configs(intent, inv) # vendor‑specific
sim = twin.whatif(cfgs) # counterfactual SLOs
check = verify.intents(cfgs, policies=all)
plan = assemble_change_plan(cfgs, sim, check, rollback=auto)
return plan
4) Domain Adaptation — Fine‑Tuning & Data Specs
- When to fine‑tune: For idiomatic network language, multi‑vendor command translation, RCA styles.
- Prefer RAG first: Ground answers in live truth; add fine‑tune for tone/structure and command synthesis reliability.
Dataset Blueprint (instruction‑tune)
{
"tasks": ["explain-config","nl-to-config","rca-with-citations","intent-failure-explain"],
"formats": ["Q&A","structured_json"],
"sources": ["snapshot configs","intent reports","tickets","runbooks"],
"size": "5k–20k exemplars",
"eval": ["faithfulness","answer_relevance","command_accuracy"]
}
Safety & Security (critical)
Mitigations:
- Prompt injection: strip tool calls from user text; allowlist tools.
- Command hallucination: require schema validation & vendor grammar checks.
- Data privacy: per‑tenant indices; redact secrets; differential logging.
- Auditability: store queries, contexts, decisions, and verification results.
5) Practical Playbooks (No code)
Playbook A — RCA: “Why is app latency high between DC1 and DC2?”
- NLQ pulls latest snapshots, paths, QoS policies; correlates queue drops with policy changes.
- Answer cites devices/sections; proposes targeted QoS tweak; attaches verification steps.
Playbook B — Policy Drift Summary
- Generate exec‑level summary of ACL/QoS drift across vendors with risk ranking.
- Provide minimal‑blast‑radius fixes and a test matrix.
Playbook C — Onboard a New VLAN via NL Intent
- Parse intent → synthesize vendor configs → simulate → verify → produce change plan.
- Artifacts: plan.md, rollback.yaml, evidence‑pack.html.
Week 3 Deliverables
- NLQ/RAG service contract with verified answers + citations
- Intent parse/synthesize/verify contracts with evidence packs
- Dataset blueprint for domain fine‑tune + eval metrics
- Three executive playbooks and KPI definitions