Cisco config generator

• Previous message (by thread): Cisco config generator
• Next message (by thread): Cisco config generator
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Alan Hannan writes...

> > If, for example, one user is set up with a variety of access services,
> > and I disable or delete that user, then it should be removed from all
> > places where it is configured without me having to know.
> 
>   This is a slightly different specification; you are talking about
>   deploying distributed security permissions.  This could be a subfunction
>   of the configuration system.

Among other things, yes.  But I don't see it as exactly a subfunction.
I see it as one complete system.


> > Yes, I do combine my network operations and server operations together
> > and I want a package that allows me to fully integrate it all together
> > without having to have separate packages.
> 
>   You will be hard pressed to find a ready-made off the shelf package
>   to do what you want.

I figured so, but I should check anyway.


>   <rambling opinion>
> 
>   Today's internet technology is complex.  Harder than rocket science,
>   but it appears easier because we make up with BS that which is lost
>   by not understanding the formulas or having granular flow statistics.
> 
>   The sum complexity of a network configuration system is a function of 
>   the router/switch interpreter, the routing policy, the routing protocols, 
>   and the databases with which one works.
> 
>   Since implementing this complexity requires adhering to standards 
>   or understanding your own policies and protocols (which few
>   really do), it's difficult to make generic solutions work for 
>   networks of a given complexity.
> 
>   We worked hard with one router vendor to create such a system, but
>   the exponential amount of work put in resulted in only a few useful
>   widgetish interfaces.  They just didn't get it.
> 
>   This is because they don't live and breathe it; they code; they write 
>   MIBs; they don't fantasize about pull/push/check/click *presto* it's
>   configged.  They live in their world, and rarely is the vendor's world 
>   the practical world of the network engineer/operator.

You've hit the nail on the head.  That probably explains why lots of the
software on the market is lacking in being a complete solution.


>   A smart guy who sends out reports that embarrass people once pointed
>   out to me: the largest internet networks all have radically different
>   designs, and yet they all work remarkably well.
> 
>   So, until someone with enough savvy, experience, and coding skills
>   attempts this task, I think it will stay proprietary and internally
>   developed by, and for, each network.

Probably will.


>   A middleware interpretation layer (ie. sendmail's configuration
>   file) is needed before this generic configuration system can
>   be (fairly) easily implemented.

Among other things.


>   Tools exist (whose names escape me, but I'm sure bmanning
>   or vixie will point them out) that profess to interpret 
>   radb configs into cisco and ascend configs, but they (in my/our
>   limited experience and exploration) fail to capture the IGP
>   variables or the various L2/L3 platform requirements.

Lots of tools exist, but do they work to gether and cover everything?
I tend to doubt it.  And will the database even include it all?


> > It wouldn't be that big for a software development business that is
> > banking on selling it to a lot of providers.  
> 
>   Yes it would; read _The Mythical Man-Month_ by Brooks, pub. Addison-Wesley.

I was incomplete in what I was saying.  You are right for the real case.
What I meant to refer to was what would be the case if things were done
right.


> > But is there even a market for this?
> 
>   There certainly is; but the cost of customization may exceed the
>   demand.

Customization in terms of the variety of platforms?  Or the variety of
policies?


> > One thing I note about Netsation's product is that they promote it as
> > a tool to deal with "cryptic IOS commands".  IOS is _NOT_ cryptic.
> 
>   I think one could say that Netstation or Netsys are good tools 
>   for people who think IOS is cryptic.  (don't flame me, dear vendors,
>   your tool can help mitigate detailed analysis, or help find 
>   idiot mistakes [which we all make]; however, last time I looked
>   they didn't support IS-IS and choked when we tried to enter a smidgen
>   of our routers into the network).

Imagine how you will feel when you see a copy of "Cisco Routers for Dummies"
show up in the bookstore.


> > Where such a product is useful is managing the huge complexity of a
> > large network, and in the case of what I am looking for, all of the
> > other services as well.
> 
>   For this, I think
>                  you
>               should
> 	         write
> 	       your
> 	         own
> 	       or
> 	         hire or
> 		  fund
> 		someone.

It might happen.

-- 
Phil Howard | no9way87 at dumbads6.org ads1suck at s5p9a4m7.com a3b2c7d8 at spam0mer.net
  phil      | stop2991 at lame6ads.edu eat5this at nowhere6.org stop0it3 at s6p4a3m6.net
    at      | suck3it9 at anyplace.net a0b0c2d3 at no7place.com stop8it9 at s2p6a5m6.org
  milepost  | no8way47 at spam7mer.net no9spam6 at no4place.net eat11me0 at spam4mer.net
    dot     | stop9it9 at spammer8.net suck6it4 at s8p8a3m7.net eat95me3 at no9place.org
  com       | stop8it7 at lame6ads.org stop7ads at dumbads8.com eat50me9 at s7p4a6m4.com

• Previous message (by thread): Cisco config generator
• Next message (by thread): Cisco config generator
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]