I’m a network engineer, and a part of my job is configuring switches, routers and firewalls. I usually work with projects that have some thousands switches each: some core switches, server switches, many distribution switches, and a large amount of small access switches for users. I mainly make networks for cruise ships – just imagine a cruise ship with about 3000 passengers and 1000 crew: each cabin gets network access for IP-TV, IP telephone, air condition, programmable door lock, computer port. Not to forget let’s say 1000 WiFi access points, 300 CCTV cameras, cash machines, vending machines, office computers everywhere, even in the Spa, IP clocks, engine and nautical workstations, broadcast center and of cause redundant data centers with racks full of servers. For security reasons, there are hundreds of VLANs (virtual networks) in several (virtual) security domains.
How to configure and to manage all of this?
Let’s take a look at configurations:
- They are plain text.
- Config files can be huge: my last core switch had 5000 lines of configuration.
- Whole configs are similar with just a bit individual information (set of access switches, set of distribution switches; also redundant core switches are nearly like clones of each other).
- They consist of blocks witch repeat, such as 48 interface configs for single switches or modules.
- VLAN IDs, subnet IPs, port channels, various properties are in a sequence or can be calculated.
- Each layer of switches (core, distribution, access, datacenter) can use a different technology and syntax of the same manufacturer (Cisco Nexus vs. Catalyst) or even different manufacturers: it is be good to abstract from the hardware: to define config by meaning rather than by technical implementation.
- Networks are similar: for example the next cruise ship of the same fleet differs mainly in IP addressing. And even for a very different ship or campus some of the principles are the same.
So, to get this work done, I don’t type configuration lines manually. I program it, and for this I need a language, that
- generates text (no matter if plain text or in a PDF)
- heavily uses macros
- can repeat things
- can use counters or can basically calculate
- can generate config snippets based on CSV files (I get very long Excel lists of inventory data such as device names, IP address, location, asset tag)
- separates content (features, function) from implementation (command sequences in style file, library)
- is portable and cross-platform (runs on my Macbook and netbook, on Linux servers that I use remotely via SSH, on a Windows laptop of my co-worker)
- supports version control (subversion/SVN, Git)
- integrates internal documentation capabilities (such as docstrip)
- can generate user and customer documentation in PDF
- may output drawings of the architecture, re-using actual config data (IPs, subnets, VLANs) (samples without data labels: datacenter post, images in drawings, images in TikZ nodes, more to come)