How to Apply Standardization Across Your Wild, Wild West Network

It’s no secret that network management has become incredibly chaotic. With the introduction of virtual devices, overlays, and controllers (not to mention the cloud-based stuff), it’s no wonder most network engineers can’t tell you if their network is following the correct standard or not. Ethan Banks said it best on a recent Packet Pusher’s podcast, “it’s kind of become the wild, wild west out there.”

I know I can relate to that. So, how do network engineers grab their lassos and wrangle in their wild networks? Well, it all starts by applying standardization across your entire network.

How the Network Became the Wild, Wild West

Before we dive into how to achieve a standardized network, let’s start with why network engineers are feeling like their networks have become the wild, wild west.

Networks are comprised of many network devices, and while every network device has unique properties and configurations, there should be parts of their configurations that are the same across groups of them. In a good example of standardization, consider a recently deployed group of Leaf Switches in a data center network – they should share some common characteristics in configuration like system services (NTP, SYSLOG, SNMP) and security (ACL, authentication). They share a high degree of standardization because they were deployed based on a common Golden Configuration template.

While that may hold true for a small group of devices on the network, there are lots of network devices across a typical network that lack any type of standardization. Network devices have been deployed with different functions in different parts of the network at different times by different groups using manual processes. This has led to a lack of any kind of consistency or standardization for devices across the whole network. The network has devices that have different SNMP configurations, using different NTP and syslog servers, varying degrees of security and ACL configurations, and features enabled that may have been deprecated years ago. The network is comprised of devices that are configured as exceptions, oddballs, corner cases, and unique snowflakes.

“If you’re trying to deal with all these little corner cases, because of all these exceptions and oddball things you’ve done from one device to another over time, automating that becomes fragile, it’s difficult to do that because there’s more risk involved. The standardization, getting to that compliance state, to me is a facilitator for automation.” – Ethan Banks Packet Pushers

While the network may be working, it doesn’t mean that it’s secure, reliable, or operating efficiently. Networks were not designed to be fragile and a lack of standardization will inevitably create a fragile network. Most networks have become the wild, wild west without a sheriff to enforce law, order, or standardization.

The Key To Network Standardization

The key to network standardization is to adopt a solution that can deliver automated network compliance across the entire network. Network teams should be able to start with small, globally relevant areas of configuration and define a Golden Configuration standard around those items. Items that are typically consistent and don’t change often are great starting points – like ntp and syslog server configurations, snmp settings, or management and service ACL related configurations. Once those are defined, your solution should be able to check devices to ensure that their configurations match these settings. If the device configurations differ, they need to be updated to reflect the correct settings which brings that device back into compliance.

Given the number of devices on a typical network, it’s helpful to have this remediation process automated, either fully or partially, depending on the nature of the changes. These may seem like small wins, but teams will continue to add more and more to the Golden Configuration standard over time, and eventually a completely defined standard is created that will enable the network to finally achieve a state of standardization.

Why You Need Standardization Before You Can Automate

In the wild west, where every device is configured differently, it’s nearly impossible to predict how any device may react to automations, which becomes a real roadblock in deploying network automation. Network teams need to get the network in order before they feel confident in deploying any network automation.

The first step for them is to assess the existing configurations on their network and determine what needs to be updated in order to be compliant with the Golden Configuration standards that have been defined. Once this is accomplished, teams have increased confidence to deploy network automations since they have a better understanding of how the devices will respond to the automations. They are fully aware of how each device is configured, and most importantly, that it is operating based on a standardized configuration. When an automation is run across these devices, they have an understanding at how it will react, building the trust and confidence in the network and their ability to automate across it.

How Itential Helps Bring Law & Order to Your Network

If your network feels like the wild west, then it’s time to bring a new sheriff in town ­– one that can deliver configuration standardization across on-premises and cloud networks through network configuration compliance. With Itential’s Configuration Manager, your network team can:

• Quickly create Golden Configuration templates for both CLI network devices and cloud-based services that use APIs for management.
• Run compliance reports for devices and services on the network, and automatically remediate the configuration of any device that is not compliant.
• Validate proposed configuration changes to the network to ensure, before they are even applied, that the changes will not break the compliance standard.

Itential makes it easy for network teams have confidence in their network automations by providing the law and order needed to ensure everything runs as intended. To learn more about Itential’s approach to network configuration and compliance, check out our recent Packet Pushers Podcast where Itential CTO Chris Wade discusses what network compliance is and why it’s a critical component of network automation.