Network Configuration Management
Just curious what people are using for network configuration manangement systems. I'm guessing most places have something built in-house, but before starting down that road I figured it would be a good idea to see if people have any off-the-shelf systems they like. Some features I'd like to have: * Interface configs * Firewall filter configs * BGP session configs * User management * Support for multiple router and switch vendors (at least Juniper and Cisco) -- Chip Marshall <chip@2bithacker.net> http://2bithacker.net/
I've never found anything that hits all of my needs. The closest off the shelf thing I've ever found is the Network Control System from Tail-F ( http://www.tail-f.com/network-control-system/). We're using a custom built app that's been refined over the last decade and does a really nice job. It uses a very similar model of configuration management as Tail-F does but now quite the application. Just generating config isn't all that difficult. The hard part is pushing to the devices and working out what to do when on-box and off-box doesn't match. Good luck in your search, and if you find something really cool, be sure to post back! --chip On Tue, Mar 12, 2013 at 1:58 PM, Chip Marshall <chip@2bithacker.net> wrote:
Just curious what people are using for network configuration manangement systems. I'm guessing most places have something built in-house, but before starting down that road I figured it would be a good idea to see if people have any off-the-shelf systems they like.
Some features I'd like to have: * Interface configs * Firewall filter configs * BGP session configs * User management * Support for multiple router and switch vendors (at least Juniper and Cisco)
-- Chip Marshall <chip@2bithacker.net> http://2bithacker.net/
-- Just my $.02, your mileage may vary, batteries not included, etc....
Solar winds ncm is great if you can tolerate their sales borg.
From my Android phone on T-Mobile. The first nationwide 4G network.
-------- Original message -------- From: chip <chip.gwyn@gmail.com> Date: 03/12/2013 11:09 AM (GMT-08:00) To: chip@2bithacker.net Cc: North American Network Operators Group <nanog@nanog.org> Subject: Re: Network Configuration Management I've never found anything that hits all of my needs. The closest off the shelf thing I've ever found is the Network Control System from Tail-F ( http://www.tail-f.com/network-control-system/). We're using a custom built app that's been refined over the last decade and does a really nice job. It uses a very similar model of configuration management as Tail-F does but now quite the application. Just generating config isn't all that difficult. The hard part is pushing to the devices and working out what to do when on-box and off-box doesn't match. Good luck in your search, and if you find something really cool, be sure to post back! --chip On Tue, Mar 12, 2013 at 1:58 PM, Chip Marshall <chip@2bithacker.net> wrote:
Just curious what people are using for network configuration manangement systems. I'm guessing most places have something built in-house, but before starting down that road I figured it would be a good idea to see if people have any off-the-shelf systems they like.
Some features I'd like to have: * Interface configs * Firewall filter configs * BGP session configs * User management * Support for multiple router and switch vendors (at least Juniper and Cisco)
-- Chip Marshall <chip@2bithacker.net> http://2bithacker.net/
-- Just my $.02, your mileage may vary, batteries not included, etc....
Just an FYI on "if you can tolerate their sales borg". If you request a quote and do not purchase, get ready for a borg attack of emails and calls. On topic: We're trying to survive with RANCID, which is great for pushing changes without any feedback... Last job we used Solarwinds NCM, and that's a fairly nice tool. We also had HP on site with their "Configuration Management System", which looked good until we started looking into support for Enterasys and Brocade. There were some short comings and expectation for custom written code to support 3rd party hardware. -P -----Original Message----- From: Warren Bailey [mailto:wbailey@satelliteintelligencegroup.com] Sent: Tuesday, March 12, 2013 11:15 AM To: chip; chip@2bithacker.net Cc: North American Network Operators Group Subject: Re: Network Configuration Management Solar winds ncm is great if you can tolerate their sales borg.
From my Android phone on T-Mobile. The first nationwide 4G network.
-------- Original message -------- From: chip <chip.gwyn@gmail.com> Date: 03/12/2013 11:09 AM (GMT-08:00) To: chip@2bithacker.net Cc: North American Network Operators Group <nanog@nanog.org> Subject: Re: Network Configuration Management I've never found anything that hits all of my needs. The closest off the shelf thing I've ever found is the Network Control System from Tail-F ( http://www.tail-f.com/network-control-system/). We're using a custom built app that's been refined over the last decade and does a really nice job. It uses a very similar model of configuration management as Tail-F does but now quite the application. Just generating config isn't all that difficult. The hard part is pushing to the devices and working out what to do when on-box and off-box doesn't match. Good luck in your search, and if you find something really cool, be sure to post back! --chip On Tue, Mar 12, 2013 at 1:58 PM, Chip Marshall <chip@2bithacker.net> wrote:
Just curious what people are using for network configuration manangement systems. I'm guessing most places have something built in-house, but before starting down that road I figured it would be a good idea to see if people have any off-the-shelf systems they like.
Some features I'd like to have: * Interface configs * Firewall filter configs * BGP session configs * User management * Support for multiple router and switch vendors (at least Juniper and Cisco)
-- Chip Marshall <chip@2bithacker.net> http://2bithacker.net/
-- Just my $.02, your mileage may vary, batteries not included, etc....
Hi Chip, AOL published some good looking open source software, it does not handle BGP at this moment, but it does other tasks like ACLs quite well. It's designed to be tightly integrated with your existing CMDB/RANCID, and it even takes timezones into account for pushing new configurations. Trigger: https://github.com/aol/trigger I plan on spending some cycles later this year on adding BGP functionality to Trigger Kind regards, Job On Mar 12, 2013, at 6:58 PM, Chip Marshall <chip@2bithacker.net> wrote:
Just curious what people are using for network configuration manangement systems. I'm guessing most places have something built in-house, but before starting down that road I figured it would be a good idea to see if people have any off-the-shelf systems they like.
Some features I'd like to have: * Interface configs * Firewall filter configs * BGP session configs * User management * Support for multiple router and switch vendors (at least Juniper and Cisco)
-- Chip Marshall <chip@2bithacker.net> http://2bithacker.net/
-- AS5580 - Atrato IP Networks
We use Rancid and have it run every hour against Juniper and Cisco gear. If there's a change, we get an email, and all the revisions are automatically saved in SVN. Attach WebSVN and you have a nice web viewer. You administer the devices as you normally would, but you'll have automatic version control and change monitoring. It's simple to set up, and free. -----Original Message----- From: Chip Marshall [mailto:chip@2bithacker.net] Sent: Tuesday, March 12, 2013 1:58 PM To: nanog@nanog.org Subject: Network Configuration Management Just curious what people are using for network configuration manangement systems. I'm guessing most places have something built in-house, but before starting down that road I figured it would be a good idea to see if people have any off-the-shelf systems they like. Some features I'd like to have: * Interface configs * Firewall filter configs * BGP session configs * User management * Support for multiple router and switch vendors (at least Juniper and Cisco) -- Chip Marshall <chip@2bithacker.net> http://2bithacker.net/ ------------------------------------------------------------------------------------------------ This e-mail, including attachments, is intended for the person(s) or company named and may contain confidential and/or legally privileged information. Unauthorized disclosure, copying or use of this information may be unlawful and is prohibited. If you are not the intended recipient, please delete this message and notify the sender.
On 2013-03-12, at 14:35, Jeffrey Negro <jnegro@advance.net> wrote:
We use Rancid and have it run every hour against Juniper and Cisco gear. If there's a change, we get an email, and all the revisions are automatically saved in SVN. Attach WebSVN and you have a nice web viewer. You administer the devices as you normally would, but you'll have automatic version control and change monitoring. It's simple to set up, and free.
And it's extensible, kind of. :-) http://www.nanog.org/meetings/nanog26/presentations/stephen.pdf Joe
Cisco Template Manager - http://www.gelogic.net/ M. On 03/12/2013 06:58 PM, Chip Marshall wrote:
Just curious what people are using for network configuration manangement systems. I'm guessing most places have something built in-house, but before starting down that road I figured it would be a good idea to see if people have any off-the-shelf systems they like.
Some features I'd like to have: * Interface configs * Firewall filter configs * BGP session configs * User management * Support for multiple router and switch vendors (at least Juniper and Cisco)
-----Original Message----- From: Chip Marshall [mailto:chip@2bithacker.net] Sent: Tuesday, March 12, 2013 1:58 PM To: nanog@nanog.org Subject: Network Configuration Management
Just curious what people are using for network configuration manangement systems. I'm guessing most places have something built in-house, but before starting down that road I figured it would be a good idea to see if people have any off-the-shelf systems they like.
Solarwinds NCM is what we use. It's multivendor and even handles menu-driven configurations and can easily be used to run commands on devices such as Linux servers for iptables firewall rules. It can perform inventory management and do things like search for MAC addresses on your network. Moreover, it can do policy reporting to ensure that your devices meet your configuration standards, both custom-made and for regulatory compliance like HIPAA/SOX/PCI/etc. We used to use RANCID, which worked great, but we outgrew it when we needed something to backup multiple vendors and didn't have the resources to modify the code to do what we needed. As other posters mentioned, their sales force is unrelentless, even after you purchase. It took a lot of complaining to finally get off whatever internal sales list we were on. Cost is also a concern, as it increases with the more devices you need to manage, plus there's a yearly maintenance fee. That said, I feel the cost is somewhat justified, as they have a pretty good development team that is quite active on their support forums and they listen to customer feedback for features. -evt
On Mar 13, 2013 9:31 AM, "Eric Van Tol" <eric@atlantech.net> wrote:
-----Original Message----- From: Chip Marshall [mailto:chip@2bithacker.net] Sent: Tuesday, March 12, 2013 1:58 PM To: nanog@nanog.org Subject: Network Configuration Management
Just curious what people are using for network configuration manangement systems. I'm guessing most places have something built in-house, but before starting down that road I figured it would be a good idea to see if people have any off-the-shelf systems they like.
Solarwinds NCM is what we use. It's multivendor and even handles
menu-driven configurations and can easily be used to run commands on devices such as Linux servers for iptables firewall rules. It can perform inventory management and do things like search for MAC addresses on your network. Moreover, it can do policy reporting to ensure that your devices meet your configuration standards, both custom-made and for regulatory compliance like HIPAA/SOX/PCI/etc.
We used to use RANCID, which worked great, but we outgrew it when we
needed something to backup multiple vendors and didn't have the resources to modify the code to do what we needed.
As other posters mentioned, their sales force is unrelentless, even after
you purchase. It took a lot of complaining to finally get off whatever internal sales list we were on. Cost is also a concern, as it increases with the more devices you need to manage, plus there's a yearly maintenance fee. That said, I feel the cost is somewhat justified, as they have a pretty good development team that is quite active on their support forums and they listen to customer feedback for features.
-evt
To those of you using Solarwinds: what about scalability? How many devices do you presently support with this solution, and under which hardware or VM and storage configuration, if you don't mind sharing that? Stefan
I've used Kiwi Cattools as well as some homegrown perl and shell script stuff for versioning / audit trails. Cattools works OK and scales. Unsure of pricing structure though. I never liked Ciscoworks for doing it even though it will manage your devices that way. On Wed, Mar 13, 2013 at 10:51 AM, Stefan <netfortius@gmail.com> wrote:
On Mar 13, 2013 9:31 AM, "Eric Van Tol" <eric@atlantech.net> wrote:
-----Original Message----- From: Chip Marshall [mailto:chip@2bithacker.net] Sent: Tuesday, March 12, 2013 1:58 PM To: nanog@nanog.org Subject: Network Configuration Management
Just curious what people are using for network configuration manangement systems. I'm guessing most places have something built in-house, but before starting down that road I figured it would be a good idea to see if people have any off-the-shelf systems they like.
Solarwinds NCM is what we use. It's multivendor and even handles
menu-driven configurations and can easily be used to run commands on devices such as Linux servers for iptables firewall rules. It can perform inventory management and do things like search for MAC addresses on your network. Moreover, it can do policy reporting to ensure that your devices meet your configuration standards, both custom-made and for regulatory compliance like HIPAA/SOX/PCI/etc.
We used to use RANCID, which worked great, but we outgrew it when we
needed something to backup multiple vendors and didn't have the resources to modify the code to do what we needed.
As other posters mentioned, their sales force is unrelentless, even after
you purchase. It took a lot of complaining to finally get off whatever internal sales list we were on. Cost is also a concern, as it increases with the more devices you need to manage, plus there's a yearly maintenance fee. That said, I feel the cost is somewhat justified, as they have a pretty good development team that is quite active on their support forums and they listen to customer feedback for features.
-evt
To those of you using Solarwinds: what about scalability? How many devices do you presently support with this solution, and under which hardware or VM and storage configuration, if you don't mind sharing that?
Stefan
You will grow tired of their sales people long before you approach a brick wall of scalability.
From my Android phone on T-Mobile. The first nationwide 4G network.
-------- Original message -------- From: Stefan <netfortius@gmail.com> Date: 03/13/2013 7:53 AM (GMT-08:00) To: Eric Van Tol <eric@atlantech.net> Cc: nanog@nanog.org Subject: RE: Network Configuration Management On Mar 13, 2013 9:31 AM, "Eric Van Tol" <eric@atlantech.net> wrote:
-----Original Message----- From: Chip Marshall [mailto:chip@2bithacker.net] Sent: Tuesday, March 12, 2013 1:58 PM To: nanog@nanog.org Subject: Network Configuration Management
Just curious what people are using for network configuration manangement systems. I'm guessing most places have something built in-house, but before starting down that road I figured it would be a good idea to see if people have any off-the-shelf systems they like.
Solarwinds NCM is what we use. It's multivendor and even handles
menu-driven configurations and can easily be used to run commands on devices such as Linux servers for iptables firewall rules. It can perform inventory management and do things like search for MAC addresses on your network. Moreover, it can do policy reporting to ensure that your devices meet your configuration standards, both custom-made and for regulatory compliance like HIPAA/SOX/PCI/etc.
We used to use RANCID, which worked great, but we outgrew it when we
needed something to backup multiple vendors and didn't have the resources to modify the code to do what we needed.
As other posters mentioned, their sales force is unrelentless, even after
you purchase. It took a lot of complaining to finally get off whatever internal sales list we were on. Cost is also a concern, as it increases with the more devices you need to manage, plus there's a yearly maintenance fee. That said, I feel the cost is somewhat justified, as they have a pretty good development team that is quite active on their support forums and they listen to customer feedback for features.
-evt
To those of you using Solarwinds: what about scalability? How many devices do you presently support with this solution, and under which hardware or VM and storage configuration, if you don't mind sharing that? Stefan
participants (11)
-
Charles Mills
-
chip
-
Chip Marshall
-
Eric Van Tol
-
Jeffrey Negro
-
Job Snijders
-
Joe Abley
-
Michal Loncek
-
Petter Bruland
-
Stefan
-
Warren Bailey