Network Management Sucks!!!

Terry Slattery
Principal Architect

Jimmy Ray Purser, a blogger and video blogger for Cisco and Network World, just did a blog with that title.   In that blog post, he makes several comments that are right on target with the deficiency of most network management systems:

– It is a lot of manual correlation
– Correlation, Correlation, Correlation. There is so much data out there that I can use to make some very informed decisions, I just need to know what it is in readable form and not MIB OID strings.

I found the follow-up comments about various products to be an interesting view into what people think of network management products.  The problem that JimmyRay describes is exactly why Netcordia’s NetMRI exists.  Just collecting data and sticking it into a database is not network management, at least for me.  I know what analysis needs to be done on the network.  I know how to diagnose problems and what data to collect to do the diagnosis.  What’s lacking are tools that allow me to build rules that do the basic analysis and correlation between various sources of data, just as JimmyRay describes (see his comment about correlating Flow management).

A good example of correlation comes in validating the root bridge of each VLAN in your infrastructure.  If all you have are configs (let’s say you have 100 switch configs), and each config contains a definition of VLAN 100, and there are commands that specify the bridge priority for each STP domain, can you use the configs alone to determine the placement of the root bridge in each STP domain (which is per VLAN when using PVST)?  You need to know which switches are in which Layer 3 subnet, each of which corresponds to an STP domain. That data is not in the configs.  You have to go to the operational data in the network to see which switches are in each STP domain.  You can then check the bridge priority of those switches in each STP domain to determine which is the root bridge.  So we’re correlating operational data with the bridge priority to determine root bridge selection.  How many STP domains do you have where the root bridge has not been properly selected?  Do you know which switch in each STP domain is currently the root?  And more importantly, which STP domains need you to select a root bridge (i.e. all the priority settings are the same, so lowest MAC address is the tie-breaker)?

The above is just one example.  Consider correlating syslog events with other operational or configuration data. There are many, many more.

I think we’re going to see network analysis and correlation become much more important in the coming few years.  The analysts are starting to understand it and why it is important.  I can’t wait to build a lot of interesting analysis rules and increase visibility into the networks I run.  BTW, NetMRI does some correlation and analysis, making it one of the few network management systems out there that actually reduces my work load instead of increasing it.



Re-posted with Permission 

NetCraftsmen would like to acknowledge Infoblox for their permission to re-post this article which originally appeared in the Applied Infrastructure blog under


Leave a Reply


Nick Kelly

Cybersecurity Engineer, Cisco

Nick has over 20 years of experience in Security Operations and Security Sales. He is an avid student of cybersecurity and regularly engages with the Infosec community at events like BSides, RVASec, Derbycon and more. The son of an FBI forensics director, Nick holds a B.S. in Criminal Justice and is one of Cisco’s Fire Jumper Elite members. When he’s not working, he writes cyberpunk and punches aliens on his Playstation.


Virgilio “BONG” dela Cruz Jr.

CCDP, CCNA V, CCNP, Cisco IPS Express Security for AM/EE
Field Solutions Architect, Tech Data

Virgilio “Bong” has sixteen years of professional experience in IT industry from academe, technical and customer support, pre-sales, post sales, project management, training and enablement. He has worked in Cisco Technical Assistance Center (TAC) as a member of the WAN and LAN Switching team. Bong now works for Tech Data as the Field Solutions Architect with a focus on Cisco Security and holds a few Cisco certifications including Fire Jumper Elite.


John Cavanaugh

CCIE #1066, CCDE #20070002, CCAr
Chief Technology Officer, Practice Lead Security Services, NetCraftsmen

John is our CTO and the practice lead for a talented team of consultants focused on designing and delivering scalable and secure infrastructure solutions to customers across multiple industry verticals and technologies. Previously he has held several positions including Executive Director/Chief Architect for Global Network Services at JPMorgan Chase. In that capacity, he led a team managing network architecture and services.  Prior to his role at JPMorgan Chase, John was a Distinguished Engineer at Cisco working across a number of verticals including Higher Education, Finance, Retail, Government, and Health Care.

He is an expert in working with groups to identify business needs, and align technology strategies to enable business strategies, building in agility and scalability to allow for future changes. John is experienced in the architecture and design of highly available, secure, network infrastructure and data centers, and has worked on projects worldwide. He has worked in both the business and regulatory environments for the design and deployment of complex IT infrastructures.