Lessons learned from automating Network Configuration Management at Wise

Engineering

Getting started — what did configuration management look like for us?

Templating our devices, step-by-step

We let the device do the work…

… but not all the work

nat:
  source:
    pool:
      - name: src-nat-foo-pool
        address:
          - name: 10.1.1.1
      - name: src-nat-foobar-pool
        address:
          - name: 10.1.1.2
source_nat_pools:
  - name: src-nat-foo-pool
    source_address: 10.1.1.1
  - name: src-nat-foobar-pool
    source_address: 10.1.1.2

Keep complexity out of your template

Standardise

Pay your tech debt down as you go. Document it if you can’t.

What else did twnet need to do?

Time to test!

But automation doesn’t mean it’s over…

set security ike proposal foo authentication-method pre-shared-keys
set security ike proposal foo dh-group group2
set security ike proposal foo authentication-algorith m sha1
set security ike proposal foo encryption-algorithm aes-128-cbc
set security ike proposal foo lifetime-seconds 28800
proposals:
- name: foo
  dh_group: 2
  authentication_algorithm: sha1
  encryption_algorithm: aes-128-cbc
  lifetime_seconds: 28800

What we learned from the process

CD tools aren’t built with network device deployments in mind

Local development for network automation is hard

Immature deployment code

What’s next for network automation at Wise?