Network Configuration Management Practices

• Previous message (by thread): Network Configuration Management Practices
• Next message (by thread): Network Configuration Management Practices
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Sep 15, 2004 at 12:27:20AM -0700, Alexei Roudnev wrote:
> 
> One more thing. We tried to review _proposed changes_ and _changed applied_.
> Practice showed, that it is impossible to see errors in proposed updates,
> even if 3 - 4 engineers review it (not design flaws, but syntac and
> semantics errors), so we did not got many use from pre-change reviews
> (except design ones). But we got extremely high profit from post-change
> reviews (verifying, what really changed on the router / firewall after
> maintanance window) - it allows to see some unwanted changes and avoid few
> possible service disruptions.
> 

	This doesn't seem to scale too well. When you have frequent changes
(i.e. many access devices) the diff load becomes unmanageably large.
	My ideal would be to have a network monitoring tool which compares the
actual network against a configured baseline. The presumption would be that
if the network matches what have been set forth as engineering rules, I don't
really care what the specific settings are.
	Currently we do something sort of halfway: archive the actual configs
and then run audit scripts against them, which parse the configs. Definitely
not ideal but it helps catch simpler errors. One of these days when I have
extra cycles.. (yeah, right)

	Austin

• Previous message (by thread): Network Configuration Management Practices
• Next message (by thread): Network Configuration Management Practices
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]