Managing IOS Configuration Snippets

Robert Drake rdrake at direcpath.com
Wed Feb 26 22:59:47 UTC 2014


On 2/26/2014 5:37 PM, Robert Drake wrote:
>
> Most people roll their own solution.  If you're looking to do that 
> consider using augeas for parsing the configuration files.  It can be 
> really useful for documenting changes, and probably to diff parts of 
> the config.  You might also consider rabbitmq or another message queue 
> to handle scheduling and deploying the changes.  It can retry failed 
> updates.  You should work towards all or nothing commits (not all 
> cisco gear supports this, but you can fake it in a couple of ways.  
> Ultimately you want to rollback to a known good configuration if 
> things go wrong) 

I should amend that even though I recommend all this I haven't used any 
of it for networking.  I guess those are more shiny ball ideas than 
actual things I've used.  We have perl scripts that wrap an in-house API 
to access our IPAM which generates initial configuration.  The template 
files are a mix of m4 and Template::Toolkit.

We use basically one-off perl scripts for auditing sections of the 
configs to find discrepancies.  We use rancid to collect configs. We 
just started using netdot which is nice for topology discovery. TACACS 
and DHCP logs are parsed and stored in logstash.  All of those tools 
provide the who, what, where and when but not the why. The why would 
require a bit more custom stuff and forcing people to use a frontend 
interface instead of directly touching the routers. We aren't ready for 
that yet.



More information about the NANOG mailing list