Re: Network Configuration Management Practices

["Alexei Roudnev" <alex () relcom net>]

I posted our software (doing this) onto http://snmpstat.sf.net (named as
CCR - Cisco Configuration Repository). It is 100% WEB configured and
supports IOS, CatOS, PIX and some old VPN devices (they all have different
commands to save config).



----- Original Message ----- 
From: "Joe Shen" <joe_hznm () yahoo com sg>
To: "Alexei Roudnev" <alex () relcom net>; "Scott Weeks"
<surfer () mauigateway com>; "Carl W.Kalbfleisch" <c.kalbfleisch () comcast net>
Cc: <nanog () merit edu>
Sent: Wednesday, September 15, 2004 1:59 AM
Subject: Re: Network Configuration Management Practices


> There has been some public available software for
> backing up Cisco router configuration.
>
> The backup is  not in CVS but in plain file.
>
> Joe
>
>
>  --- Alexei Roudnev <alex () relcom net> wrote:
> > Hmm, there are many approaches, starting with _what
> > is primary_ (in Moscow's
> > ISP files was primary, in enterprise here configs
> > are primary).
> >
> > In my case, I use some hard rules:
> > - no matter what is primary, configurations should
> > be stored into CVS or
> > simular system, and made available (for network
> > engineers) on the internal
> > web (with restricted access);
> > - system should collect all changes automatically
> > (or update configs from
> > files automatically), make diffs and send change
> > reports.
> > - In any case, I must be able to see real
> > configuration and see all changes,
> > applying for last few weeks, without telnetting to
> > the box.
> >
> > Without such things, I am blind ( I feel myself
> > blind, when I come to the
> > new network, and they have not such things in their
> > system, making changes
> > _on live servers_ and making 'telnet' to evaluate
> > configuration).
> >
> > Few tools (opensource and commercial) allows to
> > automate this job.
> >
> > One more thing. We tried to review _proposed
> > changes_ and _changed applied_.
> > Practice showed, that it is impossible to see errors
> > in proposed updates,
> > even if 3 - 4 engineers review it (not design flaws,
> > but syntac and
> > semantics errors), so we did not got many use from
> > pre-change reviews
> > (except design ones). But we got extremely high
> > profit from post-change
> > reviews (verifying, what really changed on the
> > router / firewall after
> > maintanance window) - it allows to see some unwanted
> > changes and avoid few
> > possible service disruptions.
> >
> >
> > ----- Original Message ----- 
> > From: "Scott Weeks" <surfer () mauigateway com>
> > To: "Carl W.Kalbfleisch" <c.kalbfleisch () comcast net>
> > Cc: <nanog () merit edu>
> > Sent: Tuesday, September 14, 2004 3:08 PM
> > Subject: Re: Network Configuration Management
> > Practices
> >
> >
> > > On Tue, 14 Sep 2004, Carl W.Kalbfleisch wrote:
> > >
> > > : I am doing some independent research on Network
> > Configuration
> > > : Management Practices. I am trying to get
> > information from service
> > > : providers and enterprises on how they handle
> > this function. I have the
> > > : following specific questions:
> > > :
> > > : 1) What configuration issues most affect the
> > performance and
> > > : reliability of your network?
> > >
> > >
> > > Fingers...  >;-)
> > >
> > > scott
>
> __________________________________________________
> Do You Yahoo!?
> Download the latest ringtones, games, and more!
> http://sg.mobile.yahoo.com