Re: Managing CE eBGP details & common/accepted CE-facing BGP practices

[Danny Thomas <d.thomas () its uq edu au>]

Suresh Ramasubramanian wrote:
> On Sun, Dec 21, 2008 at 8:31 AM, Justin Shore <justin () justinshore com> wrote:
>
>   
> > I should have said it earlier when I mentioned config backups.  I'm already
> > a heavy user of RANCID, archiving my configs hourly.  Been using it since
> > right around v2.0-2.1 which would be several years ago (feels like a
> > lifetime).  So my config backups are more than taken care of. What I'm
> > interested in is if I should also document the PE-CE BGP config details
> > elsewhere or if I should just leave them in the PE and let my backups cover
> > me.
> >     
>
> Sounds like a job for svn with a web based frontend to track configs.
>   

we've been using rancid for years and the configs are used by many scripts
 * rancid modified to no longer remove the lines at the top of "sh run"
    to identify times config and NVRAM last updated and send email
    if the NVRAM is substantially older than running config
 * ip-helpers are compared against our dhcp config
 * subnets, routers, vlans, gateway and hsrp addresses are compared
    against our  database of network information
 * the configs are analysed by a script to identify items not matching
    our config standard; ideally configs would be generated from templates
    but I'm not in a position to make that happen
 * routed address-space is compared against reverse dns
 * when we had border bogon filtering, those ACLs and null-routes
    were compared against a freshly-downloaded aggregated bogon list

one of the problems with rancid is that the code makes it hard to do
other things, e.g. compare the active and standby configs in our 6500s

I'd also like to add a feature that recognizes the significant blocks in 
a config
and store in a database so you can do queries like "when was vlan777 
modified"

Danny