Cisco config generator
Phil Howard
phil at charon.milepost.com
Sat Nov 29 02:11:39 UTC 1997
Alan Hannan writes...
> > If, for example, one user is set up with a variety of access services,
> > and I disable or delete that user, then it should be removed from all
> > places where it is configured without me having to know.
>
> This is a slightly different specification; you are talking about
> deploying distributed security permissions. This could be a subfunction
> of the configuration system.
Among other things, yes. But I don't see it as exactly a subfunction.
I see it as one complete system.
> > Yes, I do combine my network operations and server operations together
> > and I want a package that allows me to fully integrate it all together
> > without having to have separate packages.
>
> You will be hard pressed to find a ready-made off the shelf package
> to do what you want.
I figured so, but I should check anyway.
> <rambling opinion>
>
> Today's internet technology is complex. Harder than rocket science,
> but it appears easier because we make up with BS that which is lost
> by not understanding the formulas or having granular flow statistics.
>
> The sum complexity of a network configuration system is a function of
> the router/switch interpreter, the routing policy, the routing protocols,
> and the databases with which one works.
>
> Since implementing this complexity requires adhering to standards
> or understanding your own policies and protocols (which few
> really do), it's difficult to make generic solutions work for
> networks of a given complexity.
>
> We worked hard with one router vendor to create such a system, but
> the exponential amount of work put in resulted in only a few useful
> widgetish interfaces. They just didn't get it.
>
> This is because they don't live and breathe it; they code; they write
> MIBs; they don't fantasize about pull/push/check/click *presto* it's
> configged. They live in their world, and rarely is the vendor's world
> the practical world of the network engineer/operator.
You've hit the nail on the head. That probably explains why lots of the
software on the market is lacking in being a complete solution.
> A smart guy who sends out reports that embarrass people once pointed
> out to me: the largest internet networks all have radically different
> designs, and yet they all work remarkably well.
>
> So, until someone with enough savvy, experience, and coding skills
> attempts this task, I think it will stay proprietary and internally
> developed by, and for, each network.
Probably will.
> A middleware interpretation layer (ie. sendmail's configuration
> file) is needed before this generic configuration system can
> be (fairly) easily implemented.
Among other things.
> Tools exist (whose names escape me, but I'm sure bmanning
> or vixie will point them out) that profess to interpret
> radb configs into cisco and ascend configs, but they (in my/our
> limited experience and exploration) fail to capture the IGP
> variables or the various L2/L3 platform requirements.
Lots of tools exist, but do they work to gether and cover everything?
I tend to doubt it. And will the database even include it all?
> > It wouldn't be that big for a software development business that is
> > banking on selling it to a lot of providers.
>
> Yes it would; read _The Mythical Man-Month_ by Brooks, pub. Addison-Wesley.
I was incomplete in what I was saying. You are right for the real case.
What I meant to refer to was what would be the case if things were done
right.
> > But is there even a market for this?
>
> There certainly is; but the cost of customization may exceed the
> demand.
Customization in terms of the variety of platforms? Or the variety of
policies?
> > One thing I note about Netsation's product is that they promote it as
> > a tool to deal with "cryptic IOS commands". IOS is _NOT_ cryptic.
>
> I think one could say that Netstation or Netsys are good tools
> for people who think IOS is cryptic. (don't flame me, dear vendors,
> your tool can help mitigate detailed analysis, or help find
> idiot mistakes [which we all make]; however, last time I looked
> they didn't support IS-IS and choked when we tried to enter a smidgen
> of our routers into the network).
Imagine how you will feel when you see a copy of "Cisco Routers for Dummies"
show up in the bookstore.
> > Where such a product is useful is managing the huge complexity of a
> > large network, and in the case of what I am looking for, all of the
> > other services as well.
>
> For this, I think
> you
> should
> write
> your
> own
> or
> hire or
> fund
> someone.
It might happen.
--
Phil Howard | no9way87 at dumbads6.org ads1suck at s5p9a4m7.com a3b2c7d8 at spam0mer.net
phil | stop2991 at lame6ads.edu eat5this at nowhere6.org stop0it3 at s6p4a3m6.net
at | suck3it9 at anyplace.net a0b0c2d3 at no7place.com stop8it9 at s2p6a5m6.org
milepost | no8way47 at spam7mer.net no9spam6 at no4place.net eat11me0 at spam4mer.net
dot | stop9it9 at spammer8.net suck6it4 at s8p8a3m7.net eat95me3 at no9place.org
com | stop8it7 at lame6ads.org stop7ads at dumbads8.com eat50me9 at s7p4a6m4.com
More information about the NANOG
mailing list