Intent-Based Networking with Z3 Constraint Solving
An Intent-Based Networking (IBN) platform that translates high-level business requirements into optimal network configurations. Instead of manually calculating paths and writing configs, you declare what you want and the platform figures out how to achieve it.
Traditional network automation still requires you to think like a router:
- Manually calculate primary and backup paths
- Write hundreds of lines of BGP/OSPF configuration
- Hope your "redundant" paths don't share a common failure point
- Repeat for every change
Define your intent in 6 lines:
name: NYC Branch Connectivity
type: branch-wan
source: IBN-HQ
destination: IBN-Branch
requirements:
latency_ms: 50
diverse_paths: trueThe platform:
- Solves - Z3 SMT solver finds mathematically optimal paths with true diversity
- Generates - Produces complete BGP, BFD, and route-map configurations
- Deploys - Pushes configs to devices via SSH
- Verifies - Confirms BGP/BFD sessions are established
Standard shortest-path algorithms (Dijkstra, Bellman-Ford) can't express constraints like "find two paths that don't share any failure domain." Z3 can solve this as a constraint satisfaction problem with provable optimality.
Constraint: paths must use different failure domains
Constraint: both paths must meet 50ms latency SLA
Objective: minimize total cost
Solution found in 8ms:
Primary: HQ → Core2 → Branch (Domain B, 33ms)
Backup: HQ → Core1 → Branch (Domain A, 22ms)
| Feature | Description |
|---|---|
| Z3 Constraint Solver | Finds optimal diverse paths that standard algorithms can't |
| Failure Domain Awareness | Ensures backup paths don't share failure points with primary |
| What-If Analysis | Simulate node/domain failures before they happen |
| Config Generation | Jinja2 templates produce IOS-XE BGP/OSPF/SR-MPLS configurations |
| Live Deployment | Push configs via SSH with Netmiko |
| Config Diff | Preview exactly what will change before deploying |
| Topology Visualization | ASCII diagrams showing network and computed paths |
| Real-Time Monitoring | Watch BGP/BFD status with live updates |
| Verification | Confirm BGP/OSPF neighbors and BFD sessions are up |
| Deployment History | Track all deployments with timestamps and config snapshots |
| Rollback | Restore previous configurations with one command |
| Compliance Monitoring | Continuous verification that network matches intent |
| NETCONF/RESTCONF | Modern API-based device connectivity (YANG models) |
| Web Dashboard | Browser-based UI for intent management with full workflow support |
# Clone the repository
git clone https://github.com/E-Conners-Lab/Intent_Based_Networking_Project.git
cd Intent_Based_Networking_Project
# Install with uv (recommended)
uv sync
# Or with pip
pip install -e .# Show network topology diagram
ibn show-topology
# Load and validate topology
ibn load-topology examples/lab.yaml
# Validate an intent
ibn validate-intent examples/intents/nyc-branch.yaml
# Solve for optimal paths (shows diagram with paths)
ibn solve examples/intents/nyc-branch.yaml
# Simulate failures
ibn what-if examples/intents/nyc-branch.yaml --fail-node IBN-Core1
# Generate configs (view only)
ibn generate-config examples/intents/nyc-branch.yaml
# Deploy with diff preview
ibn deploy examples/intents/nyc-branch.yaml --diff -u admin -p <password>
# Deploy to devices
ibn deploy examples/intents/nyc-branch.yaml -u admin -p <password>
# Verify BGP/BFD status
ibn verify -u admin -p <password> --bgp --bfd
# Watch network status in real-time
ibn watch -u admin -p <password>
# View deployment history
ibn history
# Rollback to previous configuration
ibn rollback -u admin -p <password>
# Check compliance (one-time)
ibn compliance examples/intents/nyc-branch.yaml -u admin -p <password>
# Continuous compliance monitoring
ibn compliance examples/intents/nyc-branch.yaml -c -i 30 -u admin -p <password>
# Verify via NETCONF (port 830)
ibn verify --protocol netconf -u admin -p <password> --bgp
# Verify via RESTCONF (port 443)
ibn verify --protocol restconf -u admin -p <password> --bgpThe platform includes a browser-based dashboard for managing intents through the complete workflow.
# Set device credentials
export IBN_DEVICE_USER=admin
export IBN_DEVICE_PASS="your_password"
# Start the web server
PYTHONPATH=src python -m uvicorn ibn.web.app:create_app --factory --host 127.0.0.1 --port 8000
# Open http://127.0.0.1:8000 in your browser
# Default login: admin / adminDashboard Features:
- Intent Management - Create, view, and delete intents with SQLite persistence
- Protocol Selection - Choose BGP, OSPF, or SR-MPLS for path establishment
- Workflow Stages - Solve → View Configs → Deploy → Verify → Active
- Re-check Status - View live OSPF/BGP neighbor status on active intents
- Dark Mode - Toggle between light and dark themes
Intent Workflow:
- Create - Define source, destination, and routing protocol
- Solve - Z3 finds optimal primary and backup paths
- Configs - View generated Cisco IOS-XE configurations
- Deploy - Push configs to devices via SSH
- Verify - Confirm routing neighbors are established
- Active - Intent is running; use Re-check to monitor status
┌─────────────────────────────────────────────────────────────┐
│ Interface Layer │
│ CLI: ibn solve | deploy | verify Web: FastAPI + HTMX │
└─────────────────────────────────────────────────────────────┘
│
┌─────────────────────────────────────────────────────────────┐
│ Intent Parser │
│ YAML/JSON → Pydantic Models → Validation │
└─────────────────────────────────────────────────────────────┘
│
┌─────────────────────────────────────────────────────────────┐
│ Z3 Constraint Solver │
│ Flow constraints + Latency + Diversity + Cost optimization │
└─────────────────────────────────────────────────────────────┘
│
┌─────────────────────────────────────────────────────────────┐
│ Config Generator │
│ BGP / OSPF / SR-MPLS → Cisco IOS-XE Device Configs │
└─────────────────────────────────────────────────────────────┘
│
┌─────────────────────────────────────────────────────────────┐
│ Device Connector │
│ Netmiko SSH → Deploy → Verify → Re-check │
└─────────────────────────────────────────────────────────────┘
The platform was developed and tested on an EVE-NG lab with Cisco C8000V routers:
┌──────────────┐
│ IBN-HQ │
│ 10.100.0.1 │
└──────┬───────┘
│
┌────────────┴────────────┐
│ │
┌──────┴──────┐ ┌──────┴──────┐
│ IBN-Core1 │ │ IBN-Core2 │
│ Domain A │ │ Domain B │
│ 10.100.0.2 │ │ 10.100.0.3 │
└──────┬──────┘ └──────┬──────┘
│ │
└────────────┬────────────┘
│
┌──────┴───────┐
│ IBN-Branch │
│ 10.100.0.4 │
└──────────────┘
Key Design Points:
- Two failure domains (A and B) for path diversity
- iBGP with local-preference for path selection (primary=200, backup=100)
- BFD for sub-second failure detection (~450ms)
- GigabitEthernet interfaces for data plane, G3 for management
ibn-platform/
├── src/ibn/
│ ├── cli.py # Click CLI commands (16 commands, multi-protocol)
│ ├── errors.py # Exception hierarchy
│ ├── model/
│ │ ├── topology.py # Pydantic topology models
│ │ ├── loader.py # YAML → NetworkX graph
│ │ └── addressing.py # IP address utilities
│ ├── intent/
│ │ ├── schema.py # Intent & result models
│ │ └── parser.py # Intent validation
│ ├── solver/
│ │ └── z3_solver.py # Z3 constraint solver
│ ├── services/
│ │ ├── schema.py # Service model definitions
│ │ └── registry.py # Service type registry
│ ├── deploy/
│ │ ├── generator.py # Config generation
│ │ ├── connector.py # SSH device connector
│ │ ├── netconf.py # NETCONF/RESTCONF connectors
│ │ └── diff.py # Config diff engine
│ ├── viz/
│ │ └── topology.py # ASCII topology diagrams
│ ├── monitor/
│ │ └── watcher.py # Real-time network monitoring
│ ├── state/
│ │ └── history.py # Deployment history & rollback
│ ├── compliance/
│ │ └── checker.py # Compliance monitoring & verification
│ └── web/
│ ├── app.py # FastAPI application factory
│ ├── lifecycle.py # Intent state machine
│ ├── persistence.py # SQLite intent repository
│ ├── routes/
│ │ └── intents.py # Intent API & config generators
│ └── templates/
│ ├── base.html # Base template with dark mode
│ ├── intents.html # Intent management dashboard
│ └── login.html # Authentication page
├── tests/
│ └── unit/ # Unit tests
│ ├── test_compliance.py # Compliance checker tests
│ ├── test_history.py # Deployment history tests
│ ├── test_intent.py # Intent parser tests
│ ├── test_intent_workflow.py # Web workflow tests
│ ├── test_netconf.py # NETCONF/RESTCONF tests
│ └── test_solver.py # Z3 solver tests
├── templates/
│ ├── ios-xe/
│ │ └── bgp.j2 # BGP config template
│ └── bootstrap/
│ └── c8000v-base.j2 # Bootstrap config
├── examples/
│ ├── lab.yaml # Lab topology
│ └── intents/
│ └── nyc-branch.yaml # Sample intent
└── pyproject.toml
- Python 3.11+ - Core language
- Z3 Solver - Microsoft's SMT solver for constraint optimization
- NetworkX - Graph representation and analysis
- Pydantic - Data validation and settings
- Click - CLI framework
- Rich - Terminal formatting
- Jinja2 - Config templating
- Netmiko - SSH device connections
- ncclient - NETCONF client for YANG-based config
- requests - RESTCONF REST API client
- FastAPI - Web framework for dashboard API
- HTMX - Dynamic HTML interactions without JavaScript frameworks
- Tailwind CSS - Utility-first CSS styling
- Topology modeling with failure domains
- Intent parsing and validation
- Z3 constraint solver for diverse paths
- BGP/BFD config generation
- SSH deployment with Netmiko
- What-if failure simulation
- Topology visualization (ASCII diagrams)
- Config diff before deployment
- Real-time network monitoring
- Deployment history tracking
- Rollback capability
- Unit test suite
- Continuous compliance monitoring
- NETCONF/RESTCONF support
- Multi-vendor templates (Cisco, Arista, Juniper)
- Web dashboard with intent workflow
- Multi-protocol support (BGP, OSPF, SR-MPLS)
MIT License - See LICENSE file for details.
Built as a portfolio project demonstrating Intent-Based Networking concepts with constraint-based optimization.