[nsp] pushing config changes out to routers

John Osmon josmon at rigozsaurus.com
Wed Aug 6 11:11:33 EDT 2003


On Wed, Aug 06, 2003 at 11:39:45AM -0400, Streiner, Justin wrote:
> While we're more or less on the subject, I'd be curious to see how various
> networks manage pushing mass configuration changes (BGP filters, regular
> password changes, updates to standard configs, etc) out to their boxes.
> >From past experience I'll hazard a guess that this is largely custom
> applications that people have specifically tailored to their needs.
> 
> Specifically, I'm interested in what safeguards people put in place to
> 1) hopefully prevent a typo in a master config database from getting
> 	pushed out to lots of devices, possible causing a large outage,
> 	and
> 2) integrity checking of the pending config beyond things like making sure
> 	that a static route has the correct next-hop address, e.g. things
> 	like if interface X has access-group Y applied to it, make sure
> 	that access-list Y actually exists...

Not *exactly* what you're looking for, but some useful food for thought
while on you're contemplating such ideas:
   http://www.nanog.org/mtg-0210/abley.html


More information about the cisco-nsp mailing list