spainter_vfx - stock.adobe.com
How are automated network configuration and management changing?
Could a new generation of network testing and verification tools combine with automated network configuration to mimic intent-based networking systems?
Traditionally, network configuration was a manual task of entering command-line interface instructions. Automated network configuration aims to simplify these tasks.
Intent-based networking (IBN) products offer network engineers the ability to describe high-level IT goals, and the system automatically translates those goals into network settings. While that is a worthy goal, most IT groups design a network only occasionally. Much of IT's time is spent on routine operational tasks, such as updating existing settings, testing new settings before widespread deployment or cancelling erroneous changes. Which tools can help automate those tasks?
While IBN systems can help with operational tasks, many network engineers may not be ready for those new services. However, conventional vendor-supplied tools -- like Cisco Prime Network Change and Configuration Management -- can manage current configurations and archive old configurations to enable the restoration of prior settings and help with audits and regulatory compliance.
For multivendor environments, you can use multiple vendor-supplied tools or the DevOps style of model-based scripts written for configuration management systems, such as Ansible, Chef or Puppet. For example, Juniper's Junos OS supports all these systems, but you need to learn these scripting languages.
Automated network configuration melds with verification
Network testing is a complex task, but a new generation of network verification tools can help. While not yet mainstream, these tools offer the ability to model the intent of a network and automatically verify that the live network configurations fulfill those goals, such as whether access control lists properly deny access to some subnets from specified IP prefixes.
Both startups and established vendors provide these types of network verification tools.
Eventually, the combination of automation tools could help with design, implementation and testing to provide an end-to-end service. However, we don't have to wait for all these tools to become mature and widely available. Using them today can help -- compared to error-prone manual methods.