your123 -


Use network standardization to facilitate automation

Network teams can automate and standardize network designs to improve configurations, simplify operations and more easily implement changes within their networks.

Consistent network design and configuration are essential foundations for a smoothly functioning system. Automation helps achieve this goal.

The more standardized and simplified a configuration, the easier it is to use automation to implement change and validate network operation. The more standardized a network, the easier it is to deploy automation. Both help each other.

Fewer variations in design and configuration result in simpler automation tasks that don't need to account for differences. Configuration audits and changes both need to account for any differences, which complicates processes. In addition, each variation causes concern that there's a valid reason for it.

Standard designs are important for other reasons, too. Network teams should consistently apply good security configurations across the entire infrastructure to prevent bad actors from accessing the network. Standardization also greatly simplifies network troubleshooting because standard operating procedures are easier to create and maintain.

Using building block designs

Equipment vendor design guides recommend that network teams use building block designs and minimize the number of different building blocks. Each building block should specify the exact hardware, OS, interface selection and configuration used. To reduce system complexity, teams should minimize the number of building block variations their automation systems handle.

For example, it's best to have two remote site designs: an older design to transition from and a new design to which to transition. Teams may also have small and large site designs for a total of four remote site designs. Note that supporting more unique designs often increases the effort needed to maintain the automation system.

A significant design variance is any difference automation can't deploy. For example, hardware changes, such as equipment refreshes or interface updates, create differences that a configuration update can't deploy. Contrast that with a simple configuration change, like updating an access control list, which is easily deployed by automation.

It's tempting to deploy a nonstandard hardware configuration to handle new site requirements, but the downside is they require additional cases in the automation process. Even simple differences, like changes in the interfaces used for uplinks, can complicate automation. When emergency situations that require exceptions to standards arise, teams should work to standardize them as soon as possible.

Automation and network standardization

The automation process consists of the following functions:

  1. network device inventory
  2. configuration drift
  3. configuration audit
  4. network device OS updates
  5. configuration remediation

1. Network device inventory

A network device inventory guarantees the recognition of all devices. Bad actors can use unprotected devices to gain access to a network, so teams should make sure their networks are secure. Network inventories can also remove any old, forgotten devices that pose an operational risk to the network.

2. Configuration drift

The automation system can begin collecting configurations and monitoring changes once the network inventory recognizes devices on the network. Incorrect changes are the greatest causes of network outages. Network teams will find that tracking configuration drift is a critical function in failure diagnosis to identify what changed. Standardized designs make it easier to determine when something changes and if the change is caused by an outage.

NTP policy rule on Cisco IOS
Example of a configuration policy rule definition for NTP on a Cisco Internetwork Operating System

3. Configuration audit

Network teams can guarantee that standardized configurations are operational by using configuration audits that compare device configurations against standardized configuration templates. The templates specify required commands that should exist and forbidden commands that shouldn't exist. The templates are specific for each device function and model.

Configuration audits will identify configurations that don't match the standards for teams to bring them into compliance. Teams should also address any differences in hardware before standardizing the related configuration elements. Configuration auditing is a means of identifying devices with configurations that don't match a team's best practices and policies. Those devices need to be remediated to bring their configurations into compliance.

4. Network device OS updates

Network teams should also standardize the OS versions used in their devices to simplify the updating and patch processes. The initial inventory process should identify the OS used on each device. Keep the OS patched to avoid network security holes and subtle bugs that affect a network's operation. The patching process will be much smoother on a network that minimizes the number of different OSes.

5. Configuration remediation

The remediation and configuration updates are where automation provides its greatest value. For example, updating passwords, modifying a critical access list or making a routing protocol change across hundreds of routers are actions made simpler by starting with a known, standard configuration.

Automation and network standardization complement each other

Automation and network standardization work together to improve network operations and reduce human error. Standard network designs enable consistent application of automation across larger parts of networks.

Automation identifies exceptions to network standards and enables the network team to implement configuration changes quickly and accurately. Implementing and enforcing network standards result in a more secure and smoother functioning network.

This was last published in October 2021

Dig Deeper on Network protocols and standards