“The network is a mess!” This is one of the most common complaints we hear from network engineers. If you manage a Data Center, there is no argument that having Network Standards is very important. If followed properly, they will provide consistency throughout the network, reduce security risks, ease manageability, and improve reliability.
Imagine that regardless of what size or how many Data Centers you have, you are still guaranteed that every single device is configured, functions exactly as intended, and complies to your Standards all the time. Furthermore, many security risks would be eliminated if you included security in your standard. Such affirmation clearly provides a rock solid stability and predictability to your network, since you are always aware of what it is up to.
Creating a Standard is not difficult; you can begin with a simple checklist, an excel spreadsheet listing “show” commands and their expected outputs. Include any and everything you want to check. So include not only version levels and configurations, but also operation statuses, security settings, and deep health. With such a checklist, you have essentially created a Quality Control matrix for your Data Center that ensures every devices expected and consistent functionality.
“Creating a Standard is not difficult; you can begin with a simple checklist”
Your standard checklist should include however the device should behave in a normal situation, not just version levels and configurations. See this example below. Notice some of them check for operation statuses.
| Audit Command | Expected Output | Comments |
|---|---|---|
| show version | include Configuration register | Configuration register is 0x2102 | Config register must be set properly |
| show ntp status | include Clock | Clock is synchronized | Clock must be synchronized |
| show run interface number | include md5 | ip ospf message-digest-key key-id md5 password | All OSPF interfaces must have md5 enabled |
| show run interface loopback0show run section router bgp | include bgp router-id | bgp router-id loopback0 IP | BGP Router-ID must match Loopback0 IP |
| traceroute Syslog server IP | with 10.1.1.1 in the path | Traffic to syslog server should pass through IP 10.1.1.1 |
The above example uses Cisco, but you should include all kinds of devices in your standard. In order to completely standardize your Data Center, anything that is in your Data Center and is manageable should have its own Standard. Not only the key devices where data flows through (routers, switches, firewalls, load balancers, storage systems, transports, servers, etc.), but also the supporting devices (power distribution units, console and terminal servers, etc.). If you can manage it, there must be commands you can use to create a standard for it.
“Unfortunately, the network industry is lacking a real standard auditing tool.”
Obviously, the next question is how you routinely carry out the auditing task of all your Data Centers including dozens, hundreds, and even thousands of devices, all from different vendors.
This is indeed the biggest problem, and why most networks are not standardized. Unfortunately, for some reason the network industry is lacking a real standard auditing tool. There are many talks on standards and best practices, but there are virtually no tools to actually audit the network at such level. And even of the few that exist, their only functionality is checking basic things, making them hardly any use.
As a result, the majority of companies today never audit their networks. Some companies that have engineers who can write scripts and who have the time may develop in-house scripts, but said skillful engineers who can program and manage a network are very hard to find. The companies that have resources may hire professional services to conduct audits on a quarterly or yearly basis, but these are limited to certain vendor devices, are done on an infrequent basis, and is very costly.
If you are like most companies and do not have the dedicated resources but want your network standardized, it would be in your best interest to check out Ironwood Networks for their Network Standards Auditing solution.