[Infrastructures] using IA methodologies to build network element configuration

Brent Chapman Brent@GreatCircle.COM
Fri, 1 Apr 2005 14:53:33 -0800 

At 9:53 AM -0700 3/29/05, Joel Huddleston wrote:
>Push, damn, I *wish* Cisco, Bay and Juniper would put a decent user
>interface/mutlitasking OS on a router.

Juniper _does_ have a pretty good user interface for automated 
management, in my opinion; I think they've got a pretty good 
interface for manual management, as well, for that matter.  I wish 
other vendors were anywhere near as good.

Essentially, they have an XML interface for management, particularly 
configuration management (See 
http://www.juniper.net/support/junoscript/).  Their CLI is just a 
fairly simple text interpreter atop the XML interface; pretty much 
everything you can do interactively in the CLI, you can do directly 
via the XML interface in a much more programmatic fashion.

They essentially treat the configuration of the device as a 
structured database.  Through the XML API (or the CLI which is built 
on top of that), you can make a series of changes to the database, 
and then apply them all at once; you can also easily back them out 
all at once, if something goes wrong, or even tell the router before 
applying them to automatically back them out if you don't confirm 
them within some period of time (for instance, because the changes 
caused you to inadvertently lose touch with the router).  This 
"rollback" capability is _really_ useful.

>Full configs are delivered each time a system is updated. Router 
>configs tend to
>be somewhat simpler (read "smaller") than entire OS configs.

Yeah, with Cisco and many other vendors, you definitely want to load 
the whole config at a time, because they don't give you good tools 
for programmatically editing/updating a config, and then applying all 
the changes at once, the way Juniper does.  You can replace the whole 
config with Juniper, of course, if that's what you want to do; my 
point is just that, they've provided better programmatic 
editing/update tools than most other vendors, so it isn't always 
necessary to simply replace the whole config.

>One conceivable solution to the push/pull problem would be a small UNIX system
>(hell, a $499 MacNugget (Mac Mini) is IDEAL for this) colocated with network
>gear. Have it "pull" new configs from the central authority. Give it ultimate
>authority to deliver those through a local push. Have it test the configs to
>ensure connectivity is maintained. Let it auto-backout if problems occur.

That's kinda what the management processor on a Juniper box does.


-Brent
-- 
Brent Chapman <brent@greatcircle.com> -- Great Circle Associates, Inc.
Specializing in network infrastructure for Silicon Valley since 1989
For info about us and our services, please see http://www.greatcircle.com/
Network Automation blog: http://www.greatcircle.com/blog/network_automation