[169471] in North American Network Operators' Group
Re: Managing IOS Configuration Snippets
daemon@ATHENA.MIT.EDU (Keegan Holley)
Thu Feb 27 20:39:21 2014
From: Keegan Holley <no.spam@comcast.net>
In-Reply-To: <CAGWL9Q3jm-xwUAEHVzurQrAypa0N0rXe5SRU2C=dqT-9g15Hsw@mail.gmail.com>
Date: Thu, 27 Feb 2014 20:38:42 -0500
To: Ryan Shea <ryanshea@google.com>
Cc: nanog list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Putting aside the fact that snippets aren=92t a good way to =
conceptualize deployed router code, my gut still tells me to question =
the question here. The first is does this stuff change often enough to =
warrant a fancy versioning solution? I have yet to see NTP deployed in =
a different way than when I first learned to configure it. Next, when =
it does change how often is it not rolled out to every router. If NTP =
or CPP or SNMP or some other administrative option were configured =
differently across my network I would want to audit it and fix not =
version control. What if some of the configs don=92t match the defined =
versions? It may be better to create standard templates and version =
them in SVN or GIT and then use config backups to track which devices =
have the standard configs. There are some for pay tools that can search =
for certain statements on various boxes and either alert or remediate =
when differences are found.=20
On Feb 26, 2014, at 4:22 PM, Ryan Shea <ryanshea@google.com> wrote:
> Howdy network operator cognoscenti,
>=20
> I'd love to hear your creative and workable solutions for a way to =
track
> in-line the configuration revisions you have on your cisco-like =
devices.
> Let me clearify/frame:
>=20
> You have a set of tested/approved configurations for your routers =
which use
> IOS style configuration. These configurations of course are always =
refined
> and updated. You break these pieces of configuration into logical =
sections,
> for example a configuration file for NTP configuration, a file for =
control
> plane filter and store these in some revision control system. Put =
aside for
> the moment whether this is a reasonable way to comprehend deployed
> configurations. What methods do some of you use to know which version =
of a
> configuration you have deployed to a given router for auditing and =
update
> purposes? Remarks are a convenient way to do this for ACLs - but I =
don't
> have similar mechanics for top level configurations. About a decade =
ago I
> thought I'd be super clever and encode versioning information into the =
snmp
> location - but that is just awful and there is a much better way =
everyone
> is using, right? Flexible commenting on other vendors/platforms make =
this a
> bit easier.
>=20
> Assume that this version encoding perfectly captures what is on the =
router
> and that no person is monkeying with the config... version 77 of the
> control plane filter is the same everywhere.
