Massive network infra management

[Parth Patel]

Hi All,

Let's say we have 500 network devices and we use ansible or nornir. 

If we deploy it from let's say single configuration management server that single would be single point of failure or let's say single point of security hit ?

What are other strategy to manage such scenario such as doing regular backup of devices and storing running config in some sort of storage ? 

Thanks and regards,

Parth

[Antony Stone]

On Monday 14 June 2021 at 20:31:53, Parth Patel wrote:

> Hi All,
>
> Let's say we have 500 network devices

I'm sure there are people here who would not describe that as "massive" :)

> and we use ansible or nornir.
> If we deploy it from let's say single configuration management server that
> single would be single point of failure

Keep a mirror of your ansible server and its configuration. Either machine can
then perform updates and installations. There's no reason ansible and its
configuration needs to exist on only one machine.

> or let's say single point of security hit ?

Your ansible server should not be exposed to access from the Internet.

Your ansible server needs to connect to your managed servers, but it does not
need to be reachable by any external system.

> What are other strategy to manage such scenario such as doing regular
> backup of devices and storing running config in some sort of storage ?

Taking backups of devices which are managed / installed by ansible is probably
a good idea, but is entirely outside the scope of what ansible needs to do
(other than perhaps install the backup system).

As for "storing running config", that depends very much on what your managed
servers are doing, and how you would intend to recover if one went down, got
corrupted, caught fire, or became unreachable.

Ansible is a configuration management system. Backups and high availability
are separate topics with separate tools.


Antony.

--
In Heaven, the beer is Belgian, the chefs are Italian, the supermarkets are
British, the mechanics are German, the lovers are French, the entertainment is
American, and everything is organised by the Swiss.

In Hell, the beer is American, the chefs are British, the supermarkets are
German, the mechanics are French, the lovers are Swiss, the entertainment is
Belgian, and everything is organised by the Italians.

Please reply to the list;
please *don't* CC me.

[Parth Patel]

Thanks Antony. I assumed 500 devices as an example. I saw a vedio from redhat about 10000 devices management using ansible it can be considered as massive and makes sense 🙃

What solution you would prefer for taking backups of network devices ?

[Antony Stone]

On Monday 14 June 2021 at 20:45:10, Parth Patel wrote:

> Thanks Antony. I assumed 500 devices as an example. I saw a vedio from
> redhat about 10000 devices management using ansible it can be considered as
> massive and makes sense 🙃
>
> What solution you would prefer for taking backups of network devices ?

Please define "devices" :)

Until we know that - what O/S are they running, what can be installed on them,
what network connectivity & bandwidth do they have... there is no simple
answer.

Even once we do know that, there's probably no simple answer, but at least
people can start to make potentially useful suggestions :)


Antony.

--
"Remember: the S in IoT stands for Security."

- Jan-Piet Mens

[Parth Patel]

I am obviously talking about network devices here 

[Parth Patel]

Here is video which I am referring to if you haven't walkthrough - https://www.youtube.com/watch?v=HtMeDbGEylU 

[Antony Stone]

On Tuesday 15 June 2021 at 13:52:38, Parth Patel wrote:

> I am obviously talking about network devices here

What is a "network device"? Do you mean routers, switches, SANs, firewalls,
web servers, mail servers, DSL modems...?

I ask simply because the term "network device" is (to me, at least) very non-
specific, and can basically mean anything which is connected to a network or
forms part of a network.

Antony.

--
Numerous psychological studies over the years have demonstrated that the
majority of people genuinely believe they are not like the majority of people.

[Parth Patel]

Me referring this as a generalized network devices management with ansible same as video description. My question was generalized if we have 10k network device what should be configuration management strategy evolved. It wasnt specific to particular vendor or switch or router etc....

Ref :- https://www.youtube.com/watch?v=HtMeDbGEylU 

Ansible allows network management across virtually any device platform. Any network device can be managed via SSH or an API. We took this cutting-edge network automation to scale with a customer’s global network infrastructure, giving them the ability to manage nearly all of their network devices at one time.

[Antony Stone]

On Tuesday 15 June 2021 at 14:03:18, Parth Patel wrote:

> Me referring this as a generalized network devices management with ansible
> same as video description. My question was generalized if we have 10k
> network device what should be configuration management strategy evolved.

Oh, sorry, I thought we were talking about a backup mechanism for whatever
these network devices were.

On Monday 14 June 2021 at 20:45:10, Parth Patel wrote:

> What solution you would prefer for taking backups of network devices ?

Since you're asking about a large-scale configuration management strategy, I'll
let someone else with that sort of experience answer. I've only used ansible
on much smaller numbers of machines, and generally ones which are very similar
to each other.


Antony.

--
"Linux is going to be part of the future. It's going to be like Unix was."

- Peter Moore, Asia-Pacific general manager, Microsoft

[Parth Patel]

Alright....not a problem. Thanks Antony for prompt response 😊