Subject: [NANOG] Re: The Network CLI -- Love it ? Hate it? Needed? Date: Wed, Mar 19, 2025 at 12:39:52PM +0100 Quoting borg--- via NANOG (nanog@lists.nanog.org):
Hmm, I somehow reversed the model here. The source of trust is documentation, NOT the network. Works pretty well here, but I guess because I have very small scale. Managing around 200+ switches (campus and R&D networks).
Yes, intent is a very clean model. I find it is a bit inflexible when it hits the brownfield. But I want to emphasize that I really like the "I want the network to be like this" concept overall, and it is a workable abstraction to have as an end goal. You will use it to guide you as you make changes to accommodate the user needs of the network, sometimes in full crisis management mode! The problem is what happens to all the current network components as you are rebuilding the net -- they end up in limbo since you typically can't do forklift upgrades but will do rolling rebuilds continually. If we could have the actual state automatically reflected in the management model we'd net gain in observability, comprehension and documentation.
Yeah, it requires a discipline how you work. First, change the docs. Then do validation and review. Commit and then change the network.
This is what most people do, and it can be done well to new deployments where you do not have the inflexibilites of a "single pane of glass" marketing management system blocking you from solving the business logic problems your organisation have. Or the constraints of physical layouts. An example: We have too many machine rooms in our main facility and too little fibre between them. The plant layout sort of dictated "you should do superspines in your DC network" but the very expensive provisioning system refused to build that. "Not supported" and the solution proposed was to extend the system with scripting, in a way where upgrades would have been impossible. Combining the brownfield problems and the observed inflexibility in management systems converge in me having the "the network is the documentation" as a holy grail, because it has been proven to work, only that you need to be a seasoned network engineer to even begin to understand the docs. Having a management -- and by extension documentation -- system do that kind of understanding (btw I don't think a LLM would help, I have enough people around me lying about things they don't understand; I don't need my computers to stop telling me facts.) would be really useful. -- Måns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE SA0XLR +46 705 989668 Yow! I want my nose in lights!