Intelligent Automation of network tasks

Ejay_Hire1 · December 7, 2004, 6:39pm

In my opinion, every network with more than a dozen or so routers needs
an automated method to distribute massive configuration changes. There
is a lot of fear that something will break during updates, but with some
intelligence, that risk can be minimized.

Related to this, here is how I distribute Bogons, cognizant of the fact
that the system has to be smart enough not to break anything in the
event a telnet session breaks.

So, here is what I send to my routers..

No ip prefix-list bogons
ip prefix-list bogon seq 1 permit 0.0.0.0/0
Ip prefix-list bogon deny 0.0.0.0/7 le 32
Ip prefix-list bogon deny 2.0.0.0/8 le 32
<snip>
Ip prefix-list bogon deny 197.0.0.0/8 le 32
Ip prefix-list bogon deny 223.0.0.0/8 le 32
ip prefix-list bogon permit 0.0.0.0/0 le 27
No ip prefix-list bogon seq 1 permit 0.0.0.0/0

Worst case scenario, I break my bogon filters... and that happens very
very rarely. The same logic can be applied to access-list using named
access lists.

Hopefully that will help someone.

-ejay

Jared_Mauch · December 7, 2004, 6:53pm

juniper and cisco both support taking machine generated
configurations generated by a non-router device (eg: unix host).

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00801d1dc2.html

it's not just in 12.3T, it's also in 12.2S..

on your juniper, try something like "config, load override"

- jared

Alexei_Roudnev · December 7, 2004, 7:37pm

On Cisco it is (generation of config update) veryu complicated (in general
case) task. But we always automated every day config changes (acccess lists,
as path lists, route maps, interfaces except some special cases, and so on).

perl + 'expect+ 'conf net' was key elements.

Suresh_Ramasubraman1 · December 7, 2004, 7:54pm

CCR (well, not Creedence Clearwater Revival, but Alexei Roudnev's cisco config
repository) at http://snmpstat.sourceforge.net should be quite useful for this.