NEW YORK -- As the saying goes, the definition of insanity is doing the same thing over and over again and expecting different results. That rationale, or irrationality, could extend to network management, where things can get unwieldy. But a network automation strategy could restore some sanity in the system.
During a panel session at the ONUG Fall 2019 conference, Kevin Carney -- a retired principal network architect with 40 years of networking experience -- discussed how much insanity has infiltrated networking and how he thinks network automation can help.
Unquestionably, network infrastructure has evolved, moving from Ethernet to virtual networks and multi-cloud environments. While the infrastructure has changed, the way network engineers manage the network hasn't, as they continue to rely on error-prone manual processes, Carney said.
"More than 90% of issues are because of manual error, and it hasn't changed in four decades," he said. "If you look at the word insanity, we must be totally insane."
What can network automation do?
When implementing a network automation strategy, Carney said, the industry needs to consider brownfield environments, which integrate new hardware and software with legacy systems.
"[Brownfield environments] are out there, and they will be for a long time," he said. "Until we deal with brownfield, we're going to continue in the insanity."
Kevin CarneyRetired network architect
To address this problem, the first step with automation is pretty obvious: Eliminate manual work. Organizations that move from manual to automated processes can reduce errors, free up resources and better support customers, Carney said.
"It's going to be automation that enables us to provide the customers with a more stable environment so they can do business," he said.
But network automation can also encompass security. Automation and security together can help network engineers push "golden configurations" to all devices, detect network issues, enforce role-based security policies and remediate configurations, Carney said.
The combination can also alleviate the labor-intensive task of running security audits, he added. With automation, network teams can check configurations and standards more easily across devices and relay the results more efficiently.
How to approach a network automation strategy
Even with automation's benefits, any network automation strategy will require hours of hard work, Carney said. Enterprises must also consider the various skill levels that correlate with different types of network automation strategies. Most enterprises tend to choose from four main automation options, which range from mostly manual to mostly automated.
Command-line scripting. For years, network engineers have used command-line scripting for network management. The purpose was to make more sophisticated, independent or foolproof configurations. But those engineers still rely on copy and paste for configurations, which is highly susceptible to mistakes. Ultimately, Carney said, this approach is still manual.
Roll-your-own scripting. Formal scripting, or roll-your-own scripting, has become more popular as another network automation strategy. In a roll-your-own approach, network engineers learn a scripting language, catalog the scripts and create playbooks to follow for processes. While this strategy enables engineers to tweak configurations, it's highly specific to each device, Carney said.
"You're going to have to make a playbook for every device, and they're all different," he said. "You have to consider different functionalities, and creating all those playbooks is going to take a lot of time."
Further, those playbooks require constant maintenance to ensure the script is still correct. This effort is still manual, even though it enables automation, he added.
Off the shelf. An approach that starts to break the insanity cycle is choosing off-the-shelf automation options, Carney said. This strategy enables engineers to work with ready-made configurations, which they can customize and change as needed. This strategy, however, has a learning curve where engineers figure out the process and gain experience, Carney said.
"The difference here from rolling your own is the knowledge network engineers gain from the first time they do this to the second time they create configurations -- it's going to be transferable," he said. "They'll have a better understanding of what needs to happen in the future."
GUI. The final option Carney discussed is the use of a GUI that provides a recognizable format for automation processes, which is also beneficial for training staff. Instead of a reactive approach, the GUI becomes "more of an ongoing capability," he said.
Vendors will change features, which drives engineers to modify their playbooks and configurations. With the GUI format, engineers can "add a simple parameter" for the modification, he said. This strategy also provides a database that acts as the source of network knowledge, further supporting the ongoing capability.
"It can be fed by your applications, and it can feed your applications. So, you have this information, and you can use it in different ways," he said.