MurmurCast
TechnicalDiscussion

HN824: That’s Not a Job for an LLM: The Right Way to Apply AI to Network Operations (Sponsored)

The Everything Feed - All Packet Pushers Pods1h 1m

Avi Friedman, founder of Kentik, joins Heavy Networking to discuss how different AI techniques — ML, fuzzy logic, and LLMs — each have distinct roles in network operations. He argues that LLMs are powerful but non-deterministic tools that require guardrails, domain-specific knowledge, and human oversight to be useful in networking contexts. The conversation covers agentic AI, hallucinations, autonomy, and the realistic near-term limits of AI in network planning and configuration.

Summary

The episode opens with hosts Ethan Banks and Drew Connery-Murray framing the conversation as an attempt to cut through AI hype in both directions — the 'AI is everything' camp and the 'AI is garbage' camp — in favor of a pragmatic assessment. Guest Avi Friedman, founder of Kentik, brings decades of perspective on AI, having been exposed to expert systems and medical AI (arrhythmia detection) as a teenager through his cardiologist uncle.

Friedman begins with a historical overview of AI in networking, noting that ML, fuzzy logic, statistical analysis, and expert systems have been used for years in areas like DDoS detection and capacity planning. He emphasizes that there have been multiple 'AI winters,' and that technologies which survive these winters tend to stop being called 'AI' and just become standard tools. He distinguishes traditional ML — which is essentially sophisticated pattern matching over telemetry data using statistics — from LLMs, which are built on attention-based neural networks trained on vast corpora of human text and encode weighted probability paths through vector embeddings rather than true semantic understanding.

On LLMs specifically, Friedman describes them as producing 'glorified autocomplete' — effective at following high-probability paths through encoded knowledge but lacking a genuine 'worldview' or semantic governor. He explains that hallucinations occur because the model has no understanding of what it doesn't know; it simply continues predicting along the most weighted path even when it runs out of grounded information. He is skeptical of 'reasoning' and 'thinking' modes in models like Gemini, suggesting these are better described as trained planning patterns rather than actual cognition.

Friedman explains how Kentik addresses LLM non-determinism through two layers of guardrails: LLM-based sanity checking (using RAG or system prompts encoding what makes sense in networking contexts) and rule-based systems. He notes that for certain categories — like IGP metric recommendations — Kentik explicitly instructs the model not to make recommendations at all, recognizing the blast radius risk. He describes Kentik's AI Advisor as an agentic system that takes natural language queries, composes multiple internal API calls and ML outputs, and returns investigated answers to network operations questions like capacity issues, performance degradation, and DDoS events.

On agentic AI, Friedman argues that while the popular conception ties agents to LLMs via tools like MCP, there is no fundamental requirement for this — agents can be built on traditional code and APIs. He describes MCP as essentially a glorified API with semantic metadata attached, and notes that Kentik's internal agentic infrastructure mixes LLM-driven components with traditional coded services. He sees the value of agentic architecture in the decomposition of services into reusable, composable units that make it easier for LLMs to help humans accomplish complex tasks.

The conversation addresses where AI is and isn't ready for autonomous action in networking. Friedman draws a distinction between read tasks (information gathering, monitoring, alerting) and write tasks (making configuration changes). He notes that hundreds of Kentik DDoS customers have already moved to automated mitigation triggers, and that lifecycle automation for routine tasks is well underway. However, he argues that planning and architecture tasks — especially in organically grown, inconsistently documented networks — remain inappropriate for autonomous AI action due to the combination of non-determinism and high blast radius. He uses the example of converting static routing to dynamic IGP across a complex network as a case where LLMs would likely fail badly.

Friedman pushes back on the idea that LLMs are at a dead end technologically. He believes future progress will come from more efficient training methods, integration of explainable AI (XAI) techniques to understand why model weights change, and better tooling for encoding domain-specific guardrails and tunable determinism. He frames the use of AI as augmented intelligence — helping humans be 'maximally lazy' in the positive sense of applying human insight and intuition multiplicatively rather than doing repetitive mechanical tasks.

The episode closes with a discussion of the risk that over-reliance on AI augmentation could atrophy engineering skills in future generations, with Friedman acknowledging the concern while noting that the continued complexity and bugginess of networking hardware and software will keep requiring human expertise for the foreseeable future.

Key Insights

  • Friedman argues that AI in networking is not new — ML, fuzzy logic, and expert systems have been embedded in tools like DDoS detection and capacity planning for decades, and technologies that survive AI winters simply stop being called 'AI' and become standard tools.
  • Friedman contends that LLMs are fundamentally different from traditional ML in that they are not doing statistics over telemetry but rather encoding weighted probability paths through vector embeddings trained on vast human text corpora — a qualitatively different and far more computationally expensive approach.
  • Friedman argues that LLM 'hallucinations' occur not because the model is malfunctioning but because it has no semantic governor — it cannot know what it doesn't know and simply continues predicting along high-probability paths when it runs out of grounded information.
  • Friedman claims that 'reasoning' and 'thinking' modes in models like Gemini are better described as trained planning patterns guided by prompts rather than genuine cognition, and that there is still no true 'worldview' underlying these outputs.
  • Friedman states that Kentik addresses LLM non-determinism through two guardrail layers: LLM-based sanity checking using RAG and system prompts encoding networking domain knowledge, and traditional rule-based systems — together catching over 90% of nonsensical outputs.
  • Friedman argues that agentic AI does not require LLMs by definition — agents can be built on traditional code and APIs — but that in practice almost all current agentic implementations are LLM-based, and MCP is essentially a glorified API with semantic metadata attached.
  • Friedman draws a clear line between read tasks (monitoring, alerting, investigation) where AI autonomy is already well-established, and write tasks (configuration changes, planning) where blast radius concerns require continued human oversight, particularly for complex or organically grown networks.
  • Friedman claims that hundreds of Kentik customers have already moved to fully automated DDoS mitigation triggers, citing this as evidence that AI-driven write automation is not theoretical but is already in production at scale in specific, well-bounded use cases.
  • Friedman argues that the biggest risk of asking an LLM to handle complex network planning tasks is not just that it may be wrong, but that it doesn't know what it doesn't know — it won't flag the caveats a human architect would recognize, such as tunnel routing loops or routing table overflow scenarios.
  • Friedman contends that LLMs are not at a technological dead end, and predicts future progress will come from more efficient training methods, integration of explainable AI techniques to surface why model weights change, and better tooling for domain-specific guardrails and tunable determinism.
  • Friedman frames the value of AI for network engineers not as replacement but as 'augmented intelligence' — allowing engineers to be 'maximally lazy' by automating repetitive tasks and applying human expertise multiplicatively, with the personal use case of using LLMs to argue against his own positions to check the quality of his reasoning.
  • Friedman acknowledges the concern that AI augmentation could atrophy engineering skills in future generations but argues that the continued bugginess of networking hardware and software — and the persistent gap between vendor feature promises and stability — will keep requiring deep human expertise for the foreseeable future.

Topics

History of AI in networking (ML, fuzzy logic, expert systems)How LLMs actually work and their limitationsHallucination and non-determinism in LLMsGuardrails and domain-specific tuning for LLMs in networkingAgentic AI architecture and MCPRead vs. write autonomy in network operationsAI augmentation vs. skill atrophy in network engineeringFuture directions for LLM improvementKentik AI Advisor product overview

Full transcript available for MurmurCast members

Sign Up to Access
View original source →

Get AI summaries like this delivered to your inbox daily

Get AI summaries delivered to your inbox

MurmurCast summarizes your YouTube channels, podcasts, and newsletters into one daily email digest.