On Fri, 1 Oct 2010 00:25:34 -0400 Jared Mauch <jared@puck.nether.net> wrote:
I really wish there was a good way to (generically) keep a 4-6 hour buffer of all control-plane traffic on devices. While you can do that with some, the forensic value is immense when you have a problem.
Not precisely what you're looking for, but you can monitor the OSPF database in other ways. See some of early OSPF work described here for instance: <http://www2.research.att.com/~ashaikh/presentations.php> I had written a simple utility to grab the LSA counts and checksum values from a set of routers.when I converted a RIP network to OSPF. The network consisted of about 25 routers and 300 routes. It was invaluable to as a sanity check to see if all routers were in agreement. Packet Design's Route Explorer may be a commercial implementation of this sort of thing. I've only an early version of that at an earlier NANOG and have never used it. It seemed like cool technology at the time, but don't take that as an endorsement. Ob op note: I do recall one older IOS router where it would never have exactly the same checksum values as the other. After manually inspecting the routes I had concluded that it was an artifact of the IOS code being run, which was an old 11.x train and the only one in the net at the time. John