Beyond Data: Why Design-Driven Automation is the Missing Link

Written By Chris Grundemann

Summarizing Christian Adell Querol's design-first methodology from AutoCon3

"We still live in this world," declared Christian Adell Querol, referencing Claudia de Luna's opening keynote about starting with design. "The designs are still there. However, we have to find a way where this design matches the automation."

His presentation built on Jaakko Rautanen's abstraction concepts, extending them to address a fundamental challenge: bridging the gap between network designs that exist in architects' minds and the automation systems that implement them.

The Data Disconnect Problem

While everyone agrees that "data is crucial in any automation strategy," Querol argued that understanding what we mean by "data" reveals complexity that justifies most networking jobs. Data can be intent, actual network state, configuration, operational metrics—"many dimensions. Data is a mess."

The core problem isn't data complexity itself, but how designs get "lost in translation" between conception and implementation. Network architects create diagrams and checklists to help engineers transform mental designs into reality, but meaning degrades through the process.

"We start with clear idea of what we want to implement on the network until we implement something, but we don't really know what we have implemented," he explained. "We can't even remember what was the purpose of a service we deployed one year ago."

The Service Vision

Querol's solution: "Why not make the network something that people understand at the level they need? They don't need to be network experts."

He shared a compelling example from 2016 when AWS offered only basic VPC networking. His team built a simple API for developers struggling to connect application islands—just specify application IDs and request connectivity. Three weeks before his AutoCon presentation, he discovered those developers still use that "crappy service" because it solved their actual problem with appropriate abstraction.

"Simplification is key. Simplification for your users. Not for you."

Design-Driven Data Properties

Effective design-driven automation requires data with specific characteristics:

Relationship Connectivity: Data belonging to the same service must be connected, enabling you to relate information together and propose different service versions.

Design Protection: When data follows design principles, it should be protected. "Who are you to go and change the implementation of a design? This should be protected."

Complete Lifecycle: Data must support creation, updates, and decommissioning through the full service lifecycle.

Purpose Assignment: Rather than disconnected data without relationships, design-driven approaches connect data through abstraction layers that represent what belongs together.

The Three-Role Architecture

Querol outlined clear responsibilities for design-driven automation:

Network Architect: Creates the logic for designs—the person "happy creating diagrams on whiteboards" becomes responsible for codifying that logic.

Network Engineering Team: Tunes how designs will be used in practice, handling implementation details and operational considerations.

Users: Interact with the simplest possible interface for the services they need, from VPN deployments to complete data centers.

Even simple services require "dozens, hundreds, thousands of objects"—massive data complexity hidden behind simple interfaces.

The Technical Architecture

Querol's implementation uses three building blocks:

1. Inputs

"What we're going to expose to users. The fewer, the better. If you can expose two inputs, better than 10." These inputs include constraints and validations while remaining user-friendly.

2. Templates

"How you explain your logic. This could be Python, Go, Jinja templates, whatever. It's up to you to decide how you feel comfortable." The code transforms user inputs into comprehensive service implementations.

3. Context

"You're not isolated on one island. You have to interact with service ticketing, external systems, whatever." Context handles real-time interactions, reservations, and integrations outside the core logic.

The Plan-Build-Service Workflow

Plan Generation: When users run a design with input parameters, the system combines logic and context to render a plan—"like the architecture blueprint that engineers transform from whiteboard diagrams into specific plans."

Builder Execution: The plan becomes actionable through a builder that creates all necessary data (IP addresses, racks, devices, everything) while following critical rules:

  • Idempotency: Same inputs produce same results

  • Rollback capability: If any of 1,000 objects fail, everything rolls back automatically

  • Protection enforcement: Prevents unauthorized changes to service-owned data

Service Implementation: The service represents "all the data created for some purpose" with lifecycle tracking, versioning, and ownership.

The Automation Integration

Design-driven services become the foundation for simplified automation architecture:

Service Changes → Orchestration: When services change, orchestration stitches together the necessary tasks. If a service touches 10 devices, orchestration triggers 10 automation tasks.

Targeted Infrastructure Changes: "You're deploying a service. You're changing your infrastructure not as a whole—just the minimum infrastructure that depends on this service definition."

Service-Centric Observability: "Your users don't care about interface traffic. They care about the service they requested. If your user requested a BGP session, tell him the BGP session is established."

Starting Small, Growing Compound Interest

Querol addressed the common objection that only hyperscalers can implement such approaches: "You can start with something very small, very simple."

The key is compound interest—start with basic services and incrementally add details until achieving something comprehensive. "Focus more on the design because the design is the important part. If you get right on the design and your design is idempotent, you will do always right."

Brownfield Integration

For existing networks, Querol advocated an import functionality: "You have to not leave anyone behind. If possible, bring all the services you have already in place into this new approach of design-driven."

This acknowledges that most organizations can't start from scratch—they need migration paths for existing infrastructure that hopefully followed design standards.

Implementation Principles

Test Your Design, Not Just Your Network: "Focus more on the design because the design is the important part... If you get the design right and your design is idempotent, you will always do right."

Modular Service Collections: "Break your network into a collection of modular services. How many? Doesn't matter. But start by one."

Data Ownership: At the attribute level, only one design can own an attribute. Other designs can reuse attributes, but ownership remains singular to prevent conflicts.

The AI Integration Question

When asked about adding AI abstraction layers, Querol referenced recent announcements about AI tools for creating automation logic: "You can use any kind of tool that helps you to create this logic. But at the end, you have to own... you have to take ownership to implement the logic."

The point: AI can assist with design creation, but humans must maintain ownership of the implemented logic to ensure consistency and reliability.

Why This Matters

Querol's design-driven approach addresses a fundamental automation challenge: the gap between what network architects envision and what gets implemented. By codifying design logic and protecting design-driven data, organizations can ensure that automation implementations match architectural intent.

This represents an evolution beyond basic automation tooling toward systematic design implementation. Rather than automating existing manual processes, design-driven automation encodes the thinking behind those processes, ensuring consistent implementation regardless of who operates the system.

The approach also acknowledges organizational realities—architects, engineers, and users have different needs and capabilities. By creating appropriate abstraction layers for each role, design-driven automation enables specialization while maintaining system coherence.

As Querol concluded, this isn't tool-specific thinking—it's "a mindset that I really encourage you to adopt." The future of network automation may depend less on better tools and more on better ways of encoding and implementing design intent.

Chris Grundemann

Executive advisor. Specializing in network infrastructure strategy and how to leverage your network to the greatest possible business advantage through technological and cultural transformation.

https://www.khadgaconsulting.com/
Previous

The Long Arc of Network Automation: Lessons from a 25-Year Journey
Next

The Car Analogy: Why Network Abstraction Matters More Than You Think