Naming conventions

[Ironman]

The Lord of the Rings one is funny. Can't believe you didn't watch those movies though!

One of the coolest and pretty basic names I've seen was "Glutton" this was a 8TB storage server at a SMB.

[srg]

When this thread started I wrote a post about "anything but Lord of the Rings characters" but forgot to actually post it

sent from phone.

[Bit_Jockey]

Totally. Of course, working on routers and stuff is kinda sorta also nerdy.

You be careful Deanwebb! 

[wintermute000]

for the love of god, please use delimiters.

what would you rather see?

AU-VIC-MUL-CORE-SW-01

or

auvicmulcoresw01

[that1guy15]

and no underscores, use dashes.

I have been in a company that did jazz musicians, another that did Looney Toons and another that did Star wars. I know it used to be popular to do this but it has always driven me batt-shit crazy.

[SimonV]

Any recommendations or best practices on naming your firewall objects, groups, policies, ACLs, etc?

[deanwebb]

Any recommendations or best practices on naming your firewall objects, groups, policies, ACLs, etc?

When I add an object to my firewall, I like to name it with its FQDN-IP.address, so instead of having to wonder what host goes with what IP, I can see something like:

USA-CHI-SRV4220.my.domain.nom-192.168.4.26

Now I know what IP that server has and I know what server is at that IP, all at the same time.

and no underscores, use dashes.

I have been in a company that did jazz musicians, another that did Looney Toons and another that did Star wars. I know it used to be popular to do this but it has always driven me batt-shit crazy.

That kind of stuff is fine for when you and a small group are the only ones in a small company... get more than one site, and you really need to do a much less humorless sort of organization.

[Otanx]

Host names are LOC-TYPE-INSTANCE so VEGAS-RTR-01. For DNS every interface goes into DNS as an A record (VEGAS-RTR-01-G0-0 or VEGAS-RTR-01-LOOP0. Then the root host name gets a CNAME pointed to the interface we use to manage the device.

For firewall rules each host gets an object with it's IP. We don't put the IP in the name as IPs change too often in our environment. Then an object group gets created for services (DNS, NTP, TACACS, WEBSITE1, WEBSITE2, etc) then the host object is nested into the groups of services it offers. Ports are object groups based on services. So DNS would have a DNS-PORTS group with both tcp and udp 53. Finally an object group for clients of the service. This may contain ranges (i.e. DNS clients group is 10.0.0.0/8) Then rules are based off of these objects - DNS-CLIENTS to DNS-SERVERS on DNS-PORTS. There is overlap with some things. If a server is hosting two websites then one rule would not be hit, but this way if we move one website then changing the rule for that will not break the other website.

-Otanx

[killabee]

and no underscores, use dashes.

And not too many dashes  .  It lengthens the name, and when you go deep into the configuration sub sections the name starts to get truncated. 

Our device hostnames usually contain Location, Floor (if applicable), device model, and instance number (usually in that order).  We put them in DNS for easy identification, but quite frankly, I tend to trust IPs vs hostnames when troubleshooting.

We don't really have a convention for FW items.  Just as long as the name makes sense and relates to what it does. 

[Nerm]

Went onsite once and the client had their core routers named "router-on-the-left" and "router-on-the-right". Simply genius eh? lol, but wait it gets better. Their switches were named "switch-top", "switch-second-from-top", switch-third-from-top" and so forth. That was an interesting project. 

[deanwebb]

It would be nice if we had a super-awesome network naming convention that would work at all locations that the brotherhood of networkers would use so that when networkers moved from job to job, they'd always have a naming convention that they were familiar with.

Company stock ticker-nation-city-building-room-rack-shelf-function code

MSFT-USA-BELLVUE-37-H201-3B-4-FW

Don't like long device names? Move to shorter cities! Get out of Stratford-upon-Avon and shift operations to Aa, Estonia!

http://en.wikipedia.org/wiki/List_of_short_place_names ought to help with this.

"Where's your US data center?"

"B, Ohio."

"Hey, ours is there, too! Small world! Is your European data center in Y, France?"

"No, it's in Å, Sweden."

[javentre]

Company stock ticker-nation-city-building-room-rack-shelf-function code

MSFT-USA-BELLVUE-37-H201-3B-4-FW

FWIW:  There are plenty of big places that have no stock ticker, and not everyone wants to advertise the location of their assets in DNS.

[deanwebb]

Too bad for them.
1. Time for an IPO: the network needs it!
2. Use reverse records so that hackers see WF-4-B3-102H-73-EUVLLEB-ASU-TFSM and think, "wow, this is too hard to hack. I'll just hack my neighbor's wireless access point, instead."

[jinxer]

It would be nice if we had a super-awesome network naming convention that would work at all locations that the brotherhood of networkers would use so that when networkers moved from job to job, they'd always have a naming convention that they were familiar with.

Company stock ticker-nation-city-building-room-rack-shelf-function code

MSFT-USA-BELLVUE-37-H201-3B-4-FW

Don't like long device names? Move to shorter cities! Get out of Stratford-upon-Avon and shift operations to Aa, Estonia!

http://en.wikipedia.org/wiki/List_of_short_place_names ought to help with this.

"Where's your US data center?"

"B, Ohio."

"Hey, ours is there, too! Small world! Is your European data center in Y, France?"

"No, it's in Å, Sweden."

Oh yea.. That would of simplified things so much. Even if its not company stock name almost every place has a 3 or 4 letter short name that would of been easy to relate to.


Sent from my iPhone using Tapatalk

[mynd]

and no underscores, use dashes.

why the hate on underscores?