Skip to main content

Implementing change management for network modifications has multiple benefits:

  • Minimizes Downtime and Disruptions – Proper change management ensures that all modifications are planned, tested, and reviewed before implementation, reducing the risk of unexpected outages or performance issues.
     
  • Enhances Security and Compliance – By maintaining a structured approval process, organizations can prevent unauthorized changes that might introduce vulnerabilities and ensure compliance with industry regulations and internal security policies.
     
  • Improves Accountability and Documentation – A well-defined change management process creates a clear audit trail of network modifications, making it easier to troubleshoot issues, track performance impacts, and maintain historical records for future reference.

Forward Enterprise can be used to validate if the state of the network matches its operational objectives before, during, and after a Change Control.

 

The basic steps for this procedure are as follows:

 

  1. Identify the devices or cloud objects that are part of the change. 

    It may be useful to include devices or cloud objects that are not being modified as part of the change, but have a high potential for impact.

    For example, suppose you are modifying the routing configuration of two routers in a remote office that has 10 networking devices and a VPN tunnel back to the main office. It would be useful to include all 10 devices at the remote site, plus devices at the central location that remote traffic uses to reach a critical application.
     
  2. Identify existing intent checks or create new intent checks that will help validate the change.

    For example, you could create a path search intent check that verifies that an end host in the remote office can reach a critical application in the main office

    Intent Verification (FWD.app Documentation)

 

 

  1. Create a workspace network that includes all the devices and intent checks from steps 1 and 2

    Workspace Creation (FWD.app Documentation)

 

  1. Run a collection on the workspace network before starting the change.

 

 

  1. Complete the required network changes for the Change Control.
  1. Run a second collection on the workspace network.
  1. Use Diffs and Intent Checks to validate the state of the network.

 

Diffs (FWD.app Documentation)

Intent Verification (FWD.app Documentation)

Check out my other article on Diffs with Inventory+:

 

Additional Considerations

  • When creating the workspace network, you can copy existing intent checks from the parent network. This way you can keep a library of often used intent checks.
     
  • Use the Diff feature to look for unexpected changes in route tables, interface states, etc.
     
  • You can create advanced intent checks that contain NQE queries to validate for complex settings. For example, you could create an NQE intent check that verified that all BGP peers on all devices are in the Established state.
     
  • You can configure alerts on your intent checks to receive an in-app banner notification or an email if an intent check fails.
     
  • Before the Change Control, you can create an intent check that will validate the expected state of the network after the change. For example, if the Change Control were to permit new traffic between two points on the network, you could create an intent check between the network locations that would fail before the change, but pass after the change is complete.
Be the first to reply!

Reply


Badge winners

  • Community Champ Award
    CarlBhas earned the badge Community Champ Award
  • Community Champ Award
    Christopherhas earned the badge Community Champ Award
  • NQE Collaborator
    Rohit_809 Kumarhas earned the badge NQE Collaborator
  • Community Champ Award
    Vladi Bhas earned the badge Community Champ Award
  • Community Champ Award
    dakotagloryhas earned the badge Community Champ Award
Show all badges
Terms of UseCookie settings