[Infrastructures] using IA methodologies to build network element configuration

Andrew Fort afort@choqolat.org
Wed, 06 Apr 2005 10:51:49 +1000 

Brent Chapman wrote in response to Daniel Hagerty,

>>     If the world was perfect, you could write down a language that
>> described your entire distributed system, and produce all the other
>> configuration aspects of it from this one uber language.  In practice,
>> there's some getting there from here to achieve this.  People are able
>> to do it now to more or lesser extents, but we're still producing
>> these languages in an ad hoc fashion.
> 
> 
> I've been toying with the idea of creating a system (database, language, 
> etc.) for describing networks in enough detail that you could build 
> various tools on top of the system to produce configurations for 
> particular devices.  So, for instance, you would describe your network 
> in this system, and then run one tool against that description to 
> generate a Cisco config for a particular router, another tool to 
> generate a Juniper config for another router, yet another tool to 
> generate an Alteon config for a particular load balancer, etc.   And 
> still another tool to generate Cricket config files to do SNMP 
> performance monitoring of all the devices in your network, and another 
> tool to generate Nagios configurations for SNMP status monitoring, and 
> another tool to generate Snort configs for sensors in particular 
> locations, and so forth.  All running against a common, shared 
> description of your network.
> 
> 
> -Brent

We've been going in this direction at my employer.  Since we're 
multi-vendor, we need to approach this problem intimately, and this 
approach seems the most valid to us.

As discussed, the big problems are: configuration 'push' sucks (badly), 
and the initial configuration management of some devices (cough cisco 
non-modular switches) sucks even harder: "oh, you can load your 
configuration into startup, reload the switch.. but those VLAN 
definitions in your configuration won't be there till you reload twice", 
or "Oh, you want to boot the device via TFTP?  Or you just want to get 
your netconfig via TFTP (from BOOTP/DHCP instructions) at startup? 
Well, hey you're right! It doesn't work!  Wow, no customer has ever 
complained about that"...  oops. :/

For the routing policy example Daniel gave, this problem is "solved" in 
terms of building multi-vendor configuration.  It amazes me that only 1 
in 20 network engineers I talk to have heard of it (or 'have heard about 
it' but have no idea what it is).

RPSL (see rfc 2622, 2650) is the policy language.
IRRToolSet is the toolset for configuration building and data management 
    (originally a ISI/Merit? development, then RIPE, now ISC)..

However, IRRToolSet doesn't give you any way to upload your 
configurations, and as of RtConfig (the config builder) v4.7, it still 
doesn't support some of the most useful abstractions in RPSL (such as as 
router objects properly).  Also, some problems are most easily handled 
by simply awk'ing the output of it..

Still, if you have a complex policy (read, you provide BGP communities 
to your customers to modify their routing configuration in ways more 
complex than "lower your local preference"), which is actually almost 
all large ISPs), you are already going to be using some form of 
configuration automation.  Either that, or the straightjacket is 
beginning to chafe.

-andrew