[NANOG] Re: The Network CLI -- Love it ? Hate it? Needed?

[Matthew Petach via NANOG <nanog () lists nanog org>]

On Tue, Mar 18, 2025 at 12:06 PM Mark Prosser via NANOG <
nanog () lists nanog org> wrote:

> Hi NANOG community,
>
> I posed this question in several chat groups, but I'd like to get your
> opinions.
>
> Do you love the CLI? Do you hate the CLI? Would you -- or do you already
> -- enjoy a world where you never need to touch the CLI, to manage your
> network?
>
> This applies to both provisioning and troubleshooting; to which, you may
> have different answers.
>
> So far, I've seen a variety of replies around the usual
> "should/must/must not/should not".
>
> Warm regards,
>
> --
> Mark Prosser
> // E: mark () zealnetworks ca
> // W: https://zealnetworks.ca



Hi Mark,

I think you're setting up a false dichotomy here.  :(

I love doing configuration changes via CLI; but I do them via the CLI on my
favorite *nix box, in a vi window,
where I can save it, re-edit it, share it with colleagues for a second set
of eyes sanity check before the changes
are pushed out to the devices, verified, and then committed.  Many would
say "that's not what we mean when we
say 'CLI'", but the truth is, that's as much a "CLI" type interaction with
a device as directly SSH'ing onto the box
and going into edit mode.

I think any seasoned network operator is going to come to the realization
at some point in their career that typing
live into a box is a ticking time bomb, just waiting to go off.  It's not a
question of "if", it's a question of "when" an
uncaught error is going to make it past the carriage return, or into a
"commit confirmed" without being spotted in
time.  Humans are fallible creatures, and having additional validation and
verification steps, whether it's just another
pair of human eyes double checking what you've written before it gets
pasted in, or committed to the CI/CD pipeline,
or if it's a suite of live virtual network nodes that stage the change and
validate the before and after states of the
doppleganger virtual network before pushing it out to the live network, are
absolutely essential.

So--yes, I love making all my config changes via a CLI; but it's never live
in the device itself without any peer review
or other validation step before the change is committed to the live
network.  From that perspective, my "CLI" type
interactions with devices might as well be via "GUI", in the sense that I'm
not really making them "live" on the
device; but they're as far from "GUI" as you can get in the sense that my
changes are able to be reviewed and
edited before being committed to the device, which as far as I've ever
found, is not a feature any GUI I've dealt
with actually supports doing.

So, even if I never ssh into the box and type "edit" into the command line,
I do all my configuration changes
via 'CLI', and never through a 'GUI'--if that helps answer your somewhat
false dichotomy.  ^_^;

Thanks!

Matt
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/LCFM5RA3AXEWA4OHTGC4WNPCTNWVC72M/