Blog post

Network Source of Truth (SoT)

By Andrew Lerner | January 28, 2020 | 0 Comments

NetworkingJust PublishedDevOps

To align with digital business needs (i.e., more, faster but with near 100% uptime), we recommend networking professionals apply DevOps and infrastructure-as-code techniques. We’ve written about this before and it entails treating network configurations as code which will not only automate configuration, but also the validation phases, both in test and production. This is easy to say, but hard to achieve in practice.  One key aspect of achieving this is to build a network source of truth (SoT).

Simply put, we believe organizations must create and maintain a network source of truth, starting with an authoritative network object inventory. The SoT is the single source (accessible via API) from which the automation tools will gather the data they need to execute the pipeline. The SoT represents the desired state of the network. If an on-device configuration file deviates from the SoT, then the on-device file should be investigated.

So why do we need an network SoT?  In the past, network engineers had the opportunity to gather the required data to perform a change, such as DNS names, IP addresses, VLAN, virtual routing and forwarding (VRF) and firewall rules. In the infrastructure-as-code world, there is no lead time to gather this information. Rather, it must be assembled on demand, in real time, via API calls. Moreover, engineers need to know they can trust the data they get. The federated data repository, which we call the network source of truth, must be authoritative.

Keep in mind that the SoT may include multiple data sources and multiple types of data. The SoT will pull from multiple tools including existing IPAM, network discovery, network controllers such as for Ethernet Fabrics or SD-WAN, and classic network configuration tools. In particular, Netbox is an open source ipam/dcim solution that is gaining a lot of traction among network organizations adopting infrastructure as code.

We go into this with much much greater depth in the following published research (paywall), written by my colleagues Simon Richard and Paul Delory:

How to Automate Your Network Using DevOps Practices and Infrastructure as Code

Summary: Network operations must adjust to meet new application patterns and delivery methods based on DevOps. This research teaches I&O technical professionals how to use techniques such as infrastructure as code and CI/CD to overcome the technical and nontechnical barriers to effective network automation.

Regards, Andrew

Leave a Comment