Skip to content

Application Network Interface (ANI)


ANI (Application Network Interface) standardizes multi-cloud networking and its core constructs, enabling seamless provisioning of connectivity and access control. Traditionally, NetOps and SecOps teams have managed vendor-specific networks; however, as cloud-native and microservices architectures evolve, NetOps, SecOps, and CloudOps must adopt a more automated, standardized approach to multi-cloud and WAN networking. ANI provides interfaces that allow these teams to configure network resources and enforce security controls without delving into the specifics of each cloud or WAN vendor.

AWI (Application WAN Interface), a subset of ANI, offers a programmable interface for SD-WAN and CloudWAN controllers. It enables teams to establish enterprise WAN connectivity with defined service levels and access policies, while supporting vendor plugins.

Together, ANI and AWI create an open, plugin-based ecosystem that simplifies multi-cloud networking, streamlines network management, and connects network domains for secure, efficient operations.


  • [awi-grpc] This repository has the interface definition for 1) network domain connectivity and access control. 2) Application Access Control. The interfaces are defined both in YAML and through protobuf. Connection related YAML files can be found [here]

  • [awi-infra-guard] This repository allows discovery of resources in a cloud provider (AWS/GCP/Azure) environment that can be used in the connext of a connection. A resource could be a VPC, subnet, instance, a kubernetes service, namespace etc. This is used within kube-awi. It can also run independently on MacOS/Linux .

  • [awi-catalyst-sdwan-operator] AWI k8s operator for Catalyst SDWAN. With AWI operator installed, user can connect VPCs and VRF in multi-cloud environment using kubectl.

  • [awi-install] Helm chart(s) to install kubernetes operator. Also has script to do a full stack implementation.

  • [awi-cli] AWI CLI allows users to leverage AWI eco-system from a non-kubernetes envrionment.

  • [awi-grpc-catalyst-sdwan] AWI GRPC plugin for Cisco Catalyst SDWAN controller. This plugin is used within kube-awi. It can also run independently on MacOS/Linux .

  • [catalyst-sdwan-app-client] Catalyst SDWAN controller application client. This is not officially supported by Cisco Catalyst SDWAN team. It's used as a package from within Catalyst SDWAN controller plugin.

  • [kubernetes-discovery] Allows discovery of kubernetes clustsers , pods and services. It also watches resources for changes and has notifiers. This is used within AWI Infra Guard as a library to discover kubernetes resources, but can be used independently as well.

Contribution Guidelines

Thank you for your interest in contributing to awi-infra-guard! Please make sure you read the full code of conduct before making any contribution.

Before contributing to this repository, please first create an issue discussing the change you wish to make or discuss about it via email with one of the owners of the project.

We kindly ask you to follow the following code of conduct in all your interactions with the project.

Forking the project

Before doing any work, please make sure you are working on a local fork of the project. For more information and instructions on how to do so, please refer to GitHub's contributing guide.

Reporting Issues

Before reporting a new issue, please ensure that the issue was not already reported or fixed by searching through a repo specific
issues list

When creating a new issue, please be sure to include a title and clear description, as much relevant information as possible, and, if possible, a test case.

If you discover a security bug, please do not report it through GitHub. Instead, please see security procedures in

Pull Request Process

  1. Ensure any install or build dependencies are removed before asking to merge your code.
  2. Update the with details of changes to the interface, including new environment variables, exposed ports, file locations and container parameters.
  3. Increase the version numbers in any examples files and the to the new version that this Pull Request would represent. The versioning scheme we use is SemVer. Alternatively
  4. You may ask one (or more) of the code owners to review and merge your Pull Request.

Other Ways to Contribute

We welcome anyone that wants to contribute to awi-infra-guard to triage and reply to open issues to help troubleshoot and fix existing bugs. Here is what you can do:

  • Help ensure that existing issues follows the recommendations from the Reporting Issues section, providing feedback to the issue's author on what might be missing.
  • Review and update the existing content of our documentation with up-to-date instructions and code samples.
  • Review existing pull requests, and testing patches against real existing applications that use awi-infra-guard.
  • Write a test, or add a missing test case to an existing test.


What problem does AWI solve for cloud native users ?

Below are the problems we are trying to address:

DevOps(developer) Productivity:

Distributed applications have connectivity needs that span across multiple networking domains such as datacenter, VPCs (public cloud), campus and co-location. Line of Business (LOB) product teams, IT business application teams need to talk to NetOps team to provision connectivity across these sites for their distributed application deployment. These teams express their connectivity requirements to NetOps team via email, slack messages, service tickets or shared documents, adding considerable toil and making the overall process tedious. Most DevOps teams have adopted Agile development process and use CI/CD pipelines to deploy product artifacts. Today, connectivity provisioning is an impediment for their productivity as it slows the deployment process. Sometimes, they prefer taking short-cuts (e.g., Hosting many different LoB apps in a single VPC) to avoid dynamic connectivity provisioning, and thereby compromising on security and operational efficiency. Please see customer conversation section for details

AWI solves this problem by providing a open and standard connectivity interface for DevOps to provision connectivity across networking domains from within compute infrastructure such as Kubernetes, using tools like Kubectl that DevOps teams are already familiar with.

Workload Access Control:

Once connectivity is provisioned, AWI data models allow Dev (Sec)Ops teams to do workload segmentation across networking domains. Only ABAC (Attribute Based Access Control) and segmentation-based security are supported at this moment.

Connectivity with network SLA

AWI allows development teams to provision connectivity for a specific workload. In the backend networking infrastructure, traffic for a specific workload could be routed through an underlay provider network (such as Megaport/Equinix) and end-to-end network SLA can be maintained.

What problem does it solve in the industry?

Cloud native ecosystem is fragmented with proprietary networking domains, compute clusters, Container Network Interfaces (CNIs) and service meshes. There is no standard way of provisioning connectivity across heterogenous compute clusters. We believe an SDWAN, or cloud networking controller is the glue that can help enterprises connect cloud-native compute clusters.

A standard based connectivity interface exposed through Cloud Networking / SDWAN connectivity domain would help enterprises adopt the controller software as the connectivity provider across their distributed compute clusters and workloads.

Is AWI only for DevOps and the application domain? What about DevOps access and authorization process?

AWI is being designed for DevOps consumption, so that inter cluster workload connections can be provisioned from within application domain.

SDWAN/Cloud WAN Controller vendor implementations would need to create mechanisms to create DevOps authorization flow, so that NetOps teams are in complete control of the SDWAN functions and services. This is to ensure that DevOps automation happens in the context of networking and security policy set up by NetOps team. This authorization process is outside of AWI scope. We have created an authorization mechanism for Cisco SDWAN.

NetOps admins can also use the intent-based interface to provision connectivity should they choose to. Controller , or API Access & Authorization is based on the user credentials that's provisioned within AWI operator or CLI. AWI inherintly does not specify who can or cannot use the API (Application Programmer Interface).

Why the need for an open system and standardization?

An open eco-system and standardization would accelerate adoption across the industry, and adoption by networking vendors would put hybrid/multi cloud network controllers in the front and center as the default multi-network domain connectivity infrastructure provider.

Today’s SDWAN/Cloud Network vendor controllers are proprietary and have proprietary interfaces. Compute infrastructure automation systems like Kubernetes have no integration with vendor controllers for external connectivity because of the need to deal with different proprietary interfaces. AWI would provide a vendor agnostic interface that can be used from within Kubernetes, so that connectivity can be provisioned using Kubectl. This would remove the need for Kubernetes maintainers to integrate with each vendor controller.

Popular repositories Loading

  1. awi-catalyst-sdwan-operator awi-catalyst-sdwan-operator Public

    AWI operator. With this operator deployed, users can connect VPCs and VRFs and do application access control using kubectl.

    Go 3

  2. kubernetes-discovery kubernetes-discovery Public

    Discover kubernetes clusters and resources across cloud providers and/or on-prem

    Go 3

  3. awi-infra-guard awi-infra-guard Public

    Infra guard provides visibility and monitoring of infrastructure resources for AWS, GCP and Azure. It can watch resource tags for changes across multiple cloud providers.

    JavaScript 2 2

  4. awi-grpc-catalyst-sdwan awi-grpc-catalyst-sdwan Public

    Cisco Catalyst SDWAN controller plugin for AWI.

    Go 2 1

  5. awi-cli awi-cli Public

    Command line interface to execute AWI commands to list and connect network domains.

    Go 2

  6. awi-install awi-install Public

    Install AWI operator and corresponding catalyst SDWAN plugins in a K8S cluster. You could use this to install in minikube environment as well.

    Python 2


Showing 10 of 10 repositories
  • .github Public
    0 0 0 0 Updated Feb 6, 2025
  • awi-infra-guard Public

    Infra guard provides visibility and monitoring of infrastructure resources for AWS, GCP and Azure. It can watch resource tags for changes across multiple cloud providers.

    JavaScript 2 Apache-2.0 2 1 3 Updated Sep 8, 2024
  • sample-ui Public

    Sample UI for visualization and connectivity workflows

    TypeScript 0 Apache-2.0 3 0 0 Updated Aug 14, 2024
  • awi-catalyst-sdwan-operator Public

    AWI operator. With this operator deployed, users can connect VPCs and VRFs and do application access control using kubectl.

    Go 3 Apache-2.0 0 0 3 Updated May 24, 2024
  • awi-grpc-catalyst-sdwan Public

    Cisco Catalyst SDWAN controller plugin for AWI.

    Go 2 Apache-2.0 1 0 3 Updated May 23, 2024
  • awi-grpc Public

    AWI connectivity and access control interface definitions. Both YAML based model and proto files are available.

    JavaScript 2 Apache-2.0 0 1 1 Updated May 8, 2024
  • awi-cli Public

    Command line interface to execute AWI commands to list and connect network domains.

    Go 2 Apache-2.0 0 0 0 Updated May 6, 2024
  • catalyst-sdwan-app-client Public

    Client golang library to interact with Cisco Catalyst SDWAN controller.

    Go 2 Apache-2.0 0 0 0 Updated Apr 24, 2024
  • awi-install Public

    Install AWI operator and corresponding catalyst SDWAN plugins in a K8S cluster. You could use this to install in minikube environment as well.

    Python 2 Apache-2.0 0 0 1 Updated Apr 18, 2024
  • kubernetes-discovery Public

    Discover kubernetes clusters and resources across cloud providers and/or on-prem

    Go 3 Apache-2.0 0 0 0 Updated Apr 10, 2024