I gave a 13-minute talk to the Irish Network Operators Group (INOG) recently. In this 13-minute video I argue that you can become more effective, and happier, by standing back and reflecting on how you work, leveraging existing truths, fallacies and principles.
An emergency switch replacement can ruin your day. However, having network config backups is not enough. Restoring full service may not be as easy as just copying the running configuration from your RANCID CVS repo, or your colleagues hard drive. Restoring the ‘identity’ of your original switch is a multi-step and somewhat complicated process.
Engineers are often unstuck by poor planning and get hit with large financial penalties as a result. Projects can become mired in delays and complications due to unforeseen costs and expenses. There are some unavoidable bumps in the road, but most could be foreseen and eliminated in advance. I want to share a few tips based on some experiences I’ve had over the years. Continue reading →
‘Zen and the art of motorcycle maintenance‘ by Robert Pirsig is a modern classic. When I first read this book I didn’t quite get the zen I was looking for. But then again maybe I was trying too hard which isn’t very zen-like. It is a wonderful book and although I missed many of the metaphors I gleaned some solid advice on how to enjoy my work. I think Pirsig’s motorcycle maintenance tips can help us in our day-to-day life. I’ve even dared to add a few tips of my own.
Security audits are a fantastic way to improve the security of your network. A good auditor can highlight critical flaws in your design and configuration before they are launched into the big bad world. However I think there is a massive issue with security audits; they are designed to fail.
Imagine you’ve just designed and deployed a data center. It was hell but you are smiling. Your design is homogenous, simple and elegant. A greenfield datacenter full of shiny, identical network devices. Because the design was so consistent and repeatable you scripted the generation of the device configurations without too much hassle. This is a network with an easily ‘provisioned’ network configuration.
But day-one provisioning is only one part of the puzzle. The real prize is a centrally ‘controlled’ network configuration, where all config changes happen centrally and a configuration policy is enforced for the lifetime of the network. Whilst this seems like the holy grail, you need to understand that you will have to trade some flexibility to reach this easy-to-operate nirvana.