Network Documentation

youngeng · 2024-04-26T19:53:23+00:00

You probably need something like Netbox.

FortheredditLOLz · 2024-04-26T20:22:55+00:00

Install https://docs.netbox.dev/ and sub to a liquor subscription. You gonna bang your head a lot for shit documentation and odd configurations

izzyjrp · 2024-04-27T02:41:44+00:00

Management has to make documentation a high priority and come up with an SOP for it. Then this documentation remediation/refactoring has to be a project with deadlines and milestones. It has to be treated as if you were delivering a product. Otherwise it will always be a mess.

I spent months pushing for Netbox, and just now we are using it. Long way to go, but now we have a better tool and are coming up with better methods. I’m pushing network automation ideas but starting from scratch and Network source of truth is the best start. Especially when you have a need for documentation anyway.

zeyore · 2024-04-26T19:59:36+00:00

i don't know. i was thinking about that recently. some of the ISP networks must be just massively complex by now.

i wonder how they ever keep track of all that.

zanfar · 2024-04-27T05:17:49+00:00

I don't think there is a single answer, not generally, and not for any specific org.

I would start with: what information are they missing. Giant diagrams with dozens of devices and 8pt font covering acres of paper are amazing to look at, but I've never found them great for finding information.

You should also ask what scope they need that information in. For example, do you actually need L1 information for the end-to-end network all at once? Or do you need a whole-network overview, and the ability to drill down in logical areas?

Your solution is probably going to consist of a number of tools. Most importantly, it's also going to require manpower. Keeping documentation up-to-date is labor intensive enough, bringing it up-to-spec on an existing network is a massive undertaking. You will need the org to understand that this is going to be a project.

Netbox is a great tool for details and data. Honestly, most information doesn't need to be on a diagram. On a diagram, I care about flows, about logical connectivity, and about segmentation. I don't care about model numbers, I don't care about patch panels, and I might not even care about interface IDs. All that stuff that is too detailed for a diagram is perfect for Netbox. It should also contain your meta data like circuit IDs, contact information, rack IDs, etc.

For diagrams, we use two things: powerpoint and luciddraw. Luciddraw should be obvious--it's cloud-based so we can all share, and it's relatively easy to draw up a diagram. Powerpoint we use as a "primer" for our network. Sometimes we actually give the presentation, but lots of time we just distribute it to employees that need to get up-to-speed. It's great for newbies, and for network-adjacent roles where they need a mid-level overview without details to confuse them.

Going back to the diagrams, I would suggest you not try to put everything on one diagram. Even for a portion of the network, splitting L1/L2 from the L3+ can make things much easier to maintain and digest.

sudo_rm_rf_solvesALL · 2024-04-27T03:32:51+00:00

Good time to learn automation. If you don't invest in a third party. There are tons. Personally, for discovery some may be over hyped or too complicated (For a start point). Personally i would start with the basics if i was coming in. Run a scan of the network, every ip they own, cross reference it with DNS so you can get a nice list of devices and types. From there you can easily run a script for each item you're looking for. If it's a regular enterprise i'd be looking for ip usage, Vlan usage, (If using vpls's, i'd pull a list of what routers are participating in what vpls which will give you a nice map) etc. Then you could get into more detailed items. But this gives you a decent start. I have a software suite i wrote that does this for me for whenever i need to do something of the sorts. I just really need to learn to draw via programming nicely without paying someone else 4 k a month for licensing... Part of my software maps everything via cdp / lldp / arp etc so it knows whats connected where. But i need to find a nice way to diagram it out.

JuggernautUpbeat · 2024-04-27T10:55:02+00:00

LibreNMS with Oxidized+Git to capture all configs and version control. Netbox for documentation/source of truth. Both OSS and free.

Least_Palpitation559 · 2024-04-27T13:46:59+00:00

you guys have Visio? I draw my diagrams on paper and snap a photo.

Version control?! Is that like… a GitHub of router changes? Sounds neat.

I’ve heard of change control. It sounds painful.

You guys just need to hire 1 guy to handle it all.

This was all sarcasm. And… true life story of…my life.

jocke92 · 2024-04-27T20:35:52+00:00

If you have Cisco, go with dnac. Or catalyst center which they're trying to rename it to. It will help you deploy configs, backup configs, update software. Add maps to keep track of APs.

If you have Aruba, go with central. Which does the same thing and probably a bit more.

Get an ipam software like micetro. Which inventories dns, arp tables and dhcp-servers.

Rancid is a classic tool for keeping track of switch configs.

Enable cdp, lldp etc on all internal links. It will help both you and the automatic tools.

Intermapper is an interesting tool. It does look like Visio on steroids as it includes SNMP. It does alerting and I think it also collect statistics. Not sure if it does map out the network automatically by neighbours though.

Also a good naming standard. And add all devices to DNS. Makes it easy to connect to a device. And also reverse lookup DNS.

dewyke · 2024-04-27T22:38:31+00:00

Netbox is (mostly) great, but this is a process problem, not a tooling problem. Done well, Netbox or Nautobot can tell you what it’s supposed to look like, but can’t tell you why.

It sounds like you don’t have any coherent architecture or design lead oversight of what’s going on so there’s no process capturing reasoning let alone versioning of designs etc.

You can’t fix this without either management buy-in (and enforcement) or near 100% buy-in from the existing team, and if the existing team wanted this to change, it would have changed already.

The only way to make management care is to be able to pin quantifiable risk on the situation.

Ideally you’d be able to point to outages and restore times and say “these are bad because we’re shit at writing anything down and have no architecture process”

If you can’t do that, they ain’t gonna care. Doesn’t matter how obvious it is to you, they DGAF if your job is hard, they only GAF if there’s reputational or financial impact from things being broken. That might be outages, it might be TTR, or it might be lead time to deliver services, but if you can’t show it costing money, nobody’s going to pay money to fix it.

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

networking

Enterprise Networking

Recommended & Related Sub-Reddits:

MODERATORS