The term “source of truth” is used when there are multiple ways by which data can be fetched and presented. Basically, it means that we can retrieve the same data from multiple sources and/or via various ways. In this case, if there are differences between the data retrieved from the different sources, the obvious question arises: Which of those is the correct one? Which one of them is the “source of truth”? This is relevant to retrieving data from a database via several nodes, as well as determining the state of a computer network. In this post, we’ll explain what a network source of truth is, how to know whether you need one, how it works, and so forth.
What Is a Network Source of Truth?
A network source of truth is a centralized repository of accurate, up-to-date information about the configuration and status of all the devices, connections, and services within a network. This includes information about IP addresses, routing tables, network topologies, network policies, and security rules, among other things. Note that, in the context of network administration, this means the intended state of the devices. The actual configuration may drift from this desired state.
Why Is It Important to Have a Network Source of Truth?
Having a network source of truth is important for several reasons:
- Accurate and Consistent Network Configuration: A network source of truth provides a single, authoritative source of information about the configuration of network devices and services. This ensures that network administrators are working with accurate and consistent information, reducing the likelihood of configuration errors and misconfigurations that could impact network performance and reliability.
- Better Network Security: A network source of truth provides a comprehensive view of the network, including all devices, connections, and services. This makes it easier to identify security threats, track down compromised devices, and enforce security policies across the network.
- Streamlined Troubleshooting: In the event of network issues, a network source of truth provides a single point of reference for troubleshooting. Administrators can quickly locate devices and services, review their configurations, and identify potential issues. This helps minimize downtime and reduce the impact of network issues on the organization.
How Do We Determine the Network Source of Truth?
How Was a Network Source of Truth Determined in the Past?
In the past, the concept of a network source of truth was not as well-defined as it is today, and the tools and technologies available for creating one were much more limited. However, network administrators still recognized the importance of having accurate and up-to-date information about their networks.
One common approach for determining the network source of truth was to manually document the network configuration using spreadsheets, diagrams, and other tools. This involved documenting information such as IP addresses, device configurations, and network topologies and manually updating this documentation as changes were made to the network. Imagine manually updating the IP addresses of hundreds of devices. Not a pretty sight!
In addition, it basically required manually accessing the network device, reading its current configuration, and comparing it to the desired one as documented in the spreadsheet. If the configuration differed from the desired state, the network administrator had to manually change it.
How Is a Network Source of Truth Determined Today?
Today, the determination of a network source of truth has evolved significantly. There are now a variety of tools and techniques available to create and maintain a centralized, up-to-date repository of network information.
One common approach is to use a centralized repository that acts as the source of truth. Data is either manually or automatically added to a central database. Afterward, the network status can then be presented via a comprehensive UI. One such tool that can make source-of-truth administration easier and more efficient is NetBox. If we want to enter the data automatically, we can use automation tools like Ansible, Chef, or Puppet. If data is added automatically, always ensure that it is vetted by a human to make sure it is accurate. After that, we can use those same tools to provision the network per our source of truth. This way, we define network configurations in a standardized, version-controlled format, and automatically deploy those configurations across the network. By doing so, we ensure that the network devices are always configured consistently and accurately.
How Do I Know If I Need a Network Source of Truth?
If you’re a network administrator, chances are that having a network source of truth is not only beneficial but absolutely critical. However, there are several indicators that can assist you in deciding whether you need a source of truth or not:
- You have a complex network. If your network has multiple devices, services, and connections, it’s difficult to keep track of everything manually.
- You’re experiencing network issues. If your network is experiencing issues, then having a network source of truth can help you quickly identify the cause of the problems and take corrective action.
- You have multiple administrators. If there are multiple administrators responsible for managing your network, then having a network source of truth can help ensure that everyone is working with the same accurate and consistent information.
- You need to enforce security policies. Enforcing such policies is much easier if you have one source of truth. In addition, it’ll improve security and reduce downtime due to a lack of connectivity, which often results from a firewall misconfiguration.
Additional Benefits of a Network Source of Truth
A network source of truth serves as a backbone layer with raw data. It contains the state of your network as a whole. Based on this data, you can define network monitoring. Thus, you can receive alerts when there is a configuration drift, downtime, or other incidents. This basically allows you to tailor your monitoring to your specific network.
Furthermore, another advantage of having a network source of truth is compliance management. If you need to comply with standards such as PCI-DSS, Sarbanes-Oxley (SOX), and others, it can help you dramatically. You can generate a report based on the data to understand what should be done to fully comply with the standard. Last but not least is capacity planning. If you collect metrics on network bandwidth utilization and other performance factors, you can identify capacity issues before they arise.
Conclusion
Administering a network is hard, especially if we’re talking about large and complex networks. Likewise, troubleshooting networking issues is hard as well. A network source of truth can help. It can gain visibility into the desired network state versus the current one. Automation tools that are integrated with the source of truth can help automatically provision the devices back to the desired state. Moreover, it can also help with security, compliance, and monitoring.
Today, getting a network source of truth is much easier than ever before. There is no longer a need for labor-consuming spreadsheets and manual data entry. We can easily document the intended state of the network, visualize it via a fancy UI, and provision devices with the click of a button. You can work without it, but in most cases, you really shouldn’t if you want to make your work easier.
This post was written by Alexander Fridman. Alexander is a veteran in the software industry with over 11 years of experience. He worked his way up the corporate ladder and has held the positions of Senior Software Developer, Team Leader, Software Architect, and CTO. Alexander is experienced in frontend development and DevOps, but he specializes in backend development.