Using NCG to configure the IETF meeting network

I just got back from two weeks in Sweden, where I was helping the IETF (Internet Engineering Task Force) use Netomata Config Generator (NCG) to set up and manage the LAN for their thrice-annual meeting.

The IETF is the key infrastructure standards body for the Internet. They meet for a week approximately every 4 months, in locations around the world. There were about 1100 attendees at last week's meeting in Stockholm, Sweden.

Because of both the nature of its work and the nature of its attendees, IETF meetings require a fairly heavy-duty LAN and significant Internet connectivity, well beyond what most meeting facilities can supply directly; on a typical day during the meeting, for example, we were pulling down an average of about 40 Mb/s from the Internet, with peaks to 60+ Mb/s (and we were sending an average of about 12 Mb/s, with peaks to 26 Mb/s). The net was organized into a dozen or so VLANs and about 8 WiFi SSIDs, spread out across 5 floors of the Stockholm City Conference Centre and surrounding facilities. We were using IPv6 on all the VLANs (and only IPv6 on one of them), BGP to our upstream ISP, SNMP, VoIP, streaming audio and video, and a wide variety of other "challenging" protocols; it's a complex set of requirements.

Physically, the meeting's network consisted of a pair of Juniper M7100 edge/core routers, 20 or so Cisco 3560 and 3750 switches, and about 35 Cisco 1250 wireless access points (WAPs), plus associated server infrastructure (a handful of Linux servers running as virtual machines on a couple of VMWare hosts, for stuff like DNS, DHCP, RANCID, and Cacti). Connections were mostly Cat5 copper, with a few fiber runs to some of the more distant switches.

I'm told that this was actually a relatively small and quiet net for an IETF meeting, compared to the past several meetings; the number of attendees was down (because of the economy), and the meeting venue was fairly compact (which means we needed fewer switches and WAPs to cover it).

The IETF meeting network has some unique characteristics:

• Because the meeting's organizers pay for every day that they're using the meeting facility (including setup days), the IETF networking team only has a couple of days before the meeting to get the network fully installed and configured.
• Because the meeting is only a week long, time is critical when it comes to making changes to the network; on this network, expectations for time to complete user change requests are measured in minutes, versus hours or even days on a more "typical" enterprise network.
• Because they build a network like this every 4 months, the IETF networking team has a standard network design that they use for each meeting, with variations for local circumstances (more or fewer APs or switches to handle the venue, different upstream ISP and BGP arrangements, timezone and other localization changes, etc.).

Netomata Config Generator (NCG) makes it easy to make the changes needed for a particular meeting's network, then generate complete, consistent, ready-to-install config files for all the routers, switches, and WAPs as well as to generate DNS data files, MRTG monitoring system config files, and RANCID config files for all of the network infrastructure.

After making a change to the network design (adding a new device, changing some parameter for an existing device, changing a parameter for all devices of a particular type, or whatever), NCG could regenerate all the config files for all the devices and services in about a minute.

To understand the value of using NCG, consider:

• How much time it would have taken to manually configure 2 routers, 20 switches, and 35 WAPs
• How many errors, omissions, and inconsistencies there would have been in those manually-created configurations
  • How much time would have been taken up trouble-shooting the problems created by those errors, omissions, and inconsistencies
  • How much of an impact those problems would have had on the network's users
• How difficult and time-consuming it would have been to go back and make a change across all those devices

Our "Benefits of Automating Network Configuration" page discusses these benefits in more detail.

I got involved with this project through Jim Martin, who is the NOC Team Lead on the IETF networking team, as well as a well-regarded network architecture consultant. A few months ago, we were discussing NCG and how it might be useful for some of his projects, and one thing led to another, culminating in this trip to Sweden. I really enjoyed working with the IETF networking team, as well as visiting a wonderful part of the world that I'd never been to before. Thanks, Jim!