Intelligent Automation of network tasks
In my opinion, every network with more than a dozen or so routers needs an automated method to distribute massive configuration changes. There is a lot of fear that something will break during updates, but with some intelligence, that risk can be minimized. Related to this, here is how I distribute Bogons, cognizant of the fact that the system has to be smart enough not to break anything in the event a telnet session breaks. So, here is what I send to my routers.. No ip prefix-list bogons ip prefix-list bogon seq 1 permit 0.0.0.0/0 Ip prefix-list bogon deny 0.0.0.0/7 le 32 Ip prefix-list bogon deny 2.0.0.0/8 le 32 <snip> Ip prefix-list bogon deny 197.0.0.0/8 le 32 Ip prefix-list bogon deny 223.0.0.0/8 le 32 ip prefix-list bogon permit 0.0.0.0/0 le 27 No ip prefix-list bogon seq 1 permit 0.0.0.0/0 Worst case scenario, I break my bogon filters... and that happens very very rarely. The same logic can be applied to access-list using named access lists. Hopefully that will help someone. -ejay
On Tue, Dec 07, 2004 at 12:39:25PM -0600, Ejay Hire wrote:
In my opinion, every network with more than a dozen or so routers needs an automated method to distribute massive configuration changes. There is a lot of fear that something will break during updates, but with some intelligence, that risk can be minimized.
juniper and cisco both support taking machine generated configurations generated by a non-router device (eg: unix host). http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guid... it's not just in 12.3T, it's also in 12.2S.. on your juniper, try something like "config, load override" - jared -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
On Cisco it is (generation of config update) veryu complicated (in general case) task. But we always automated every day config changes (acccess lists, as path lists, route maps, interfaces except some special cases, and so on). perl + 'expect+ 'conf net' was key elements. ----- Original Message ----- From: "Jared Mauch" <jared@puck.nether.net> To: "Ejay Hire" <ejay.hire@isdn.net> Cc: <nanog@merit.edu> Sent: Tuesday, December 07, 2004 10:53 AM Subject: Re: Intelligent Automation of network tasks
On Tue, Dec 07, 2004 at 12:39:25PM -0600, Ejay Hire wrote:
In my opinion, every network with more than a dozen or so routers needs an automated method to distribute massive configuration changes. There is a lot of fear that something will break during updates, but with some intelligence, that risk can be minimized.
juniper and cisco both support taking machine generated configurations generated by a non-router device (eg: unix host).
http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guid...
it's not just in 12.3T, it's also in 12.2S..
on your juniper, try something like "config, load override"
- jared
-- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only
mine.
"Ejay Hire" <ejay.hire@isdn.net> wrote:
In my opinion, every network with more than a dozen or so routers needs an automated method to distribute massive configuration changes. There is a lot of fear that something will break during updates, but with some intelligence, that risk can be minimized.
CCR (well, not Creedence Clearwater Revival, but Alexei Roudnev's cisco config repository) at http://snmpstat.sourceforge.net should be quite useful for this.
participants (4)
-
Alexei Roudnev
-
Ejay Hire
-
Jared Mauch
-
sureshï¼ outblaze.com