Picking the Right Automation Tool for the Job
The Web provides a lot of information on networking and IT automation, and many tools are presented as the right solution to fix your IT problem. There is a growing stable of open source tools as well as a variety of commercial products. But you’ll soon find that selecting the right tool depends on the task. Some tools can handle multiple tasks, but more frequently, each tool will do one thing well.
This isn’t a new scenario. Network management typically requires multiple tools. A quick look at the NetCraftsmen Network Management Architecture shows eight different functions, some of which may require more than one tool. Since IT and network automation are similar to network management, it should be no surprise that multiple tools are needed.
So, let’s look at some of the tools and possibilities.
Configuration management is often the first task that comes to mind when we talk about network automation, a very difficult task to solve for many vendors. In some products, the commands take effect immediately, while other products allow for a commit and roll-back phase. A mistyped IP address or the wrong interface name in a configuration update could result in the device being cut-off from the management system. Sometimes, commands are added to a configuration, while other commands replace existing commands. There are also different interfaces for managing configurations: command-line interface, network management protocols, or APIs.
Intent-based configuration and model-based systems are an attempt to use abstractions that apply across a variety of devices and interfaces. These methods are frequently combined with source-of-truth databases that define the desired state of the network. The network configurations are then derived from the SoT database, and a configuration management system makes sure that the configurations reflect the desired state.
A related task is managing network device operating systems. Many networks have grown over time, and network devices are frequently installed with the operating system that was delivered. We commonly find networks where different operating system versions are running on multiple devices of the same model. This creates an environment in which commands can be different, and bugs are different, leading to unexpected behavior. OS management may be incorporated into a configuration management tool, or it may be a separate tool.
Validation and Troubleshooting
How do you know that a network is functioning as desired? A mistyped IP address could prevent a critical routing neighbor relationship from forming. Mistakes in firewall rules might prevent access to an important server, or more importantly, allow unauthorized access to critical servers without you being aware of it. Such errors aren’t obvious from a superficial review of the configuration.
The tools for validating the network configuration perform quite different functions than those used for configuration management. In an article titled The What, When, and How of Network Validation, the author discusses the topic in-depth, including different mechanisms that can be used to validate networks. Validation checks are essentially unit test cases for network change. Run the whole suite of validation tests after each change to make sure that the change didn’t impact other parts of the network. In the software development world, this is known as regression testing. It’s also a great idea to periodically run a full suite of validation tests to detect network failures that are hidden by redundant designs.
Networking organizations at the forefront of automation are creating “continuous integration/continuous deployment” (CI/CD) environments in which changes and tests are used with non-production test networks (virtual and/or physical) to validate changes and automatically push them to the network if there are no test failures. This process is like the CI/CD process used by modern software development teams for application development.
Network troubleshooting requires similar functions, and automation is a great approach for quickly gathering a lot of data, which can help pinpoint failures. A library of validation and troubleshooting tests can make it easy to identify problems. Even better, use an event analysis system to automatically trigger automation tasks that gather troubleshooting data.
Moves, adds, changes, deletions (MACD) is a big deal for network subsystems like UC, where phone numbers, voicemail boxes, and voice/video endpoints need to be consistently maintained. These automation systems are critical when moving from one voice system to another, allowing for translation of the UC system configuration between vendors. The sheer volume of daily changes drives the need for automation.
Network automation is becoming mainstream. The nice thing is that the network team doesn’t have to become programmers to adopt it. However, it does help to start to learn general software development methodologies, so you can take advantage of the many valuable tools that require some level of programming expertise to install and run.
On this topic, I’ll host a session at Enterprise Connect 2020, on April 2 at 8 am, titled "A Step-by-Step Guide to Automating Your Network" in which we will have several panelists to answer questions and share their knowledge about adopting automation. Please join us.