Network Configuration Changes: The Validation Phase (3 of 3)

Spaceballs_1_014This is the last of three posts about planning, executing, and validating network configuration changes. You can find the first two here and here.

Validating Network Configuration Changes

This is a critical part of any configuration change. The goal of this phase is to make sure that the work was successful and did not create any network or application outage. If an outage occurs, it is necessary that detection and repair be done before the expiration of the configuration window, as to not affect business-critical operations.

There are many ways to validate a configuration change. I would like to list some of them here:

  • Command Line Interface – Tools like ping, traceroute, and network equipment’s show commands are examples of commands that can verify whether IP routes, user subnets, and network services are up and available. This method applied to large and complex network environments is not complete or efficient enough because it does not scale well with hundreds of network locations that can be potentially impacted by a configuration change.
  • Traditional network monitoring tools – These tools are mostly based on the SNMP standard and report the status of the network hardware. While it is important for the network engineer to receive alerts about problems with hardware, however, there are many failure conditions, like misconfiguration of access lists or routing policies, are hardly detected. These problems can cause serious disruptions to business services.
  • Remote connection to dedicated workstations Another way to validate configuration changes is to connect via remote desktop to remote workstations to verify that the network and the applications are available. This is a more complete method to test the network and its applications because it is done from the user perspective using real applications. The problem is that it is not efficient and scales poorly when you have many locations to check.
  • Onsite personnel – This is perhaps the most effective way to make sure that the network is available and applications are accessible to the users. Onsite personnel can perform verification at the end of a configuration change. This validation method is labor intensive and cannot be adopted for every change in the network, as it requires dedicated personnel.
  • Network validation tools – Network validation tools enable network engineers to verify that configuration changes were successful by running automatic network and application tests from the user perspective and from hundreds of network locations (distributed monitoring). These tools rely on dedicated agents, software or hardware, and allow network engineers to be efficient and reliable and, consequently, their IT department to improve the rate of adoption of new technologies and services in the enterprise while limiting the disruption to existing business services.

When applying configuration changes in a large and complex network environment, there are so many things that can go wrong! Even the best network engineer can make mistakes and cause a network outage. However, in these situations, what can differentiate a veteran from a rookie is the ability to detect and promptly repair the error introduced.

Having an effective and efficient method to validate the successful outcome is imperative. NetBeez falls into this category and if you want to try it out, just request a trial. I also invite you to check out the Resources section of this website so you can learn more about it.

I would like to hear your experience and perspective on how you validate network configuration changes, so please feel free to comment.