looking glass
Pete Kruckenberg
pete at kruckenberg.com
Thu Jul 18 19:54:34 UTC 2002
We have heavily modified a version of the MRLG
( ftp://ftp.enterzone.net/looking-glass/ ) to provide
controlled router access to a specific (mostly internal)
audience.
We have found that allowing people who normally have no
router access, to have read-only access to some normally
enable-only commands through a Web interface has been
invaluable in delegating diagnostics and "peer review".
The major benefit of a Web-based interface is that we can
control the commands, input parameters, output display, and
usability much better than with a command line interface.
For example, we allow "show config", but we cover up any
security-sensitive information (passwords, SNMP strings,
TACACS keys, server IP addresses, etc) in the command
output. The control is very flexible, allowing certain users
to see only certain things, or be able to execute commands
that other users can't, for example. We can embed HTML links
in the output to related resources (Web-based help, graphs,
related commands, etc). Everything is encrypted via SSH/SSL,
and can be tracked for audit and security purposes.
To see something similar to what we have done (and where we
got the idea from), see the Internet2 Abilene Core Node
Router Proxy at http://loadrunner.uits.iu.edu/%7Erouterproxy/abilene/
Source code for the I2 Proxy is available from
http://tseg.uits.indiana.edu/dist
Pete.
On Thu, 18 Jul 2002, Scott Granados wrote:
> Date: Thu, 18 Jul 2002 12:00:38 -0700 (PDT)
> From: Scott Granados <scott at graphidelix.net>
> To: nanog at merit.edu
> Subject: looking glass
>
>
> What are people using for looking glass software. Is it just some simple
> perl code which grabs data from the router or is it more complex than
> that?
>
> Thanks
>
> Scott
>
>
More information about the NANOG
mailing list