IETF effort promises fewer net failures

The IETF has nearly completed a protocol that could address perhaps the major underlying cause of network breakdowns: misconfigured equipment.

The thrust behind NetConf, which could be adopted by year-end, is to reduce the programming effort involved in automating device configuration. The goal is to generate better configuration tools and encourage faster updating of these tools when network equipment vendors upgrade the software on their machines, industry experts say.

Software that keeps people out of the loop as much as possible when configuring switches and routers is a key to improving uptime, says Jeffrey Nudler, a senior analyst at Enterprise Management Associates. "The possibility of failures would be much reduced if you consider that changing device configuration causes 60% of downtime due to human error," he says.

Rather than rely on typing command-line interfaces or scripts that mimic humans entering CLIs, NetConf would use XML to configure devices and to more efficiently tap state and configuration data stored on devices, says Andy Bierman, chairman of the IETF's Network Configuration Working Group. "XML is just so much better at separating data from metadata and also adapting to the CLI," he says.

A widely adopted standard programming interface, such as that defined by NetConf, would make it simpler for vendors that specialize in configuration management to create broadly applicable tools, says Sherrie Woodring, CEO of configuration management vendor Emprisa. "A lot of our R&D costs go toward learning the multiple techniques to get information out of a device and incorporating that into a product."

Today, management software vendors painstakingly learn the format and protocols that equipment makers use to store and access configuration data on each piece of gear. They then write software that can gather and manipulate this data via a consistent user interface.

When a vendor updates software on, say, a router, that might include a change to the format to which configuration management software vendors have to adapt - and that takes time that can delay network upgrades, says Paul Froutan, vice president of product engineering at Rackspace in San Antonio. The company uses Voyence's software.

"Everything today is being done in a custom manner," Froutan says. "Generally, when you have a new device or there is a new feature added, you want to get at it immediately. If it's not updated quickly enough, that's when you stop supporting that product or standard."

Being able to gather configuration data quickly has greater implications the larger the network. Jim Keck, vice president of enterprise systems services in Citigroup's technology infrastructure group in New York, says if NetConf takes off he imagines it will simplify configuration of the more than 30,000 switches and routers in Citigroup's network.

"Normalizing this process so I can simply ask, 'What's the [operating system]?' would have a major impact," he says, referring to the various operating system iterations running on his Cisco network gear and other hardware.

By creating a more widely understood platform, businesses would need fewer device-specific experts. "Instead of having to know multiple protocols and tools, anyone could take this information and apply it to troubleshooting or root-cause analysis, speeding mean time to repair," Nudler says.

Most vendors supply their own configuration tools, but if they fit to a standard it would be easier to create individual tools that control more devices, says Eliot Lear, a consulting engineer at Cisco who co-wrote one of the NetConf proposals. "It's likely over time you'll see more and more accessibility to more and more devices from the same tool," he says.

That appeals to Citigroup's Keck. "Fewer tools helps our support team stay leaner and more responsive," he says.

Some vendors already are using configuration tools that follow the NetConf model of including XML support. Cisco, for example, has its Enhanced Device Interface (ED-I) and Juniper has Junos Script to support programmatic interfaces to configuration. Both vendors are active in writing NetConf.

Even if the IETF endorses NetConf quickly, that doesn't mean it will appear right away in lots of equipment or configuration tools.

Juniper will likely standardize on NetConf when it wins IETF approval, says Craig Bardenheuer, a director of product management. "A standard makes it easier for our customers to write tools to deploy our gear quickly and efficiently," he says.

Similarly, Cisco will likely adopt it, but cautiously, Lear says. Cisco supports CLI and ED-I, and supporting NetConf as well might create compatibility problems. "The only thing worse than two solutions to solve the same problem is three solutions to solve the same problem," he says.

Even after equipment vendors start using NetConf, they will still add their own extras as a way to stand out from the competition, so totally unified configuration platforms may be beyond reach, Lear says.

As for the makers of configuration management software, while they find NetConf attractive their use of it will depend on customers buying NetConf-capable equipment, says David Schrodel, CTO of configuration management vendor Voyence. "If we could get 80% to 90% of the functionality out of NetConf that we get out of investing our R&D dollars, it would be a huge step forward. But we'd have to see [NetConf-enabled gear] in customer networks before we consider adoption," he says.

The art of configurationShortcomings in current ways of configuring network devices has the IETF working to standardize a network configuration protocol known as NetConf.
Configuration errors can cause network security holes and performance problems.Reducing the need for manual configuration via standard programmatic tools can reduce errors.
Automated network management requires highly skilled engineers and cooperation with vendors to tap proprietary tools.NetConf defines a standard interface for applications that will make it possible for fewer, less trained staff to create configuration tools.
Localized password authentication available via SNMP doesn’t scale for large numbers of devices.NetConf interfaces with authentication servers such as RADIUS to support large networks.
SNMP formats of configuration data are not concise.NetConf creates an interface that gleans the information succinctly.
Current methods of gathering configuration data must deal with many vendor-specific command-line interfaces, increasing complexity.NetConf supports XML which already has features to manipulate text, as well as encoded data.
Must read: 11 hidden tips and tweaks for Windows 10
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies