You have to standardise not only configuration objects (features, parameters) within a device or service – you have to standardise the physical- and logical interworking between several device-types.
But first:
System Architecture: Block-Building
Even if the classical three-tier Network-Topology is outdated since full-featured core-switches have been invented some years ago:
- don’t: Build one integrated and complex network
- do: Divide the network into independent blocks, with defined interfaces to interconnect them…
…and conquer.
Example:
- DataCenter
- Core [aka Spine]
- Server-Access [aka Leaf]
- Enterprise
- Core
- User-Access
- WAN
- Internet-Access
- VPN Termination
- DMZ/Perimeter-Access
Logical Structure: Device-classes
- Create a (small) set of device-classes depending of placement and required features
- assign each device to one class
- all devices within a class are configured in an identical manner, but (of course) using differentiating IDs (hostnames, IP-Adressses, etc)
Example:
- User-Access-Switch
- Server-Access-Switch
- Server-Core-Switch
- Edge-Services-Gateway
- Distributed Logical Router
Topology:Use the same interfaces to connect the same entities.
Example:
- ports 1..32 = servers
- ports 33..48 = infrastructure
- ports 33..40 = fabric-extenders
- ports 42/43 = firewall
- ports 44/45 = uplinks
- ports 47/48 = VPC-Peer-Link
Numbering
- Router-IDs – each device-class gets a dedicated ID-range
- Subnets – differenc classes again (at least three: Access, Transfer, Loopbacks)
- might be useful to split access into several subsets (server-access, DMZ/perimeter, user-access)
Naming
Several configuration-objects needs to be identified by name.
- Avoid numbered objects (access-lists for example) if possible as numbers aren’t descriptive at all!
Define rules:
- CAPITALIZED Object-Names
- Underscore (_) within an Object-Names
- dot (.) to concatenate Object-Names
Define common prefixes to identify objects of each object-class:
- ACL = Access Control List
- CM = Class-Map
- PM = Policy-Map
- PL = Prefix-List
Example: An Access-List for SNMP-Access:
ACL_SNMP
Example: A Class-Map to create a Traffic-Class for QoS-Purposes:
CM_NMM
Example: An Access-List to identify IP-Sources within the Class-Map „CM_NMM“
ACL_CM_NMM
Devices are named-Objects, too!
- the simplest naming-scheme might be a prefix derived from the device-class concetenated with a number.
interesting side aspect: should this number be global-unique for all devices or only unique within the device-class?
Don’t use underscores in device-names, use the hyphen instead.
RFC 1912: Common DNS Operational and Configuration Errors
Example: Prefix for device-classes:
- UAS = User-Access-Switch
- SAS = Server-Access-Switch
- SCS = Server-Core-Switch
- ESG = Edge-Services-Gateway
- DLR = Distributed Logical Router
Example: the third Server-Core-Switch?
SCS-003
never forget to discuss, if number-padding (as in the example) is „needed“, a hyphen between Prefix and ID is wanted8as in my example), if Device-prefixes have to be in fixed-length(as in my example, too), but these are non-technical issues 😉
General rule
If you want to automate: Use large namespaces!
…max. ten switches are needed? Think abount two digits for numbering, better three…
You don’t want to rewrite your automation-workflows to expand namespeaces