My college years went a long way toward suppressing any interest I had in programming computers. The rote, repetitive routine of programming compilers, operating systems, database engines, etc, drove me directly into a career of infrastructure work. I have no professional regrets, but I do sort of miss the thrill of writing working code. There is a great sense of satisfaction derived from formulating an idea and seeing it through from a blank Notepad++ document to a working, debugged applicati0n.
A couple of months ago I was faced with a project that resurrected my interest in programming. My team and I have been working steadily toward standardizing our network deployments. Standardization is a key requirement to effectively managing a large network with a small number of engineers. Prior to this effort, such things as VLAN numbering and port-level configurations varied between our locations, even when two offices were roughly similar in size. One of the causes of this was the melding of several different IT organizations when my employer was created. We also acquired several smaller companies since our genesis in 2004.
To accomplish our switchport standardization, we use the description field to identify the type of device that is connected to a specific switchport. If a PBX is connected to a port, the description field would be something like:
description PBX; Name_of_PBX
and if the port is connected to an end user, we would use:
description USR; John Doe – patch-panel 1A
The text after the semi-colon is free-form, and can be defined on a site-by-site basis to be whatever is relevant to the local support team.
PBX ports require a different set of configuration statements than USR ports. For one example, we need a “DSCP trust” statement on the PBX port, while we remark USR traffic with a specific QoS policy using the “service-policy input USR-POLICY” command.
Our standardization effort is now largely complete. Our latest challenge is making sure our configurations stay standardized. VLAN identifiers are easy, since it is quite painful to change them. Switchport configurations are a very different story. It is quite easy for a switchport to be configured incorrectly but still work in a suboptimal fashion. For example, if the wrong QoS marking policy is installed, basic testing will work (ping, etc), but under load there will likely be performance issues. Even if the proper template is used to activate a port, it can be difficult to prevent that port from being reused for another purpose.
My solution to this issue was to implement an audit process that would take a baseline configuration and compare it to our production switch configurations. I first reached out to our primary network tools provider, Solarwinds. Their current feature provides some of the features I need, such as verifying that specific lines exist in the configuration. But they cannot yet do context-sensitive configuration checking. Other vendors (such as Netcordia) could perform this task, but I had recently championed a network tools consolidation project, so it would be a bit hypocritical of me to request funding for a new tool. I decided to learn a scripting language to try and tackle this need. A friend suggested that Python or Perl would fit the need nicely, so I chose Python (for no particularly good reason) and began learning.
I was quite surprised as how easily I learned the language and was able to solve my problem. I spent a total of eight hours from the time I settled on Python until I had a working prototype. The small investment of time is primarily due to the ease of use of the Python language, and not my programming acumen.
The entire script is a few hundred lines, including comments, and it meets all of my needs. I wouldn’t say it is terribly user friendly, and I have a laundry list of additional features and ‘opportunities for improvement’, but I am happy with the result. If I can find the time (and there is interest), I’ll clean it up and publish it in separate blog post. It is generic enough that other organizations can probably use it without a lot of rewriting.