What's wrong with provisioning tools?

Mathew Lodge mathew at cplane.com
Wed Jun 12 21:24:37 UTC 2002


David,

Almost all of what you're talking about is network device configuration 
file management -- there are several solutions out there today that do 
this. The rest is template-based configuration provisioning tools, which 
typically have no operational model of the network -- so it should be no 
surprise that they generate the wrong configurations. So there are two 
questions:

The first is why aren't operators using even simple config management tools 
(Is every single one lacking somehow, or is it operational intertia?)

The more interesting one, IMHO, concerns operational complexity. It seems 
that complexity is really what makes it hard to operate an IP network -- 
even with highly skilled engineers -- and is also the barrier to writing 
useful network provisioning and configuration software. What abstractions 
would make it easier to understand the network and hence figure out the 
right configuration changes to make, so software wouldn't generate config 
changes that are broken?

Regards,

Mathew




At 01:38 PM 6/12/2002 -0400, David Daley wrote:
>A couple of times during NANOG25, from the floor and from the podium,  it 
>was identified that the tools available for managing networks were 
>garbage. I was surprised to hear  that even real basics, such as change 
>control and configuration management, weren't widely adopted. There 
>definitely seemed to be an acceptance (and perhaps this is only true at 
>some carriers) that many problems facing providers today are as a result 
>of a dearth of decent tools to configure 'best common practices' into the 
>routers - and as a result of this, the 'problems' with the networks were 
>not with the h/w and/or the protocols they support, but with the people, 
>and their lack of experience and/or ability to properly configure the boxes.
>
>A couple of comments that I heard over the last few days:
>1) User interfaces are horrible and counter intuitive - I want 'xyz' out 
>of my GUI
>2) Systems blindly apply bad configurations to routers - they should be 
>able to do 'some' verification before crashing my network - and can't roll 
>back after they wreck things
>3) Change control either doesn't exist, isn't usable, or isn't granular enough
>4) There isn't anything to track non sanctioned changes to the network 
>(i.e.: hacker induced re-configurations)
>
>I would very much like to hear about "specific" needs for (provisioning) 
>tools that would satisfy your needs - needs that are either being poorly 
>met to today, or not at all. In the hopes of preventing a vendor-bash 
>extravaganza, I would suggest as a point of reference, that the NMS 
>recommendations presented by Avi Freedman during the conference 
>("Industry/Government Infrastructure Vulnerability Assessment: Background 
>and Recommendations". Of the recommendations pertinent to network 
>management, many refer to future-features. As an additional attempt to 
>constraint the discussion, I would recommend that the needs identified be 
>realistic (i.e.: supportable on current equipment, the cost of the 
>solution would be less than the cost of the problem, etc).
>
>Cheers,
>David
>
>-
>David Daley
>+1.905.922.6560 (global)
>daley at montagueriver.com
>www.montagueriver.com
>Montague River Networks Inc.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20020612/eafa47b1/attachment.html>


More information about the NANOG mailing list