Communication networks are comprised of large numbers of interconnected devices, such as routers. Devices can be configured within the network to process communication messages, to interface with their neighbours and to host services. There are various companies that produce network devices and each company has a variety of models with an array of features, the number of models increasing on a regular basis. The network architectures used within these networks today can be complex with considerable security features and options to ensure high consistency, such as redundancy. The services run on the network devices for customers, such as virtual private network services, are growing in number, in security and in quality of service.
These large number of network device models, architectures and potential services create a very complex environment of configurations within the network devices. These complexities are exponentially increased even further when considering the general need to consistently adjust the network, for example due to network expansions and/or security breaches. When a new network device is added to the network, configurations of numerous network devices must be adjusted. For instance, this is similar in cases that a network device is removed from the network, a source of a worm attack is located and must be isolated or a new service is launched for a particular customer or group of customers. The configurations of the network devices are regularly changing.
The setting up of the configurations for a network device is typically done based upon a template for the device's model that is adjusted for the particular device manually by a network technician. As the need arises, the network technician further adjusts the network device configuration to accommodate desired changes within the network (addition/removal of devices, react to worm attacks etc.).
The accuracy of the configurations set by, the network technicians is critically important to the proper operation, security and efficiency of the network. With incorrect configurations, some potential problems include messages getting improperly routed, security lapses that hackers could exploit and communications being routed via non-ideal links that reflect an incorrect cost and/or bandwidth accounting of links. These problems easily occur due to the manual nature that these configurations are generated and input to the network devices. In all, the configurations are generally complex, critically important and, if maintained in ideal states, could increase the network's bandwidth while increasing quality of service for the customer. Hence, it is of high importance to ensure that network device configurations remain accurate.
One solution for ensuring the configurations within the network devices are accurate has been developed by Cisco Systems of San Jose, Calif. called Cisco NetSys Baseliner. In this software, Cisco allows for a static configuration validation of the network devices of the network. These validations are based on a direct comparison between the network devices' configurations and a preset ideal for the particular device. This software further allows pictorial images of the network architecture to be produced and potentially for a network technician to view the configuration data of a particular network device.
The Cisco NetSys Baseliner does not detect the services being run on the network devices that are being compared and further does not dynamically adjust the ideal settings for the network device based upon its specific utilization. Although the software helps to manage the network by providing a limited validation tool and a graphical user interface for viewing the network architecture, the software has limited use as a complete network configuration validation tool. There are considerable configuration elements that must be reviewed that are unique to specific network elements based upon their model, position within the network and/or the services running on them.