### On Thu, 29 Sep 2005 13:25:48 -0700, Bruce Pinsky <bep@whack.org> ### casually decided to expound upon Randy Bush <randy@psg.com> the ### following thoughts about "Re: [eng/rtg] changing loopbacks": BP> > what [else] am i missing? BP> BP> In addition to what others have said, I'd ask: BP> BP> - - Any ACL's anywhere that filter based on the old loopbacks? BP> - - Any VTY access controls on the router based on the old loopbacks? BP> - - Any external systems like authentication servers, management systems, BP> etc, etc that need the old loopbacks and can't dynamically adapt? BP> - - Any internal routing policies that reference the old loopbacks? BP> - - Any DNS entries that need to be migrated (CNAME->A references)? Also want to keep in mind things like tunnel endpoints (IPv6, VOIP, multicast, VPN, etc). Barring any sort of advanced config management package, grep and diff become your friends (some would say despite). As a first pass, I'd snarf down all configs and do a grep for the loopbacks to indtify which ones need attention. Then make your changes in each config and do diffs to verify. Then I'd stage out deployment with stub and leaf nodes going last to minimise churn in OSPF. If you've got iBGP going and are using route-reflectors then do the top-most hierarchy first before the lower clusters. -- /*===================[ Jake Khuon <khuon@NEEBU.Net> ]======================+ | Packet Plumber, Network Engineers /| / [~ [~ |) | | --------------- | | for Effective Bandwidth Utilisation / |/ [_ [_ |) |_| N E T W O R K S | +=========================================================================*/