nanog mailing list archives
Re: Cisco config generator
From: Phil Howard <phil () charon milepost com>
Date: Fri, 28 Nov 1997 20:11:39 -0600 (CST)
Alan Hannan writes...
If, for example, one user is set up with a variety of access services, and I disable or delete that user, then it should be removed from all places where it is configured without me having to know.This is a slightly different specification; you are talking about deploying distributed security permissions. This could be a subfunction of the configuration system.
Among other things, yes. But I don't see it as exactly a subfunction. I see it as one complete system.
Yes, I do combine my network operations and server operations together and I want a package that allows me to fully integrate it all together without having to have separate packages.You will be hard pressed to find a ready-made off the shelf package to do what you want.
I figured so, but I should check anyway.
<rambling opinion> Today's internet technology is complex. Harder than rocket science, but it appears easier because we make up with BS that which is lost by not understanding the formulas or having granular flow statistics. The sum complexity of a network configuration system is a function of the router/switch interpreter, the routing policy, the routing protocols, and the databases with which one works. Since implementing this complexity requires adhering to standards or understanding your own policies and protocols (which few really do), it's difficult to make generic solutions work for networks of a given complexity. We worked hard with one router vendor to create such a system, but the exponential amount of work put in resulted in only a few useful widgetish interfaces. They just didn't get it. This is because they don't live and breathe it; they code; they write MIBs; they don't fantasize about pull/push/check/click *presto* it's configged. They live in their world, and rarely is the vendor's world the practical world of the network engineer/operator.
You've hit the nail on the head. That probably explains why lots of the software on the market is lacking in being a complete solution.
A smart guy who sends out reports that embarrass people once pointed out to me: the largest internet networks all have radically different designs, and yet they all work remarkably well. So, until someone with enough savvy, experience, and coding skills attempts this task, I think it will stay proprietary and internally developed by, and for, each network.
Probably will.
A middleware interpretation layer (ie. sendmail's configuration file) is needed before this generic configuration system can be (fairly) easily implemented.
Among other things.
Tools exist (whose names escape me, but I'm sure bmanning or vixie will point them out) that profess to interpret radb configs into cisco and ascend configs, but they (in my/our limited experience and exploration) fail to capture the IGP variables or the various L2/L3 platform requirements.
Lots of tools exist, but do they work to gether and cover everything? I tend to doubt it. And will the database even include it all?
It wouldn't be that big for a software development business that is banking on selling it to a lot of providers.Yes it would; read _The Mythical Man-Month_ by Brooks, pub. Addison-Wesley.
I was incomplete in what I was saying. You are right for the real case. What I meant to refer to was what would be the case if things were done right.
But is there even a market for this?There certainly is; but the cost of customization may exceed the demand.
Customization in terms of the variety of platforms? Or the variety of policies?
One thing I note about Netsation's product is that they promote it as a tool to deal with "cryptic IOS commands". IOS is _NOT_ cryptic.I think one could say that Netstation or Netsys are good tools for people who think IOS is cryptic. (don't flame me, dear vendors, your tool can help mitigate detailed analysis, or help find idiot mistakes [which we all make]; however, last time I looked they didn't support IS-IS and choked when we tried to enter a smidgen of our routers into the network).
Imagine how you will feel when you see a copy of "Cisco Routers for Dummies" show up in the bookstore.
Where such a product is useful is managing the huge complexity of a large network, and in the case of what I am looking for, all of the other services as well.For this, I think you should write your own or hire or fund someone.
It might happen. -- Phil Howard | no9way87 () dumbads6 org ads1suck () s5p9a4m7 com a3b2c7d8 () spam0mer net phil | stop2991 () lame6ads edu eat5this () nowhere6 org stop0it3 () s6p4a3m6 net at | suck3it9 () anyplace net a0b0c2d3 () no7place com stop8it9 () s2p6a5m6 org milepost | no8way47 () spam7mer net no9spam6 () no4place net eat11me0 () spam4mer net dot | stop9it9 () spammer8 net suck6it4 () s8p8a3m7 net eat95me3 () no9place org com | stop8it7 () lame6ads org stop7ads () dumbads8 com eat50me9 () s7p4a6m4 com
Current thread:
- Cisco config generator Dave Van Allen (Nov 28)
- Re: Cisco config generator Alex P. Rudnev (Nov 28)
- <Possible follow-ups>
- Re: Cisco config generator Martin Hannigan (Nov 28)
- RE: Cisco config generator QUINN, Paul (Nov 28)
- Re: Cisco config generator Phil Howard (Nov 28)
- Re: Cisco config generator Alan Hannan (Nov 28)
- Re: Cisco config generator Phil Howard (Nov 28)
- Re: Cisco config generator Phil Howard (Nov 28)