[Infrastructures] using IA methodologies to build network element configuration

Brent Chapman Brent@GreatCircle.COM
Tue, 5 Apr 2005 12:52:21 -0800 

At 2:55 PM -0400 4/5/05, Daniel Hagerty wrote:
>  > Yes, but you can use the same tools for both the production net and
>  > the management net as long as you don't change both nets
>  > simultaneously.  One of them needs to be stable at any given time,
>  > while you're changing the other one.
>
>     Sure, given.
>
>     Aside from the obvious "really smart people", "good design", etc,
>how do you know that a given change to the management network will not
>affect the production network in any way, and vice versa?

By running the production net and the management net as independently 
as possible, and carefully managing the interfaces between them.

At one broadband carrier whose network I'm familiar with, for 
example, the management network is a dedicated T1 and Frame Relay 
network that is totally separate from the production network (this is 
not just for reliability; there are security benefits to this as 
well).

At a service provider I'm familiar with, the management net is a 
separate subnet in each data center, with limited, carefully 
controlled, staticly-routed connectivity to/from the production net; 
there are also at least 2 different types of backup connectivity (an 
independent ISP Ethernet connection, and a dialup connection) to the 
management net in each data center.

You use separate links, routers, switches, and so forth for the 
management net, so that they don't have to be 
reconfigured/updated/upgraded along with the routers/switches/links 
on the production net (which usually needs to be 
reconfigured/updated/upgraded much more frequently).  There's a cost 
to this, but it doesn't take many outages or incidents to make it 
worthwhile.

Besides network automation advantages that we're focussing on here, 
there are also other advantages to having a separate management net:

	Security.  If your network devices can only be reconfigured over
	a management interface, and that management interface doesn't need
	to be exposed to your production network, you don't have to worry as
	much about in-band attacks against your network devices.  There's a
	strong case to be made for turning off network access to management
	services (Telnet, SSH, HTTP, SNMP, whatever) on network devices, or
	at least limiting those services only to interfaces that are connected
	to networks that aren't available to your general customers (such as
	the management nets that we're talking about here).

	Reliability of monitoring.  If you're using a separate management
	net for your device monitoring (SNMP, or whatever), then you don't
	have to worry as much about problems with the production net
	(outages, overload, latency, whatever) interfering with your ability
	to monitor and manage your service.  The utilization and bandwidth
	requirements for a management network are often much easier to
	predict (and thus provision for) than for a production network.

>Obviously these issues are not insurmountable.  But you do agree
>that they exist as issues, yes?

Yes, they are issues.  But separating the problem into parts (a 
production net and a management net) makes it easier to deal with 
these issues.


-Brent
-- 
Brent Chapman <brent@greatcircle.com> -- Great Circle Associates, Inc.
Specializing in network infrastructure for Silicon Valley since 1989
For info about us and our services, please see http://www.greatcircle.com/
Network Automation blog: http://www.greatcircle.com/blog/network_automation