[nsp] pushing config changes out to routers
John Osmon
josmon at rigozsaurus.com
Wed Aug 6 11:11:33 EDT 2003
On Wed, Aug 06, 2003 at 11:39:45AM -0400, Streiner, Justin wrote:
> While we're more or less on the subject, I'd be curious to see how various
> networks manage pushing mass configuration changes (BGP filters, regular
> password changes, updates to standard configs, etc) out to their boxes.
> >From past experience I'll hazard a guess that this is largely custom
> applications that people have specifically tailored to their needs.
>
> Specifically, I'm interested in what safeguards people put in place to
> 1) hopefully prevent a typo in a master config database from getting
> pushed out to lots of devices, possible causing a large outage,
> and
> 2) integrity checking of the pending config beyond things like making sure
> that a static route has the correct next-hop address, e.g. things
> like if interface X has access-group Y applied to it, make sure
> that access-list Y actually exists...
Not *exactly* what you're looking for, but some useful food for thought
while on you're contemplating such ideas:
http://www.nanog.org/mtg-0210/abley.html
More information about the cisco-nsp
mailing list