Automate router configs

Is anybody automating router/switch configs in any manner other then telnet scripts or Ciscoworks? I am just trying to get some ideas.



lexicon/netclarity - - young, only cisco
ios/catos devices right now, easy to tailor to your change management
process, working on policy compliance auditing

truecontrol - - no juniper support yet, less
flexible change process flow, can/will act as central access point for
device access (will proxy ssh/telnet/etc based upon your login
credentials), decent config/policy compliance auditing and reporting

formulator - - more mature than truecontrol, more
devices supported (including some servers), robust compliance
auditing/reporting features

and last, but not least, rancid - - support
for lots of devices (and easy to add more with a little expect
knowledge), easily extended (perl, expect, awk, shell, etc), FREE - for
more on what you can do see:

i am using/have used rancid, and am evaluating the others



are you talking about access routers or backbone/core/peering routers?

- for core/backbone routers, use rancid ( whatever
your automation scheme, it might not be your primary tool, but it will
save you one day

Something that doesn't get mentioned on NANOG very much is
automating/managing lots and lots of access customers -- ie
DSL/T1/Frame etc.. If that interests you, then maybe something I used
circa 1999 but I haven't really heard being used recently (but
probably is) might give you some ideas (an interview question
yesterday reminded me):

- we had a Redback SMS 1000 that we could preconfigure ATM PVCs/Frame
DLCIs/DS3 Channels for T1s on with all the Layer 2 stuff

- all the Layer 3 stuff like routed networks, interface IP addresses,
IP filters etc. could be assigned out of radius. I believe Redback had
plans to introduce a cable "blade" for their SMS boxes

- we took DSL/T1 orders entered into a web front end and had IP/PVC
etc. configs stored in an SQL database and updated radius within a few
minutes (Covad had (has?) a very nice XML-RPC backend that let us
assign the PVCs to our customers etc.. MCI/Worldcom also allowed us to
assign channels on a DS3, so our software did that and sent them email
with the order)

- the Redback had an excellent feature by which, upon receipt of a
packet on a hitherto "unbound" PVC (a few weeks after we were setup
the DSL/Frame layer-2 circuit would be installed), it would
read the config from radius and "bind" the PVC

- when a customer cancelled or didn't pay their bill, a script,
triggered by certain fields that support/billing-folks could set in
the web-frontend, would log into the Redback and "unbind" the circuit

Since most frequent "updates" and config changes happened to access
routers, this minimized the amount of mundane work a router-monkey had
to do.

I only hope that all ISPs selling such services are doing things in a
nice, automated way.

FWIW, my ISP was swallowed by a cable provider who was well subsidized
by Cisco. And the rest, you can probably guess.

amazed by how little has changed in the ISP world since 2000,

Aditya writes on 3/12/2004 9:41 AM: