The term “source of truth” is used when there are multiple ways by which data can be fetched and presented. Basically, it means that we can retrieve the same data from multiple sources and/or via various ways. In this case, if there are differences between the data retrieved from the different sources, the obvious question arises: Which of those is the correct one? Which one of them is the “source of truth”? This is relevant to retrieving data from a database via several nodes, as well as determining the state of a computer network. In this post, we’ll explain what a network source of truth is, how to know whether you need one, how it works, and so forth.
A network source of truth is a centralized repository of accurate, up-to-date information about the configuration and status of all the devices, connections, and services within a network. This includes information about IP addresses, routing tables, network topologies, network policies, and security rules, among other things. Note that, in the context of network administration, this means the intended state of the devices. The actual configuration may drift from this desired state.
Having a network source of truth is important for several reasons:
In the past, the concept of a network source of truth was not as well-defined as it is today, and the tools and technologies available for creating one were much more limited. However, network administrators still recognized the importance of having accurate and up-to-date information about their networks.
One common approach for determining the network source of truth was to manually document the network configuration using spreadsheets, diagrams, and other tools. This involved documenting information such as IP addresses, device configurations, and network topologies and manually updating this documentation as changes were made to the network. Imagine manually updating the IP addresses of hundreds of devices. Not a pretty sight!
In addition, it basically required manually accessing the network device, reading its current configuration, and comparing it to the desired one as documented in the spreadsheet. If the configuration differed from the desired state, the network administrator had to manually change it.
Today, the determination of a network source of truth has evolved significantly. There are now a variety of tools and techniques available to create and maintain a centralized, up-to-date repository of network information.
One common approach is to use a centralized repository that acts as the source of truth. Data is either manually or automatically added to a central database. Afterward, the network status can then be presented via a comprehensive UI. One such tool that can make source-of-truth administration easier and more efficient is NetBox. If we want to enter the data automatically, we can use automation tools like Ansible, Chef, or Puppet. If data is added automatically, always ensure that it is vetted by a human to make sure it is accurate. After that, we can use those same tools to provision the network per our source of truth. This way, we define network configurations in a standardized, version-controlled format, and automatically deploy those configurations across the network. By doing so, we ensure that the network devices are always configured consistently and accurately.
If you’re a network administrator, chances are that having a network source of truth is not only beneficial but absolutely critical. However, there are several indicators that can assist you in deciding whether you need a source of truth or not:
A network source of truth serves as a backbone layer with raw data. It contains the state of your network as a whole. Based on this data, you can define network monitoring. Thus, you can receive alerts when there is a configuration drift, downtime, or other incidents. This basically allows you to tailor your monitoring to your specific network.
Furthermore, another advantage of having a network source of truth is compliance management. If you need to comply with standards such as PCI-DSS, Sarbanes-Oxley (SOX), and others, it can help you dramatically. You can generate a report based on the data to understand what should be done to fully comply with the standard. Last but not least is capacity planning. If you collect metrics on network bandwidth utilization and other performance factors, you can identify capacity issues before they arise.
Administering a network is hard, especially if we’re talking about large and complex networks. Likewise, troubleshooting networking issues is hard as well. A network source of truth can help. It can gain visibility into the desired network state versus the current one. Automation tools that are integrated with the source of truth can help automatically provision the devices back to the desired state. Moreover, it can also help with security, compliance, and monitoring.
Today, getting a network source of truth is much easier than ever before. There is no longer a need for labor-consuming spreadsheets and manual data entry. We can easily document the intended state of the network, visualize it via a fancy UI, and provision devices with the click of a button. You can work without it, but in most cases, you really shouldn’t if you want to make your work easier.
This post was written by Alexander Fridman. Alexander is a veteran in the software industry with over 11 years of experience. He worked his way up the corporate ladder and has held the positions of Senior Software Developer, Team Leader, Software Architect, and CTO. Alexander is experienced in frontend development and DevOps, but he specializes in backend development.