[Infrastructures] using IA methodologies to build network element configuration

Brent Chapman Brent@GreatCircle.COM
Sat, 2 Apr 2005 18:58:46 -0800 

At 2:55 PM -0500 4/2/05, Daniel Hagerty wrote:
>  > In the networking world (I am not including firewalls in this), I have
>  > not yet seen that much data is duplicated and needs to be normalised.
>  > If you think that normalisation will help, I am for it.
>
>     So what do you think the routing policy of a network is?  In my
>mind, it's a distributed object (I could invent a language that
>described the routing policy for an entire network) that is somehow
>realized in pieces across each element within a network.  That strikes
>me as duplication of some form, even if the precise aspect of the
>duplicating may not be obvious.

Exactly.  In many cases, you aren't actually "duplicating" info onto 
different network devices, but rather deriving specific info for each 
device from some common source.

>     The routing policy is by far from the only example (like the
>firewalls you're avoiding), but it all comes down to the same problems
>in the end:
>
>     You have a large, distributed system.  Each part of it has to be
>consistent with the the whole for the distributed system to perform
>correctly.  Whether the distributed system consists primarily of unix
>machines,  or routers is of little consequence -- distributed system
>is distributed system.

Yes, precisely; that's a good explanation.

>     If the world was perfect, you could write down a language that
>described your entire distributed system, and produce all the other
>configuration aspects of it from this one uber language.  In practice,
>there's some getting there from here to achieve this.  People are able
>to do it now to more or lesser extents, but we're still producing
>these languages in an ad hoc fashion.

I've been toying with the idea of creating a system (database, 
language, etc.) for describing networks in enough detail that you 
could build various tools on top of the system to produce 
configurations for particular devices.  So, for instance, you would 
describe your network in this system, and then run one tool against 
that description to generate a Cisco config for a particular router, 
another tool to generate a Juniper config for another router, yet 
another tool to generate an Alteon config for a particular load 
balancer, etc.   And still another tool to generate Cricket config 
files to do SNMP performance monitoring of all the devices in your 
network, and another tool to generate Nagios configurations for SNMP 
status monitoring, and another tool to generate Snort configs for 
sensors in particular locations, and so forth.  All running against a 
common, shared description of your network.


-Brent
-- 
Brent Chapman <brent@greatcircle.com> -- Great Circle Associates, Inc.
Specializing in network infrastructure for Silicon Valley since 1989
For info about us and our services, please see http://www.greatcircle.com/
Network Automation blog: http://www.greatcircle.com/blog/network_automation