Jul 9 – 13, 2018
Sofia, Bulgaria
Europe/Sofia timezone

Evolving CERN’s Network Configuration Management System

Jul 10, 2018, 4:00 PM
Sofia, Bulgaria

Sofia, Bulgaria

National Culture Palace, Boulevard "Bulgaria", 1463 NDK, Sofia, Bulgaria
Poster Track 8 – Networks and facilities Posters


Stefan Nicolae Stancu (CERN)


The CERN IT Communication Systems group is in charge of providing various wired and wireless based communication services across the laboratory. Among them, the group designs, installs and manages a large complex of networks: external connectivity, data-centre network (deserving central services and the WLCG), campus network (providing connectivity to users on site), and last but not least dedicated networks for the LHC accelerator control or experiments.

Overall, these networks comprise approximately 400 routers and 4000 switches from multiple vendors and from different generations, with heterogeneous configurations depending on the network area they deserve. To ensure a consistent reproducible configuration across all these devices, an in-house software (denoted as “cfmgr”, Perl based) has been developed and augmented over the past 20 years. Based on a central network database (which stores the network model information for all connected devices at CERN), cfmgr is able to derive and enforce the desired configuration on all these network devices.

The cloud computing demand for increased agility in network provisioning has resulted in the development of the network configuration ecosystem (both from network vendors and from the open-source community). Faced with the requirement of deploying a new generation of routers, we have evaluated the functionality of various network configuration tools and libraries, and we are planning to evolve our network configuration management platform by modularizing it in components that can be changed independently, and making use of open-source libraries:
- the generation of an abstract network device configuration;
- the translation of the abstract model to a device specific configuration, and
- enforcing the configuration on the network devices.

We will present an overview of our study of the available network configuration tools (mainly NAPALM and the orchestration platforms that have modules for using it), as well as the architecture of our original and evolved network configuration management software.

Primary authors

Presentation materials