[Infrastructures] using IA methodologies to build network element configuration

Brent Chapman Brent@GreatCircle.COM
Fri, 1 Apr 2005 15:31:19 -0800 

At 1:45 AM -0800 3/31/05, Steve Traugott wrote:
>On Tue, Mar 29, 2005 at 02:11:14PM +1000, Andrew Fort wrote:
>>  Some have recently tried to raise the profile of doing for networks what=
>=20
>>   we already do for systems, for example; Brent Chapman now has a blog=20
>>  discussing this field (www.greatcircle.com/blog/). =20
>
>I was going to send you to Brent but you beat me to it -- he and I have
>talked a good bit about this problem.  It's hard in many ways, including
>in a mathematical sense, and I've purposely stayed away from it for
>years because I saw more traction on UNIX hosts.  Brent wants to tackle
>it now though, and we both think the time is ripe.

As Steve knows, I don't think the networking side of this is all that 
hard, it's just foreign to most folks on the sysadmin side.  In the 
networking world, you're dealing with more major vendors (and thus 
more diversity in config languages and so forth), but far fewer total 
number of systems, and the config for each system is much simpler 
than for your average UNIX server.  Really, trust me on this... ;-)

There's a mystique around routers (which I certainly appreciate, 
since it lets me keep my consulting rates up.. ;-), but really 
they're generally fairly simple.  They're big and expensive and do 
specialized stuff really fast, and some of the protocols they deal 
with can be complex, but the configs themselves usually aren't that 
complex; they're just unfamiliar and long (but much of the length is 
often repetitive).  If your configs _aren't_ simple, then maybe 
there's something wrong with your network design...

>I've always said rollbacks can't be made reliable for changes to UNIX
>hosts, because it's self-modifying code and you might have broken your
>rollback mechanism; i.e. the turing paper.  I think a transaction
>rollback might be able to be made safe for most classes of network
>device changes though, since it's the management proxy changing the
>network device, rather than the network device changing itself (hmmm...
>that's an argument *against* using network devices on which you can
>install your own agents...)

It also helps to have a separate out-of-band management network 
(which many large networks do), so that even if the production 
network itself is broken, you can still get to the consoles to fix it.

>  > I have a few ideas about this I'd love to discuss, but won't use any=20
>>  more bandwidth unless there are interested parties.  Anyone?
>
>Brent and I have sort of divided Gaul over this, so I'd encourage anyone
>who's interested in working on this problem to go give him your brain
>cells at http://www.greatcircle.com/blog/network_automation/.  That
>shouldn't stop anyone from discussing it here though; I just now
>understood a few new things about UNIX host management from writing
>this, and I betcha the whole barrier/transaction thing is going to pay
>off big for everyone.

If there isn't already another forum where network automation is 
being discussed, then I'd be happy to set up and host a mailing list 
for that purpose.  Does anybody know of any existing forums, though? 
I haven't found any yet...


-Brent
-- 
Brent Chapman <brent@greatcircle.com> -- Great Circle Associates, Inc.
Specializing in network infrastructure for Silicon Valley since 1989
For info about us and our services, please see http://www.greatcircle.com/
Network Automation blog: http://www.greatcircle.com/blog/network_automation