The Automation You Love To Hate

Want to get people riled up? Send out a tweet proclaiming your love for VTP.
What is VTP? I’m glad you asked. For those who aren’t familiar, VTP(VLAN trunk protocol) is simply a way to propagate VLAN configuration across multiple Cisco switches. This prevents you from having to manually create VLANs on every switch in your network. You can read all about VTP and how it works here:

Note – There is a standards based implementation called Multiple VLAN Registration Protocol (MVRP), which is part of the 802.1ak amendment to 802.1q, but more people are familiar with the Cisco proprietary implementation of VTP.

Why VTP?

I’m not really interested in talking about VTP, except for one reason. VTP is a tool, and that tool is used to reduce administrative overhead on your network. However, it gets ridiculed and derided due to the number of times it has taken networks down. One might say it is too easy to take down a network running VTP. Is that a problem with the design of VTP or a problem with the human beings that run VTP? I’d say a little of both, but more of the latter than the former. I’m simply using VTP to make my point because it is an easy target.

What is your point?

We’re clamoring for automation. We feel that we need better tools to manage the administrative tasks that bog us down. We don’t want to have to touch a hundred devices to do something like change a password or configure a VLAN. I get that. There are choices though. Just because you don’t like the choices doesn’t mean they aren’t valid methods to get rid of some of the administrative overhead we have to deal with on a regular basis. They way I see it, you have 3 choices today:

1. Use proprietary vendor configuration management tools. – Most large vendors have some sort of management suite for their own hardware. You can make massive changes across many systems with a few clicks of the mouse.

2. Use third party vendor configuration management tools. – Several vendors out there have tools to configure network devices from multiple vendors. They also probably do more in the realm of policy enforcement, configuration history, etc. Be prepared to spend some money for these tools though.

3. Use other built in features like VTP. – Perhaps most of these little freebies are proprietary, but others could be standards based.

Each of those 3 solutions have the ability to bring your network to its proverbial knees. Put an unskilled technician/engineer in front of any of those “tools” and bad things can happen. Since VTP is a relatively easy way to break a network, it tends to get beat up on. I happen to think it has relevance just like NAT. It all comes down to how you use it though.

In a perfect world, everyone touching a keyboard or mouse and tasked with maintaining a network would be highly skilled and capable. That’s not reality though. The truth is that IT departments are understaffed and the average engineer is overworked. They spend a fair amount of time simply fighting fires as they come up. If they do manage to get training, it is often on their own time and at their own personal direction. Their managers may or may not understand the intricacies of their job to where they are willing to go to the executives and get the money for the tools needed to make them more efficient. We also have to acknowledge that not every IT person is going to be motivated to manage their own professional development. Some are perfectly content being mediocre and will never put forth any extra effort to learn more. I could go on, but I think the point is made. Not every environment is like what I just described, but I would say the majority of them have at least some degree of what I just described. Of course, I have never been in the service provider side, so I can only speak to what I have seen in the enterprise arena.

Closing Thoughts

While we could always use more tools to manage networks, I think there are some valid choices out there right now. Infoblox, SolarWinds, and HP all have decent network automation/management tools available. There are others, but those three immediately come to mind. They aren’t cheap, for the most part, and why should they be? Automation is an incredibly difficult thing to do. There’s also the “native” tools like VTP and the proprietary vendor management suites.

The problem isn’t the tools or lack thereof. The problem is the people using the tools. If the thought process is that “only idiots use VTP on a network”, then you might as well stop using dynamic routing because you can have all kinds of problems with that too. Add on SDN, OpenFlow, or whatever the next new thing to come along is and you’ll still have problems if the person administering it doesn’t understand how it works.

This entry was posted in automation, network management and tagged , . Bookmark the permalink.

One Response to The Automation You Love To Hate

  1. Chris Werner says:

    Hi Matthew,

    I found your post on automating network configurations to be very interesting. I work for a company called Windward IT Solutions and we’re doing some work right now in the field of network automation. We’re supporting a government client up at Ft. Meade in MD and are implementing a new network configuration tool for them.

    If you’re open to it I’d like to talk to you a little bit more about the project and to find out a little more about your background. Perhaps you or some of your colleagues would be interested in getting involved in the project? If you’re interested in speaking with me feel free to email me and we can set up a time to chat.


    Chris Werner

Comments are closed.