Intelligent Automation of network tasks

• Previous message (by thread): Trojaned versions of Makelovenotspam doing the rounds ...
• Next message (by thread): Intelligent Automation of network tasks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In my opinion, every network with more than a dozen or so routers needs
an automated method to distribute massive configuration changes.  There
is a lot of fear that something will break during updates, but with some
intelligence, that risk can be minimized.

Related to this, here is how I distribute Bogons, cognizant of the fact
that the system has to be smart enough not to break anything in the
event a telnet session breaks.

So, here is what I send to my routers.. 

No ip prefix-list bogons
ip prefix-list bogon seq 1 permit 0.0.0.0/0
Ip prefix-list bogon deny  0.0.0.0/7 le 32
Ip prefix-list bogon deny  2.0.0.0/8 le 32
<snip>
Ip prefix-list bogon deny 197.0.0.0/8 le 32
Ip prefix-list bogon deny 223.0.0.0/8 le 32
ip prefix-list bogon permit 0.0.0.0/0 le 27
No ip prefix-list bogon seq 1 permit 0.0.0.0/0

Worst case scenario, I break my bogon filters... and that happens very
very rarely.  The same logic can be applied to access-list using named
access lists.

Hopefully that will help someone.

-ejay

• Previous message (by thread): Trojaned versions of Makelovenotspam doing the rounds ...
• Next message (by thread): Intelligent Automation of network tasks
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]