Re: How much do you automate your automation?

["Brandon Z. via NANOG" <nanog () lists nanog org>]

Hi,

I think if we want to keep environments consistent across all devices, we
should avoid manually tweaking any single server. it’s better to run
everything in batches.

That way, if one device has been manually adjusted, the batch script won’t
fail unexpectedly.

Also, now that we have the AI agent, for these simple issues we can just
give it a high-level task instead of being overly specific. Once the script
is tested, we can batch-deploy it easily.

That’s my POV.

On Wed, Apr 15, 2026 at 12:30 AM Andrew Latham via NANOG <
nanog () lists nanog org> wrote:

> TL;DR; Some organizations have full copy/versions of their stack in
> offline mode for testing. e.g. https://docs.gns3.com/docs/
>
> There are many slices of the pie.....mmmm pie....
>
> * Known good systems/devices
> * Known legacy systems/devices
> * Unknown systems/devices
> * 3rdparty systems/devices
> * (other slices here)
>
> 1. To automate the automation of your systems you need to understand
> that some systems from all slices will have a no-change verbal rule
> set based on an existing long term ticket with no resolution.
> 2. MOP/SOP/Playbooks should list the systems/devices that CAN be operated
> on.
> 3. A breakglass user or access method MUST exist. Some/many
> styems/devices/teams DO NOT support breakglass.
> 4. (insert other deep thoughts)
>
> On Tue, Apr 14, 2026 at 1:36 PM Jon Lewis via NANOG
> <nanog () lists nanog org> wrote:
> > I've been told that at [some of] the largest networks, network engineers
> > "never directly log into network devices".  This implies that all
> > configuration changes made to and insights gleaned from the network gear
> > are done via some form of automation.
> >
> > I assume it's commonplace to have/use Unix CLI tools for executing
> > configuration changes.  I've written such things for the past couple of
> > places I've worked so that we can literally copy&paste from a MOP to a
> > shell session and have a change implemented.  Such tools become
> > extremely handy when you want to make the same change on a few or a few
> > hundred devices.
> >
> > What I'm wondering is, how common is it to take the next logical step and
> > if you have a planned maintenance window to implement some simple change,
> > do you have an engineer manually make that change, manually execute a
> > script that implements the change, or use old-school automation (at) to
> > schedule a date & time at which the script that implements the change
> will
> > be run, and optionally have an engineer monitor that the change happened
> > and had the intended results?
> >
> >
> > ----------------------------------------------------------------------
> >   Jon Lewis, MCP :)              |  I route
> >   Blue Stream Fiber, Sr. Neteng  |  therefore you are
> > _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
> > _______________________________________________
> > NANOG mailing list
> https://lists.nanog.org/archives/list/nanog () lists nanog org/message/WKX5XT2LSEL4T3ZGFGRG7Q3KUAR54LVA/
>
>
>
> --
> - Andrew "lathama" Latham -
> _______________________________________________
> NANOG mailing list
>
> https://lists.nanog.org/archives/list/nanog () lists nanog org/message/Z5CCCO27FNQ6UULECKE5RBXTBKPEVBHX/
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/5WL2VS4MN5GLTHPSHFDHZOTORSUDWYVF/