nanog mailing list archives

Re: How much do you automate your automation?

From: Saku Ytti via NANOG <nanog () lists nanog org>
Date: Wed, 15 Apr 2026 09:59:07 +0300

On Tue, 14 Apr 2026 at 22:37, Jon Lewis via NANOG <nanog () lists nanog org> wrote:

What I'm wondering is, how common is it to take the next logical step and
if you have a planned maintenance window to implement some simple change,
do you have an engineer manually make that change, manually execute a
script that implements the change, or use old-school automation (at) to
schedule a date & time at which the script that implements the change will
be run, and optionally have an engineer monitor that the change happened
and had the intended results?

If you do deltas, this is a very difficult problem. Trying to
reconcile how to move from A to B. This often leads to a network where
some things are managed by automation, like interface/bgp turn-up,
some things are managed by people. And the true state is the
configuration backup, there is no way to recreate the entire config
from data.
Even the mentioned hyperscalers rarely actually manage 100% of config
via system, they manage DC from system, but edge nodes may use the
above process.

If you ignore deltas, the problem becomes very simple. That is, if for
any change, changing a dot in the description of one interface you
ship an entire new configuration, and let the router worry about the
reconciliation between the A and B configuration.

Anyone can get to the latter option with trivial resources and skill,
the former I wouldn't recommend to anyone, no matter how well
resourced.

The process to get to the latter is

1. put your configuration backups in your network configuration directory
2. edit the configuration file when needed
3. push the configuration file

Now 100% comes from the system, and anyone can do this literally in minutes.

Of course you're not exactly reducing much work here at all. But the
point is, it doesn't need to be a risky project which may or may not
deliver something. You can start today, and manage 100% of config in
the system. Then one by one pick low hanging fruits, remove them from
the flat file, generate them from SQL, and create the final
configuration using the flat file + generated config.
Now you always know what the network state is, there is no need for
the flat file to ever be zero, that's not important.

This deltaless configuration used to be quite poorly supported by
vendors, but today it is nearly universally supported (Junos, SROS,
IOS-XR, EOS all work), IOS-XE I'm not entirely sure if it works or
not.

--
++ytti
_______________________________________________
NANOG mailing list
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/AEQMBR7YOYGY6KLVKDQL42VAC6EHYLB5/

Current thread:

How much do you automate your automation? Jon Lewis via NANOG (Apr 14)
- Re: How much do you automate your automation? Patrick W. Gilmore via NANOG (Apr 14)
- Message not available
  - Re: How much do you automate your automation? Brandon Z. via NANOG (Apr 14)
- Re: How much do you automate your automation? Saku Ytti via NANOG (Apr 14)
  - Re: How much do you automate your automation? Andrew Latham via NANOG (Apr 15)
  - Re: How much do you automate your automation? Martin Pels via NANOG (Apr 19)