Balancing automated vs. manual network configuration management
Is there still a place for learning manual network configuration management in a world where networks are throttling toward automation? Sure — but how much is enough?
Should we be teaching people how to do manual network configuration before teaching automation?
Let’s consider the following network configuration management strategy for an enterprise: Two network managers are chatting about training Alice, a new employee.
Ted said, “We’ve got a new employee starting; her first task should be to build configurations for eight new switches. It’ll help us get the switches for that new network we’re setting up installed fast.”
Jan was puzzled. “We just learned about using Ansible and Jinja2 for automated configuration. Shouldn’t we all start using that approach?”
Ted shook his head. “It’s good to have Alice get experience with the details of the configurations.”
“But don’t you think building templates will give her the same level of command experience and teach the network automation approach at the same time?” Jan countered.
“Hmm, you may be right,” Ted conceded. “Building the templates will provide the command experience. And thinking about the configurations as templates driven by variables is the approach we want to start using. The Ansible and Jinja2 templating system wasn’t very difficult — would you work with Alice to create the configurations from templates?”
“Absolutely!” Jan said. “I’ll put to work what we’ve just learned, and it will help us all understand how to apply automation.”
How do you get started with network configuration management?
A network configuration management strategy scenario like the one above plays out in numerous networking teams. I know of one, though I’ve also found situations where the final recommendation is not to use automation.
The key questions are: When do you start using automation, and in what form? Building configurations is a good start. It doesn’t involve interactions with the command-line interface, and you can begin to think of device configurations in terms of the variables that differentiate one device’s configuration from another. We can start with simple network configuration elements and move on to more complex, and complete, configuration generations once we’ve mastered the simple process.
How we approach a network configuration management strategy has a lot to do with how well the automation system works. For example, I used to think of configurations as functional blocks that were common across configurations. These were configuration snippets for things like authentication, authorization and accounting Simple Network Management Protocol, Network Time Protocol, quality of service (QoS) and domain name server. But when I learned how other people were using Ansible and Jinja2 for configuration generation, I realized that my configuration management strategy was not optimum. It left too much of the configuration external to the common template.
People with more experience in network automation identified and extracted variables from the configuration, resulting in a much larger template and fewer separate variables. I found that a single variable can sometimes be used in multiple places to create configuration snippets. For example, the virtual LAN ID, VLAN name, and IP address can be used to create a switched virtual interface as well as the VLAN definition in a Cisco switch configuration. This is much more powerful than approaching the problem from the viewpoint of functional blocks.
What was the question?
Back to that original question: Should we teach manual network configuration before attempting to do automation as part of a network configuration management strategy? I think that it isn’t necessary to teach manual configuration beyond the first one or two efforts. Yes, we need to understand what the final configuration should do. Do we need to do manual configuration to gain that understanding? That depends on the individual. A manual configuration can be a starting point for building automation because it requires that we know the end goal.
The reason for my explanation about starting with configuration snippets versus using variables was to demonstrate that it was a significant mental change in the approach to configuration creation. When I learned the difference, it was an Aha! moment for me.
So, I recommend doing a few configurations manually, simply as a way to understand the final result of configuration templating and automation. Then use those configurations to identify possible variables, starting with simple variables and working up to more complex configuration templating. Note, it is possible to use Ansible to iterate over a list of switch interfaces, configuring VLANs, QoS and interface modes (trunking or access). But save that step for later and start by learning how to use variables in simpler parts of the configuration. The experience gained with the simple version will make the more complex version easier to grasp.
But the most important step in a network configuration management strategy is to get started and build the proper mental model of the process. Understanding what you want to do is more essential than learning the exact syntax of the configuration. – An article by Terry Slattery