Managing IOS Configuration Snippets

Saku Ytti saku at
Thu Feb 27 17:01:01 UTC 2014

On (2014-02-27 09:50 -0500), Ryan Shea wrote:

> Regarding the MD5 approach, let's also think that configlets could have
> "no" commands in them. In the NTP example I had before, if we wanted to

For DB => Template => Network it's to me very easy, but yes, each template you
make must have anti-template version.
So let's say you have NTP model, which may contain some access restriction
information, NTP version, NTP peers. When you apply this model to device, then
some platform specific ntp template is called. If you remove this from device,
you need to call 'anti' version of the template. Very simple and easy.

You also wondered how do I know which version of config network device has,
this is hard problem. To know exactly what is wrong and how to address just
that. If you can relax requirement to know if configuration is correct or
incorrect it becomes trivial.
But fixing incorrect is either full reprovision of new config (at least in IOS
and JunOS not a problem, won't break the unchanged bits). Or you have human
resolve it (of course as custom dictates first you punish the responsible
severely but swiftly)


More information about the NANOG mailing list