A closer look at those who get it right, reveals that it’s not about the tools and solutions but about the way these are implemented. Two challenges are often overlooked but have to be addressed in order to be successful. In this blog I will tell you more about these challenges, so you can benefit from them.
When I talk to customers about network automation, one of the things that always comes up is: “I’m not sure how my network is configured exactly…”. When you don’t know the answer to this question it can be frightening to think about automation.
A common reaction, therefore, is that companies fail to start with network automation. But that would be a mistake and a missed opportunity. Instead of using automation for making network changes, automation can also be (and should be!) used to validate the configuration state of your network.
As they say, “You can only achieve true benefits of automation when you standardize”. So why not use automation to help you achieve this!
The key is to start with automating config back-ups and validation of your desired design and compliance policies and rules. This should be the foundation of your network automation journey as it allows you to make informed decisions as to what to fix to drive some standardization. And it serves as a closed-loop measuring process to ensure that you stay compliant.
You can validate your devices against your company’s design standards, but also against vendor hardening standards, or regulatory requirements. There’s a lot of information out there to help you with this: like CIS libraries, CVE databases, and of course your own policies and rules.
Once you start with this type of automation, you feel more certain about the configuration state of your network and the steps required to first drive some initial standardization. Now you can focus on automating other types of changes. My suggestion here is to be smart and use validation in every step of the process. Don’t automate ‘fire and forget’ jobs, but apply validation steps into your jobs and scripts like interactive show command and use ‘if-then-else logic before applying changes. And of course, you can use automation in a non-intrusive way to retrieve inventory information from devices, create reports, etc.
In the end, it’s all about feeling more comfortable and in control, before driving more and more automation.
The second challenge that is often overlooked is the unwritten rules that every organization has. Each organization has design rules, naming conventions, and technical choices that engineers make while doing their work. Usually, these rules are not well documented.
Even when you use Ansible or Python for network automation, the logic is still in the engineer’s head. Let’s take the example of issuing IP addresses where your device list is in a simple Excel file:
The unwritten rules for issuing a valid IP address could be: it has to be unique and it has to be in a certain range. Usually what happens is that the engineer is looking at this on a case-by-case basis and issues the IP based on his experience and the unwritten rules he has used before when issuing IP addresses. But these rules are not documented anywhere and when a new engineer has to issue an IP address he does not know these rules. Or he makes up his own!
To further the analogy of Excel: when the first engineer had made a Macro with the unwritten rules, there was no problem. I believe that you can only have stable and secure networks when making the rules explicit and enforce people to use them.
Automation logic like in the example above is not the only unwritten rule, there are many more:
To succeed with network automation, all these unwritten rules, processes, and tools need to become explicit. In itself, this is not difficult, but it takes quite some research to get the information well documented and available.
Killing those unwritten rules and getting transparent about them is a prerequisite for successful network automation.
We sometimes hear that people lose faith in network automation, but complexity does not mean you can't automate. There are more and more organizations out there that have successfully automated complex networks; even for their multi-vendor, multi-domain and legacy networks.
We can help you in your automation journey. We have the experts, the platform and the method to succeed. Just schedule a meeting with me! I love to hear about your specific questions.