Intelligent Automation of network tasks

In my opinion, every network with more than a dozen or so routers needs
an automated method to distribute massive configuration changes. There
is a lot of fear that something will break during updates, but with some
intelligence, that risk can be minimized.

Related to this, here is how I distribute Bogons, cognizant of the fact
that the system has to be smart enough not to break anything in the
event a telnet session breaks.

So, here is what I send to my routers..

No ip prefix-list bogons
ip prefix-list bogon seq 1 permit
Ip prefix-list bogon deny le 32
Ip prefix-list bogon deny le 32
Ip prefix-list bogon deny le 32
Ip prefix-list bogon deny le 32
ip prefix-list bogon permit le 27
No ip prefix-list bogon seq 1 permit

Worst case scenario, I break my bogon filters... and that happens very
very rarely. The same logic can be applied to access-list using named
access lists.

Hopefully that will help someone.


juniper and cisco both support taking machine generated
configurations generated by a non-router device (eg: unix host).

  it's not just in 12.3T, it's also in 12.2S..

  on your juniper, try something like "config, load override"

  - jared

On Cisco it is (generation of config update) veryu complicated (in general
case) task. But we always automated every day config changes (acccess lists,
as path lists, route maps, interfaces except some special cases, and so on).

perl + 'expect+ 'conf net' was key elements.

CCR (well, not Creedence Clearwater Revival, but Alexei Roudnev's cisco config
repository) at should be quite useful for this.