[Infrastructures] Network device management

[Will Lowe]

> Isn't the second point valid for any infrastructure work? If I fubar
> a network setting (say something in the IP settings) in gold and a
> bad config escapes into production that can knock the server off the
> air I've got problems.

Sure.  But in the "gold server" scenario you've typically got multiple
cloned copies in production (else why bother) and if your setup is
sane you do something like push the changes to a single clone first
and see what breaks.  Also, it's easier to create an environment where
you can try out a change before you commit it to the gold server
(e.g., make sure your new sendmail.cf parses).

Network gear typically isn't redudant in the same way.  Even in the
case of a pair of routers using something like HSRP, often if you
screw up the config on one the mate gets confused and you're pretty
much hosed.  Also, it's pretty unlikely that you can push enough
traffic in your dev/QA environment to find out what the effect of a
BGP MED change is going to be, so you can't test the changes as
effectively before trying them in production.

IMO, if you're not going to bother with something like OpenView (or
IronView or whatever your hw vendor is selling), or roll your own
equivalent, you're better off managing network gear by hand and
diffing the configs offline.

-- 
        Will