 |
|
Automated Configuration of Network Elements Not long ago, network administrators could configure network devices once and then just leave them alone, so called “set and forget” administration. Today’s multiservice networks require frequent and often complex configuration changes to provision a range of services. It therefore makes sense to automate the configuration process. Until recently, approaches to automating configuration management have had technical limitations. One approach is to develop scripts for each device that talk through its Command Line Interface (CLI). New scripts are written and tested as new equipment is added. Maintaining them is both challenging and error-prone. In addition, multi-box transactions are rendered difficult by the lack of a standardized scripting model for equipment from multiple vendors and the absence of locking and other semantics needed to ensure consistency and correctness of changes across the network. Although SNMP is long-established and works well for monitoring network devices, it is not a good solution for configuration management, and is and is seldom for that purpose used in practice. It lacks a reliable and secure delivery mechanism and has no way to allow the network to revert automatically to a working configuration in the event of an error. The administrator must therefore detect the error (usually after receiving a number of frantic complaints) and try to hurriedly restore the previous setup. The IETF has acknowledged the need for an improved standard for automated network configuration. In December 2006, it finalized an XML-based protocol called NETCONF (RFCs 4741-4744). Equipment vendors and network operators are using NETCONF to facilitate scalable deployments of networks without the risks of disruptive configuration errors. NETCONF uses XML encoding for protocol messages and configuration data exchanged between managers and agents. XML requests and responses are sent over Secure Shell (SSH), a persistent, secure, and authenticated transport protocol. Encryption ensures that the requests and responses are confidential and tamper-proof. NETCONF increases the robustness of dynamic networks by providing built-in safeguards to ensure that configuration changes are made in a valid and consistent way across all network devices. Its capabilities include transaction management, validations, and rollbacks. For example, a configuration change will be initially written as a candidate. After a specified interval, devices automatically revert to their original configuration unless the change is confirmed. Administrators can use this capability to test configurations that may potentially degrade or disable connectivity. An example commercial implementation of NETCONF is embedded in Tail-f Systems’ ConfD software. ConfD enables equipment suppliers to rapidly implement key management interfaces including CLI, Web UI, SNMP, and NETCONF. ConfD implements the transaction model used by the NETCONF standard for automated configuration management across all management interfaces. Networks today are larger and more complex than ever before and are becoming increasingly mission-critical. Administrators see the NETCONF protocol as a way to save cost and reduce network outages. NETCONF leverages XML and a set of robust security and transaction management protocols that simplify and safeguard network-wide configuration management. Hakan Millroth is CEO and President of Tail-f Systems. You can reach him at hakanm@tail-f.com. |