Managing IOS Configuration Snippets

Keegan Holley no.spam at
Fri Feb 28 01:38:42 UTC 2014

Putting aside the fact that snippets aren’t a good way to conceptualize deployed router code, my gut still tells me to question the question here.  The first is does this stuff change often enough to warrant a fancy versioning solution?  I have yet to see NTP deployed in a different way than when I first learned to configure it.  Next, when it does change how often is it not rolled out to every router.  If NTP or CPP or SNMP or some other administrative option were configured differently across my network I would want to audit it and fix not version control.  What if some of the configs don’t match the defined versions?  It may be better to create standard templates and version them in SVN or GIT and then use config backups to track which devices have the standard configs.  There are some for pay tools that can search for certain statements on various boxes and either alert or remediate when differences are found. 

On Feb 26, 2014, at 4:22 PM, Ryan Shea <ryanshea at> wrote:

> Howdy network operator cognoscenti,
> I'd love to hear your creative and workable solutions for a way to track
> in-line the configuration revisions you have on your cisco-like devices.
> Let me clearify/frame:
> You have a set of tested/approved configurations for your routers which use
> IOS style configuration. These configurations of course are always refined
> and updated. You break these pieces of configuration into logical sections,
> for example a configuration file for NTP configuration, a file for control
> plane filter and store these in some revision control system. Put aside for
> the moment whether this is a reasonable way to comprehend deployed
> configurations. What methods do some of you use to know which version of a
> configuration you have deployed to a given router for auditing and update
> purposes? Remarks are a convenient way to do this for ACLs - but I don't
> have similar mechanics for top level configurations. About a decade ago I
> thought I'd be super clever and encode versioning information into the snmp
> location - but that is just awful and there is a much better way everyone
> is using, right? Flexible commenting on other vendors/platforms make this a
> bit easier.
> Assume that this version encoding perfectly captures what is on the router
> and that no person is monkeying with the config... version 77 of the
> control plane filter is the same everywhere.

More information about the NANOG mailing list