On-Switch Scripting Should Be On Your Radar

Time to go brush up on your automata theory if you want to be an effective data center manager. Event-based automation is creeping in everywhere; before you know it, your data center will be pretty self-sufficient, perhaps, dare I say it, self-healing, at the software level.  At least that's the theory. For the first time, equipment vendors are adding automation features such as scripting to switches and routers.  These little automata scripts can, collectively, save you time and reduce errors.

The hardest part of using scripting is figuring out what to use it for. Today's switches already have a lot of automation built in. 802.1X can authenticate hosts and assign them to VLANs . The  link layer discovery protocol (LLDP) learns what device is attaching to a switch port and can assign  VLANS and provision PoE parameters. Power budgets can be managed so that when power consumption exceeds capacity, the switch can prioritize critical devices over less critical ones.  Some data center switches from Arista Networks and Force10 take automation a step further; they integrate with hypervisor management systems so there is no per port provisioning of VMs required. The switches learn where virtual servers are located, which VMs reside within the servers, and can automatically provision VLANs, QoS, and access control lists on demand.

Those are compelling automated features, but there's still room for scripts.  Ideal tasks for scripts are those that atomic and gather information from the switch itself to take a defined action.  For example, Extreme's XOS uses scripting to configure switch ports based on the make and model of VoIP phones attaching to the network.  Force10 scripts can send an alert--SMS, email, SNMP trap, etc--based on events. This is useful because the script will send an e-mail, readable by a human, rather than forcing you to process syslog or SNMP data  you get to gather relevant information. Since Extremes XOS supports TCL and Force10's FTOS supports Perl and Python, you can create some pretty inventive scripts.

On-switch scripting can be a powerful tool for more than just alerts. Allowing only authorized DHCP servers to pass out leases is very useful--if you ever had to track down a rogue DHCP server, you know what I mean--and most switches have per-port features to allowing or blocking DHCP server responses. But if your DHCP server moves to a new port, the switch configuration has to change. That's ripe for automation. The sticky part would be identifying authorized DHCP servers, but that's doable. Once identified, the proper access controls can be put in place, or removed, automatically. For peace of mind, why not send an e-mail alert of the change and a syslog message too.

Many other interesting tasks can be scripted. The most useful ones will be little utility scripts that do small jobs. When used in conjunction with other scripts, you get a powerful set of automated features, much like the variety of Unix utilities can be used together or in a series. Network equipment vendors that are adding scripting and automation to their hardware  are expanding the boundaries of network and systems management. It's worth your time to learn the scripting and automation features in your switches and to take advantage of them.