We have heavily modified a version of the MRLG ( ftp://ftp.enterzone.net/looking-glass/ ) to provide controlled router access to a specific (mostly internal) audience. We have found that allowing people who normally have no router access, to have read-only access to some normally enable-only commands through a Web interface has been invaluable in delegating diagnostics and "peer review". The major benefit of a Web-based interface is that we can control the commands, input parameters, output display, and usability much better than with a command line interface. For example, we allow "show config", but we cover up any security-sensitive information (passwords, SNMP strings, TACACS keys, server IP addresses, etc) in the command output. The control is very flexible, allowing certain users to see only certain things, or be able to execute commands that other users can't, for example. We can embed HTML links in the output to related resources (Web-based help, graphs, related commands, etc). Everything is encrypted via SSH/SSL, and can be tracked for audit and security purposes. To see something similar to what we have done (and where we got the idea from), see the Internet2 Abilene Core Node Router Proxy at http://loadrunner.uits.iu.edu/%7Erouterproxy/abilene/ Source code for the I2 Proxy is available from http://tseg.uits.indiana.edu/dist Pete. On Thu, 18 Jul 2002, Scott Granados wrote:
Date: Thu, 18 Jul 2002 12:00:38 -0700 (PDT) From: Scott Granados <scott@graphidelix.net> To: nanog@merit.edu Subject: looking glass
What are people using for looking glass software. Is it just some simple perl code which grabs data from the router or is it more complex than that?
Thanks
Scott