The last day of Interop New York found me sitting in the Speaker Center with a few friends pondering the hype and reality of SDN and brokenness of traditional network products. One of the remarks during that conversation was very familiar: “we have too many knobs to configure”, and I replied “and how many knobs do you think there are in Windows registry?" (or Linux kernel and configuration files).
I don’t find modern operating systems any less complex than networking devices, and I’m positive there are people complaining about too many knobs one needs to turn to configure Linux kernel (not to mention the wonderful syntax of iptables), and yet most people manage to make these operating systems work. The trick: wizards and simplified configuration interfaces.
Speaking of Linux, iptables seems to be a perfect example (or sendmail, but I’m too familiar with that arcane syntax - I ported it to MS-DOS decades ago as the core of an email product we wrote in those days). I know iptables are an extremely powerful tool, but I never took time to study them. Whenever I need to configure a firewall on a Linux box I use system-config-firewall. It gives me a list of common services I might be running on my box, and allows me to enable or disable access to them.
Why can’t we have a similar configuration wizard for data center switches? Why do we have to get just the right combination of STP-related parameters? Someone deploying a typical enterprise cloud (which I believe needs no more than two ToR switches) should be able to specify server-facing links, uplinks, VLANs and subnets, and get a configuration optimized for that particular design (L2 only, L3 only or mixed L2+L3). All the knobs would still be there, and you’d still be able to configure the switch any way you wish using the CLI or API, but you would no longer need a CCIE to get the basics right.
Why can’t we configure OSPF with a wizard? Specify the number of switches in the network (the wizard might give up and tell you to get an expert if you say you’ll have more than 50 or so), specify the edge (stub) and transit links, WAN and LAN interfaces (to tune the OSPF timers) and you’re done.
Another one of my real-life favorites: have you ever tried configuring usernames and passwords for WPA2 authentication on Cisco wireless access point using their wonderful GUI? It can be done, but there’s no easy way to figure out how to do it (hint: you need local RADIUS server on the box, and it works on non-standard ports to make your troubleshooting efforts more interesting), and the GUI you get with the box is just a pretty useless eye candy on top of configuration knobs. I don’t need configuration knobs presented in a web browser, I need an abstraction that allows me to think in terms of what I need to get done, and translate that into what device wants to see to get it done.
Will we ever see wizards like this? Based on what I’ve seen so far, I remain skeptical. Most networking vendors quickly get infected by featuritis and corner cases - instead of trying to figure out what works for 80% of the customers, they try to address every corner case out there - and most network management products (the ideal place for configuration wizards) prove section 2.4 of RFC 1925. It seems we really need a Steve Jobs of networking.
Am I too pessimistic? Have you seen something that actually works? Please share it in the comments.