[eng/rtg] changing loopbacks
Jake Khuon
khuon at NEEBU.Net
Thu Sep 29 21:32:24 UTC 2005
### On Thu, 29 Sep 2005 13:25:48 -0700, Bruce Pinsky <bep at whack.org>
### casually decided to expound upon Randy Bush <randy at psg.com> the
### following thoughts about "Re: [eng/rtg] changing loopbacks":
BP> > what [else] am i missing?
BP>
BP> In addition to what others have said, I'd ask:
BP>
BP> - - Any ACL's anywhere that filter based on the old loopbacks?
BP> - - Any VTY access controls on the router based on the old loopbacks?
BP> - - Any external systems like authentication servers, management systems,
BP> etc, etc that need the old loopbacks and can't dynamically adapt?
BP> - - Any internal routing policies that reference the old loopbacks?
BP> - - Any DNS entries that need to be migrated (CNAME->A references)?
Also want to keep in mind things like tunnel endpoints (IPv6, VOIP,
multicast, VPN, etc). Barring any sort of advanced config management
package, grep and diff become your friends (some would say despite). As a
first pass, I'd snarf down all configs and do a grep for the loopbacks to
indtify which ones need attention. Then make your changes in each config
and do diffs to verify. Then I'd stage out deployment with stub and leaf
nodes going last to minimise churn in OSPF. If you've got iBGP going and
are using route-reflectors then do the top-most hierarchy first before the
lower clusters.
--
/*===================[ Jake Khuon <khuon at NEEBU.Net> ]======================+
| Packet Plumber, Network Engineers /| / [~ [~ |) | | --------------- |
| for Effective Bandwidth Utilisation / |/ [_ [_ |) |_| N E T W O R K S |
+=========================================================================*/
More information about the NANOG
mailing list