[j-nsp] Network Configuration Management

Eric Van Tol eric at atlantech.net
Mon Jun 18 14:13:16 EDT 2007 

We use a combination of RANCID and Solarwinds Cirrus Configuration
Manager.  Cirrus allows you to run command scripts, check Cisco router
inventory, find IPs in the network, and many other things:

http://www.solarwinds.net/products/Cirrus/index.aspx

If you don't have the programming experience needed for generating your
own scripts, Cirrus is a great tool to use, although a bit on the pricey
side.

-evt

> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net 
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of 
> Warren Kumari
> Sent: Monday, June 18, 2007 11:17 AM
> To: Kevin Oberman
> Cc: juniper-nsp at puck.nether.net; phil colbourn
> Subject: Re: [j-nsp] Network Configuration Management
> 
> For config backups and revisioning I usually use RANCID 
> combined with  
> some scripts that parse the downloaded configs, pull the serial  
> number data out and stick it in a database somewhere -- this is  
> primarily to make sure that I don't redeploy a known defective card  
> (or a card that gets shipped back via an RMA).
> 
> As for implementing config changes, that all depends on what the  
> changes are and what the situation is:
> If it is a simple, non-critical change that has no logic involved  
> (eg: changing all of your NTP servers) I usually just throw together  
> a shell script that calls jlogin (from RNACID) directly, something  
> along the lines of:
> for router in `ls`
>    do
>      jlogin -c "<Commands to be run>" $router
>      sleep 2
>   done
> 
> If it is a more complex change (eg: If interface description 
> contains  
> "blah" then set foo) I usually throw together something in perl /  
> python.
> 
> I started writing a program at one stage that would take some  
> conditions to check for and commands to run if those conditions  
> match, but it quickly developed feature creep and ended up trying to  
> do to much (eg: "FIND interface WHERE neighbor_as = 123 AND DO SET  
> INTERFACE_DESCRIPTION TO BE "Connects to AS123" ON ALL ROUTERS LIKE  
> "peer*.*" STOP) -- I found myself spending so much time 
> debugging the  
> program and trying to remember the syntax that I had created that I  
> deleted it in disgust!
> 
> Keep in mind that if you have been sloppy or if your current configs  
> are somewhat messy performing automated changes can be very 
> dangerous  
> -- I used to work at a cisco shop that used numbered access lists --  
> someone decided to script pushing out a new version of the SNMP  
> access list, which *should* have been 161 on all routers..... Except  
> for the 30 or so that used that to lock down the management 
> interface  
> and the 15 or so that used that as an edge ACL....
> 
> Warren
> www.kumari.net
> 
> 
> 
> 
> On Jun 17, 2007, at 10:45 PM, Kevin Oberman wrote:
> 
> >> From: phil colbourn <phil.colbourn at railcorp.nsw.gov.au>
> >> Date: Mon, 18 Jun 2007 10:43:06 +1000
> >> Sender: juniper-nsp-bounces at puck.nether.net
> >>
> >> I would be interested in knowing what configuration management  
> >> systems
> >> (commercial, open source or home-grown) that you use or 
> have used to
> >> implement router/switch config changes, upload/download configs,  
> >> track
> >> versions and track assets.
> >
> > I use a modified version of rancid (http://www.shrubery.net/rancid).
> > Free and very widely used.
> > -- 
> > R. Kevin Oberman, Network Engineer
> > Energy Sciences Network (ESnet)
> > Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
> > E-mail: oberman at es.net			Phone: +1 510 486-8634
> > Key fingerprint:059B 2DDF 031C 9BA3 14A4  EADA 927D EBB3 987B 3751
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> 
> --
> If the bad guys have copies of your MD5 passwords, then you have way  
> bigger problems than the bad guys having copies of your MD5 passwords.
> -- Richard A Steenbergen
> 
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list