nanog mailing list archives
Re: What's wrong with provisioning tools?
From: "Streiner, Justin" <streiner () stargate net>
Date: Thu, 13 Jun 2002 11:49:23 -0400 (EDT)
On Wed, 12 Jun 2002, Stephen Griffin wrote:
In the referenced message, David Daley said: <snip>4) There isn't anything to track non sanctioned changes to the network (i.e.: hacker induced re-configurations)I would be really surprised if anything other than mom-and-pop shops didn't have _at least_ this. rtrmon or rancid can do great config archiving and provide difference output.
I didn't find anything that really suited my needs at the time (late 2000/early 2001), so I ended up writing my own archiver. From time to time I've thought about adding it to the COSI-NMS project on Sourceforge, but never gotten around to it. I've also other similar tools outside of Sourceforce, such as Pancho (http://pancho.lunarmedia.net/). I wrote the code behind mine to be fairly modular, so that adding a module to back up a config from a new device is pretty easy. It currently backs up these devices using either SNMP or Expect scripts for devices that require it: Cisco IOS <12.0 Cisco IOS >=12.0 Cisco CatOS Cisco 5000 VPN concentrators (the Compatible Systems ones, not Altiga) Cisco LocalDirectors Lucent TAOS (Max TNTs) Alteon WebOS (ACEdirectors) Redback AOS Nortel BayRS (Bay Networks nee Wellfleet) <-config is binary other odds and ends as they come up, like Netopia routers, etc. I haven't written anything to back up Junipers yet because I don't have any to test against. Aside from the Nortel routers, I support versioning on everything else. Keep in mind this is only one piece of the puzzle - backing up what's already out there. I intentionally left out the functionality to allow a config to be uploaded to one of the devices above for reasons already specified in this thread - it's just too dangerous. You can melt down a whole network really quickly if you're not careful. jms
Current thread:
- What's wrong with provisioning tools? David Daley (Jun 12)
- Re: What's wrong with provisioning tools? Bill Woodcock (Jun 12)
- Re: What's wrong with provisioning tools? Mathew Lodge (Jun 12)
- Re: What's wrong with provisioning tools? Stephen Griffin (Jun 12)
- Re: What's wrong with provisioning tools? jeffrey arnold (Jun 12)
- Re: What's wrong with provisioning tools? Jake Khuon (Jun 13)
- Re: What's wrong with provisioning tools? Streiner, Justin (Jun 13)
- Re: What's wrong with provisioning tools? jeffrey arnold (Jun 12)
- <Possible follow-ups>
- Re: What's wrong with provisioning tools? Scott Weeks (Jun 12)
- RE: What's wrong with provisioning tools? Daniska Tomas (Jun 13)
- RE: What's wrong with provisioning tools? Daniska Tomas (Jun 13)
- RE: What's wrong with provisioning tools? James Smith (Jun 13)
- RE: What's wrong with provisioning tools? Stephen J. Wilcox (Jun 13)