Configuring devices from the command line is time-honoured tradition for network engineers. But for everyday operational tasks, the CLI is no longer fit for purpose.
- Device Counts are increasing
- Complex configuration – moving for 100 lines to 1000 lines of configuration.
- Moving from device-centric to path-centric and on the way to application centric.
- The command line will remain a critical troubleshooting tool for each device – hardware or software. It is not going away.
Today, networks are mostly limited to the total number of hardware devices. Soon (if not already) networks will be using software or virtual devices to replace them. Instead of a single large firewall, expect to use many small firewalls to create microsegment in the WAN, Data Centre and Campus.
IPv6 is a lesser problem of administration because of the complexity of recognising IPv6 addresses as something meaningful. i.e.
Micro segmentation is an unstoppable security need. In my view, it is a ‘good enough’ solution for patching security on Enterprise networks by reducing the effective attack surface after a compromise. Smaller segments restricts access for privilege escalation.
Command Line – as the number of devices in our networks grow, the use of the command line for operations becomes increasingly inefficient.
Feature Fetish – Equally, configuration of a
network by singly configuring each device is becoming more complex. Ten year ago, a router might have as much 100 lines of configuration and today its common to have hundreds or even thousands of lines as vendor fetishise more & more features into their products thinking that will sell more products (false premise).
IPv6 – the days for looking at a ‘show ip route’ and easily decoding that 192.168.30.0/24 is the Glasgow office are over.
You can easily insert your own particular problems here. Most people know in their gut that CLI configuration has become unworkable, they just might not have realised it.
Path-centric & Application Focussed
Users don’t care about packets, they cares about flows and applications. Devices handle packets as part of flows. Configuring a single device requires an end-to-end knowledge of the entire path – something that the CLI isn’t good at doing because its device-centric when its needs to be end-to-end.
The EtherealMind View
Having dozens of SSH consoles open isn’t the right way to validate a network path that crosses ten or twenty network hops. Or building a QoS policy for each node with 100+ lines of configuration that is unique to that device. Consider that an external management software can present an end-to-end image of the entire network through mapping. Or use application inspection to provide real data about the bandwidth consumption and app performance.
The Command Line will remain the pre-eminent tool for troubleshooting the devices themselves. It’s not going away but it will become the domain of high level engineers with specific product skills instead of the default method of operation. In the same way that programmers build apps while users consume them, network operations will use networks via applications. Network programmers will use CLI for deployment and troubleshooting only.
The challenge for vendors is to get better at building software for management and operations. But this another article, I think.