Managing IOS Configuration Snippets

Christopher Morrow morrowc.lists at gmail.com
Thu Feb 27 01:57:15 UTC 2014


On Wed, Feb 26, 2014 at 6:27 PM, Ryan Shea <ryanshea at google.com> wrote:
> Robert - all great suggestions. Big cross-vendor configuration generation
> and deployment is outside the scope of what I was hoping for here. The goal
> is to have the version information somehow encoded into the configuration,
> and I'm not sure that NETCONF has anything to say about that matter.
> Certainly the same problem of which-versions-are-where exists in the
> puppet/chef world and there are platform specific ways to answer those

puppet solves this by comparing a complete md5(file) with deployed
md5(file)... not as simple to do that on:
  access-list 150 permit icmp any any
  access-list 150 permit tcp any eq 80 any
  access-list 150 deny ip any any

it'd be super nice if you could grab out just the hermetic bit of
config you care about, and md5sum() that, eh? provided your stored
config was written out in the IOS version (specific?) spacing/etc
manner, of course.

> questions. Deep analysis of the router configuration itself can give pretty
> strong hints about which version are deployed, but lets assume full config
> digestion and comparison is out of the question. From some off-list
> responses I am hearing that some folks do similar kludges with other text
> fields, wether they be remark/banner/snmp-foo/interface descriptions.

this makes me sad... but go 'state of the art network equipment!'

is it time to start asking vendors for more operable configuration
storage and access?




More information about the NANOG mailing list