You have been working as a network administrator for your company for a few years now. In that time you have been asked to complete a handful of network projects; a new office turn up here, replace some switches or a router there. The whole time you work from old templates or, in the case of replacement gear, just copy and paste the old config. Have you ever really stepped back and looked at the network as a whole, or more importantly do you have time?
Periodic network assessments are vital in maintaining a healthy and efficient network. As smaller projects add, move, or change components of the network a network assessment makes sure those components make sense in the big picture. Additionally, as newer components are added many times new, better, features are often ignored because old templates are used or configurations are copied.
A good network assessment can be broken into four parts, inventory, design, device hardening, and Quality of Service assessment.
Getting an accurate up to date inventory of your network devices is always useful. As new projects add or remove gear, inventory sheets are not always updated. Knowing device names, serial number, service contract and warranty information can go along way when there is a hardware failure and you’re on the phone with the vendor only to find out that your service contract expired, or that your device has reached the end of its support life. Additionally, this is a great time to make sure all devices are being monitored by your monitoring system.
As new technologies are added to the network sometime those technologies require a deviation away from the overall network design. After this happens few times, it could result in a hybrid network design that may no longer act the way it was originally met to. This could lead to failover configuration that no longer works, or devices that end up being a single point of failure for the network. Mapping out the network allows you to look at the overall design and find any failure points that could bring down the network.
Additionally, by mapping out the network you get a chance to find any stale config that may pose a security vector for an attack on your network. For instance, any old routing processes that an attacker can use to poison the routing tables. Look at this as a chance to identify clean up tasks that could help to make your network more efficient and more importantly secure.
Being a Cisco partner my world revolves around Cisco network gear. The beauty of this is that Cisco, like most network vendors, has published a best practice guide and a device hardening guide. Similar to a security assessment, a network assessment allows you to identify the components that need to harden and optimize the management, control, and data planes consistently across the network.
Today there is a virtual explosion of rich media applications on the IP network. This explosion of content and media types, both managed and unmanaged, requires network architects to take a new look at their Quality of Service (QoS) designs.
In order for QoS to be effective, it needs to be deployed end-to-end, the same way a chain needs to be deployed end-to-end between a source and a target in order to have utility. Every link in the chain must have a cohesive, compatible QoS policy in order to achieve an end-to-end service level.
While looking at the big picture a network assessment provides, it makes sense to look at QoS and make sure every device is configured correctly to provide end to end QoS. One of the biggest issues customers face with QoS is policy consistency. In the Cisco world, many organization use the auto QoS scripts built into their devices. The problem is between generations and even platforms these scripts implement different policies. Assessing these policies give you an insight into where changes need to be made.
As I said earlier, periodic network assessments allow you to keep your network optimized and secure. As a network engineer we are usually working in the weeds and we rarely step back and take a look at the overall network.