Managing IOS Configuration Snippets

Ryan Shea ryanshea at google.com
Thu Feb 27 12:45:47 UTC 2014


To clarify a bit, systems to grab or store the running config or keep track
of intent. Let's assume that comparing the deployed configuration of an
individual device to intent derived from a bunch of configuration bits from
an RCS system is *hard*.

For example, let's say you have a vty configuration which has a couple
sections, line vty 0 2 and line vty 3 5. Someone updates this configuration
in your RCS which removes the access-class from line vty 0 2 and adds it to
the access-class for line vty 3 5. Let's also assume that you have *lots*
of devices and *lots* of configurations and you cannot reasonably
egrep/regexp your way to success here.

I thank you all for your responses. I was hoping that someone trick I was
not seeing and would say "oh, you just need to do..."


On Thu, Feb 27, 2014 at 6:52 AM, Andrew Latham <lathama at gmail.com> wrote:

> For a large install I set up a solution that might help. I utilized a
> Mediawiki install and its API to create, update and pull the
> configuration on many IOS devices. A wiki page for the host name was
> dynamically created and the configuration was placed there daily or
> hourly. This allowed support to review the configuration and advise
> customers quicker. Additional hacks for updating the devices via the
> wiki were used. The goal was transparency for the support team and the
> side effect was wiki page history showing what day and what lines
> changed.  As mentioned the answer to your question would likely make a
> good article.
>
> On Wed, Feb 26, 2014 at 3:22 PM, Ryan Shea <ryanshea at google.com> wrote:
> > Howdy network operator cognoscenti,
> >
> > I'd love to hear your creative and workable solutions for a way to track
> > in-line the configuration revisions you have on your cisco-like devices.
> > Let me clearify/frame:
> >
> > You have a set of tested/approved configurations for your routers which
> use
> > IOS style configuration. These configurations of course are always
> refined
> > and updated. You break these pieces of configuration into logical
> sections,
> > for example a configuration file for NTP configuration, a file for
> control
> > plane filter and store these in some revision control system. Put aside
> for
> > the moment whether this is a reasonable way to comprehend deployed
> > configurations. What methods do some of you use to know which version of
> a
> > configuration you have deployed to a given router for auditing and update
> > purposes? Remarks are a convenient way to do this for ACLs - but I don't
> > have similar mechanics for top level configurations. About a decade ago I
> > thought I'd be super clever and encode versioning information into the
> snmp
> > location - but that is just awful and there is a much better way everyone
> > is using, right? Flexible commenting on other vendors/platforms make
> this a
> > bit easier.
> >
> > Assume that this version encoding perfectly captures what is on the
> router
> > and that no person is monkeying with the config... version 77 of the
> > control plane filter is the same everywhere.
>
>
>
> --
> ~ Andrew "lathama" Latham lathama at gmail.com http://lathama.net ~
>


More information about the NANOG mailing list