[AusNOG] Network Management and Tools

phil colbourn philcolbourn at gmail.com
Mon Jul 5 22:26:43 EST 2010


I too am very interested in configuration management tools and systems.


We (Comms group in RailCorp) are working on a system that captures the
network architecture in an XML form and using templates it generates the
configuration files for all so-managed switches.

Our aims are to be equipment vendor neutral, have a portable configuration
and to automatically deploy the resulting config files to the switches
initially at commissioning, after changes and to devices that get replaced
in the field.


Key points (implemented in either concept form or fully functional):

* The XML is validated using (currently) schematron and relax-ng schema
generated using pyang from yang definitions.

* The template config files are device/vendor specific and manually created.
They contain xpath queries to lookup the XML files for the required data.

eg. in XML there might be the SNMP server defined as
<SNMPManager>10.1.2.3</SNMPManager>

The template might have a line like this
    snmpserver [[/network/globals/SNMPManager]]

which after processing would result in
    snmpserver 10.1.2.3

(Obviously the real templates are more complex especially when defining
interfaces, routing protocols, MPLS RSVP-TE paths etc.)

* Validation includes business rules (an edge node must connect to two core
nodes; a core node must have AC and DC PSUs) and Network/generic rules (a
link must connect to two different but compatible ports)

* Automatic documentation generation - if the network is defined then we can
make very detailed online documentation.

* Device verification - no device will be configured unless it has the
right, for example, SN, MAC address, software version and exact PSUs and
cards installed.

* Generation of life-like SVG and PNG images of switches for documentation.

* Generation of network diagrams and rack layouts.

* Generation of 'model' networks using live-network configuration files for
testing.

* IP addresses must be automatically assigned and fixed.

* Everything is text based and held in a revision control system.

* The code base is measured in 'thousands' not '10's of thousands or more'

* Simple 'plugin' design to allow other scripts to be written to build other
files.


Future possibilities (ideas or some test scripts built but not integrated)

* Automatic configuration of network management (alarm, event, performance,
AAA) servers.

* Automatic production of VMs with generated config files for DNS, DHCP,
syslog, SNMP Trap collectors, SNMP event managers, RADIUS, web servers, ...

* Automatic NMS GUI (hover over a port and a RRD graph is displayed like
weathermap; click on a port and a web page is generated containing it's
configuration, traffic graphs, VPN details etc.)

* Service admission management based on guaranteed bandwidth and number of
policed services connected to a VPN (we are moving to guaranteed allocated
bandwidth per VPN per port)

* Validation of live network by ensuring SNMP MIB of each switch matches
configuration; routing tables are as per configuration; all defined
interfaces are configured; config files match the files in the Revision
Control System.

* Other things we have toyed with include Google Maps; linking to internal
GIS records for optical fibre/route/DWDM information; extracting site
information from Lotus Notes databases; creating site maps from Google's map
service;

* Some other ideas include linking to site CCTV web pages and trouble-ticket
systems; generating automatic scripts for link failure testing using some
sort of optical cross-connect switch.

(I even made a SNMP to XML agent - see below - in my own time, but this has
not been used)


A question to AusNOG:

If this was open sourced, would people/companies be interested in
contributing to further develop the system to suit any operator's
environment?

Our aim is to have the business rules separately defined so that it would be
suited to any network. The network operator could internally develop their
own business rules to suit their network and customer base while
contributing to the generic code base.


On Mon, Jul 5, 2010 at 9:06 PM, Simon Knight <simon.knight at gmail.com> wrote:

> I'm particularly interested in any answers to your question of
> configuration management.
> This is my area of research, so I'm interested in how people in
> industry are generating and maintaining their device configuration
> files.
>
> Off-list replies welcomed.
>
> Cheers!
> Simon
>
> On Mon, Jul 5, 2010 at 8:30 PM, phil colbourn <philcolbourn at gmail.com>
> wrote:
> > Thank you for sharing your experience. I appreciate your detailed
> replies,
> > experience - good and bad - and anecdotes.
> > If other people have anything to add, I - and it seems others on AusNOG -
> > would be interested in the tools you use to manage your networks.
> > Phil
> > _______________________________________________
> > AusNOG mailing list
> > AusNOG at lists.ausnog.net
> > http://lists.ausnog.net/mailman/listinfo/ausnog
> >
> >
>



-- 
Phil

http://philatwarrimoo.blogspot.com
http://code.google.com/p/snmp2xml

"Someone has solved it and uploaded it for free."

"If I have nothing to hide, you have no reason to look."

"Any sufficiently advanced technology is indistinguishable from magic."
Arthur C. Clarke - Who does magic today?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20100705/86b499fc/attachment.html>


More information about the AusNOG mailing list