The live network _should_ be the truth, but unless you have really nailed config and change management then your truth is what you remember and humans make terrible eye witnesses. Things might be working, but are your customers getting billing correctly, or the correct service? Or does that failover work? Did you put back in that filter you took out to debug something? I see a number of orgs doing all they can to prevent/minimise any use of CLI and in my view I think it’s the only direction the network can go in. There is way to much complexity and that is growing and growing and managing the truth in your head as what you remember will one day hurt. Outside of power I’d guess CLI makes up the vast majority of network outages. In my view it can’t be the future. Neil. From: sronan--- via NANOG <nanog@lists.nanog.org> Date: Wednesday, 19 March 2025 at 17:08 To: nanog@lists.nanog.org <nanog@lists.nanog.org> Cc: nanog@lists.nanog.org <nanog@lists.nanog.org>, sronan@ronan-online.com <sronan@ronan-online.com> Subject: [NANOG] Re: The Network CLI -- Love it ? Hate it? Needed? It seems people are confusing “source of truth” with “intended truth”, or maybe people have a different definition of truth than I do. The network is always the only source of truth as it is what is actually deployed in the network, it is the truth about what is, while I can intend for that truth to be different, that doesn’t change the reality of the situation. Shane
On Mar 19, 2025, at 12:54 PM, borg--- via NANOG <nanog@lists.nanog.org> wrote:
Yeah, you are right here. There is tooling that is able to dump all configs from network devices and compare it to docs and generate reports.
I never had to use something like this, but seems usefull to enforce state of trust from documentation.. If deviation is detected, it have to be fixed right away.. And is even easy to blame who made deviation. You can use 'svn blame' from docs and access log from devices.
In my small team (5 ppl) it was solved by saying: docs is the only source of trust, if you find deviation, docs telling the true. In case of complains, 'svn blame' + logs to the rescue.
---------- Original message ----------
From: Mns Nilsson via NANOG <nanog@lists.nanog.org> To: North American Network Operators Group <nanog@lists.nanog.org> Cc: Josh Reynolds <joshr@spitwspots.com>, Mns Nilsson <mansaxel@besserwisser.org> Subject: [NANOG] Re: The Network CLI -- Love it ? Hate it? Needed? Date: Wed, 19 Mar 2025 13:37:30 +0100
A *proposed* state or maybe even a snapshot of a particular time is more likely.
Documentation that deviates from reality will get ignored, forgotten and rejected. Treating it as plans and intents will work much better. We probably do that without reflecting over it already. Officially acknowledging it will only improve the process.
-- M˙˙ns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE SA0XLR +46 705 989668 Xerox your lunch and file it under "sex offenders"! _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/4UUWI6QO...
NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/N3RZ6WKQ...