Nipper and Cisco configuration results

• Previous message (by thread): Nipper and Cisco configuration results
• Next message (by thread): Nipper and Cisco configuration results
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> The problem I have with both RAT and Nipper is they're geared towards
> security and I'm more interested in verifying that the routers are
> configured correctly.  What kind of tools are people using for that?
> For an example of the type of thing I'm interested in, see
> filter_audit in the presentation at
> http://www.nanog.org/mtg-0210/abley.html

Homebrew: pull configs on a regular basis. Decompose monolithic
configs into a file tree of "configlets."
Diff configlet tree against peer and template devices. "Invert" device
specific configlet tree into element specific tree. This helps diffs
stand out for config elements that should be consistent.

Put it all into a git repository for revision control. Run git-web for
the user interface.

Catches most of the obvious stuff, and gives a nice history of
changes. The configlet tree also gets used for "grep | xarg" style
pipelines for automation scripts.

Would like to improve the diff process to mask out common information
(ip address, hsrp priority etc.) This would help reduce the amount of
diff noise for interfaces.

We looked at free (RANCID, Ziptie) and expen$ive (Opsware) but none of
them really did what we wanted.

Tim:>

• Previous message (by thread): Nipper and Cisco configuration results
• Next message (by thread): Nipper and Cisco configuration results
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]