Is anybody automating router/switch configs in any manner other then telnet scripts or Ciscoworks? I am just trying to get some ideas.
Thanks
Jason
lexicon/netclarity - www.network-clarity.com - young, only cisco
ios/catos devices right now, easy to tailor to your change management
process, working on policy compliance auditing
truecontrol - www.renditionnetworks.com - no juniper support yet, less
flexible change process flow, can/will act as central access point for
device access (will proxy ssh/telnet/etc based upon your login
credentials), decent config/policy compliance auditing and reporting
capabilities
formulator - www.goldwiretech.com - more mature than truecontrol, more
devices supported (including some servers), robust compliance
auditing/reporting features
and last, but not least, rancid - www.shrubbery.net/rancid/ - support
for lots of devices (and easy to add more with a little expect
knowledge), easily extended (perl, expect, awk, shell, etc), FREE - for
more on what you can do see:
http://www.shrubbery.net/rancid/NANOG29/index.html
http://www.nanog.org/mtg-0210/abley.html
i am using/have used rancid, and am evaluating the others
hth
/joshua
are you talking about access routers or backbone/core/peering routers?
- for core/backbone routers, use rancid (www.shrubbery.net) whatever
your automation scheme, it might not be your primary tool, but it will
save you one day
Something that doesn't get mentioned on NANOG very much is
automating/managing lots and lots of access customers -- ie
DSL/T1/Frame etc.. If that interests you, then maybe something I used
circa 1999 but I haven't really heard being used recently (but
probably is) might give you some ideas (an interview question
yesterday reminded me):
- we had a Redback SMS 1000 that we could preconfigure ATM PVCs/Frame
DLCIs/DS3 Channels for T1s on with all the Layer 2 stuff
- all the Layer 3 stuff like routed networks, interface IP addresses,
IP filters etc. could be assigned out of radius. I believe Redback had
plans to introduce a cable "blade" for their SMS boxes
- we took DSL/T1 orders entered into a web front end and had IP/PVC
etc. configs stored in an SQL database and updated radius within a few
minutes (Covad had (has?) a very nice XML-RPC backend that let us
assign the PVCs to our customers etc.. MCI/Worldcom also allowed us to
assign channels on a DS3, so our software did that and sent them email
with the order)
- the Redback had an excellent feature by which, upon receipt of a
packet on a hitherto "unbound" PVC (a few weeks after we were setup
the DSL/Frame layer-2 circuit would be installed), it would
read the config from radius and "bind" the PVC
- when a customer cancelled or didn't pay their bill, a script,
triggered by certain fields that support/billing-folks could set in
the web-frontend, would log into the Redback and "unbind" the circuit
Since most frequent "updates" and config changes happened to access
routers, this minimized the amount of mundane work a router-monkey had
to do.
I only hope that all ISPs selling such services are doing things in a
nice, automated way.
FWIW, my ISP was swallowed by a cable provider who was well subsidized
by Cisco. And the rest, you can probably guess.
amazed by how little has changed in the ISP world since 2000,
Adi
Aditya writes on 3/12/2004 9:41 AM: