[Infrastructures] using IA methodologies to build network element configuration

Tim Nelson architect@webalive.biz
Tue, 5 Apr 2005 14:58:32 +1000 (EST) 

On Fri, 1 Apr 2005, Brent Chapman wrote:

> At 4:51 AM +0530 3/30/05, Devdas Bhagat wrote:
>> However, I think that most routers will /not/ have similar
>> configurations anyway, except maybe passwords (and you can farm those
>> out to tacacs/radius) and console limits.
>
> That's exactly the mistake that many folks make in designing their networks, 
> thinking "these devices have almost nothing in common, so we'll just maintain 
> them all by hand as a bunch of one-offs".  Well, you might only have one

 	I previously worked for a small ISP with 2 POPs.  We had 3 Cisco 
AS5300s (modem racks), a Cisco AS5200 (modem rack), 3 cisco routers, and a 
couple of cisco switches.  I spent a fair bit of time (well, some hours, 
anyway :) ) documenting the config on the ciscos, and the configuration 
for the modem racks (to pick the most similar case) was about 90% the 
same.  Fortunately I don't have to worry about network equipment here 
(well, one Linux router :) ), as we're using a datacentre for our servers, 
and they do that.

On Fri, 1 Apr 2005, Brent Chapman wrote:

> At 1:45 AM -0800 3/31/05, Steve Traugott wrote:
>> On Tue, Mar 29, 2005 at 02:11:14PM +1000, Andrew Fort wrote:
>>> I have a few ideas about this I'd love to discuss, but won't use any=20
>>>  more bandwidth unless there are interested parties.  Anyone?
>> 
>> Brent and I have sort of divided Gaul over this, so I'd encourage anyone
>> who's interested in working on this problem to go give him your brain
>> cells at http://www.greatcircle.com/blog/network_automation/.  That
>> shouldn't stop anyone from discussing it here though; I just now
>> understood a few new things about UNIX host management from writing
>> this, and I betcha the whole barrier/transaction thing is going to pay
>> off big for everyone.
>
> If there isn't already another forum where network automation is being 
> discussed, then I'd be happy to set up and host a mailing list for that 
> purpose.  Does anybody know of any existing forums, though? I haven't found 
> any yet...

 	I've never heard of any, but I think some kind of forum for this 
would be good, either a mailing list (as you suggest), or maybe a wiki :).


On Sat, 2 Apr 2005, Devdas Bhagat wrote:

> On 01/04/05 15:09 -0800, Brent Chapman wrote:
>> At 4:51 AM +0530 3/30/05, Devdas Bhagat wrote:
>>> However, I think that most routers will /not/ have similar
>>> configurations anyway, except maybe passwords (and you can farm those
>>> out to tacacs/radius) and console limits.
>>
>> That's exactly the mistake that many folks make in designing their
>> networks, thinking "these devices have almost nothing in common, so
[snip]
> My questions are:
> What percentage of your device configuration is common?

 	Speaking of my previous workplace:
-	Modem racks; 90% similar
-	Non-modem-racks: 40% similarity between any two, but different
 	overlaps.

> When something is different, how different is it?

 	Usually either non-existant, or almost identical.  Examples:

Same everywhere:
-	DNS/Auth server settings
Minor differences:
-	Shared interfaces (ie. /30 links); IP addresses reversed
-	Modem config; same, but with different IP pools
Non-existant:
-	Non-shared/non-common interfaces (ie. our uplink to the outside
 	world)

 	In the situation I was in, it wasn't worth automating (time 
limits), but once they get their servers automated, it would be worth a 
look :).

 	I know it's a small example, but I figure if there's reasonable 
overlap even in small examples, there's even more overlap in larger ones.

 	Additionally, something that doesn't seem to be getting mentioned 
much is the integration of network automation and systems automation.  For 
example, I'd like to use the network automation tool to configure the 
network settings on my unix host (/etc/resolv.conf, ifconfig settings, 
/prot/net/*, and the like; obviously I'm a linux guy :) ), and I'd also 
like to be able to access my network config from my systems automation 
tool.

> Where I am coming from is this (drawing inspiration from RDBMS theory):
>
> We have a group configuration, and then a per host/service configuration.
> In the infrastructures world, we are normalising the configuration
> database, and ensuring that with appropriate foreign keys, the data is
> consistent.
>
> In the networking world (I am not including firewalls in this), I have
> not yet seen that much data is duplicated and needs to be normalised.
> If you think that normalisation will help, I am for it.

 	I like the theory, but my admittedly small experience is that 
there is a fair amount of duplication.  Are your perceptions of 
duplication being altered by using a wide variety of hardware (rather than 
a number of similar machines)?

On Sat, 2 Apr 2005, Steve Traugott wrote:

> Sigh.  Time for a blog, maybe.  But they get spammed too....

 	Wiki?  :)

-- 
Tim Nelson
Server Administrator
WebAlive Technologies Global
Level 1 Innovation Building, Digital Harbour
1010 LaTrobe Street
Docklands, Melbourne, 
Vic, 3008
Phone: +61 3 9934 0812
Fax: +61 3 9934 0899
E-mail: tim.nelson@webalive.biz
http://www.webalive.biz/

"Your Business, Your Web, Your Control"