On Tue, Mar 18, 2025 at 12:06 PM Mark Prosser via NANOG < nanog@lists.nanog.org> wrote:
Hi NANOG community,
I posed this question in several chat groups, but I'd like to get your opinions.
Do you love the CLI? Do you hate the CLI? Would you -- or do you already -- enjoy a world where you never need to touch the CLI, to manage your network?
This applies to both provisioning and troubleshooting; to which, you may have different answers.
So far, I've seen a variety of replies around the usual "should/must/must not/should not".
Warm regards,
-- Mark Prosser // E: mark@zealnetworks.ca // W: https://zealnetworks.ca
Hi Mark, I think you're setting up a false dichotomy here. :( I love doing configuration changes via CLI; but I do them via the CLI on my favorite *nix box, in a vi window, where I can save it, re-edit it, share it with colleagues for a second set of eyes sanity check before the changes are pushed out to the devices, verified, and then committed. Many would say "that's not what we mean when we say 'CLI'", but the truth is, that's as much a "CLI" type interaction with a device as directly SSH'ing onto the box and going into edit mode. I think any seasoned network operator is going to come to the realization at some point in their career that typing live into a box is a ticking time bomb, just waiting to go off. It's not a question of "if", it's a question of "when" an uncaught error is going to make it past the carriage return, or into a "commit confirmed" without being spotted in time. Humans are fallible creatures, and having additional validation and verification steps, whether it's just another pair of human eyes double checking what you've written before it gets pasted in, or committed to the CI/CD pipeline, or if it's a suite of live virtual network nodes that stage the change and validate the before and after states of the doppleganger virtual network before pushing it out to the live network, are absolutely essential. So--yes, I love making all my config changes via a CLI; but it's never live in the device itself without any peer review or other validation step before the change is committed to the live network. From that perspective, my "CLI" type interactions with devices might as well be via "GUI", in the sense that I'm not really making them "live" on the device; but they're as far from "GUI" as you can get in the sense that my changes are able to be reviewed and edited before being committed to the device, which as far as I've ever found, is not a feature any GUI I've dealt with actually supports doing. So, even if I never ssh into the box and type "edit" into the command line, I do all my configuration changes via 'CLI', and never through a 'GUI'--if that helps answer your somewhat false dichotomy. ^_^; Thanks! Matt