Just curious what people are using for network configuration
manangement systems. I'm guessing most places have something
built in-house, but before starting down that road I figured it
would be a good idea to see if people have any off-the-shelf
systems they like.
Some features I'd like to have:
* Interface configs
* Firewall filter configs
* BGP session configs
* User management
* Support for multiple router and switch vendors (at least
Juniper and Cisco)
I've never found anything that hits all of my needs. The closest off the
shelf thing I've ever found is the Network Control System from Tail-F (
http://www.tail-f.com/network-control-system/). We're using a custom built
app that's been refined over the last decade and does a really nice job.
It uses a very similar model of configuration management as Tail-F does
but now quite the application. Just generating config isn't all that
difficult. The hard part is pushing to the devices and working out what
to do when on-box and off-box doesn't match.
Good luck in your search, and if you find something really cool, be sure to
post back!
--chip
Solar winds ncm is great if you can tolerate their sales borg.
Hi Chip,
AOL published some good looking open source software, it does not handle
BGP at this moment, but it does other tasks like ACLs quite well. It's designed
to be tightly integrated with your existing CMDB/RANCID, and it even takes
timezones into account for pushing new configurations.
Trigger: https://github.com/aol/trigger
I plan on spending some cycles later this year on adding BGP functionality to Trigger
Kind regards,
Job
Just an FYI on "if you can tolerate their sales borg".
If you request a quote and do not purchase, get ready for a borg attack of emails and calls.
On topic:
We're trying to survive with RANCID, which is great for pushing changes without any feedback... Last job we used Solarwinds NCM, and that's a fairly nice tool.
We also had HP on site with their "Configuration Management System", which looked good until we started looking into support for Enterasys and Brocade. There were some short comings and expectation for custom written code to support 3rd party hardware.
-P
We use Rancid and have it run every hour against Juniper and Cisco gear. If there's a change, we get an email, and all the revisions are automatically saved in SVN. Attach WebSVN and you have a nice web viewer. You administer the devices as you normally would, but you'll have automatic version control and change monitoring. It's simple to set up, and free.
Solarwinds NCM is what we use. It's multivendor and even handles menu-driven configurations and can easily be used to run commands on devices such as Linux servers for iptables firewall rules. It can perform inventory management and do things like search for MAC addresses on your network. Moreover, it can do policy reporting to ensure that your devices meet your configuration standards, both custom-made and for regulatory compliance like HIPAA/SOX/PCI/etc.
We used to use RANCID, which worked great, but we outgrew it when we needed something to backup multiple vendors and didn't have the resources to modify the code to do what we needed.
As other posters mentioned, their sales force is unrelentless, even after you purchase. It took a lot of complaining to finally get off whatever internal sales list we were on. Cost is also a concern, as it increases with the more devices you need to manage, plus there's a yearly maintenance fee. That said, I feel the cost is somewhat justified, as they have a pretty good development team that is quite active on their support forums and they listen to customer feedback for features.
-evt
> From: Chip Marshall [mailto:chip@2bithacker.net]
> Sent: Tuesday, March 12, 2013 1:58 PM
> To: nanog@nanog.org
> Subject: Network Configuration Management
>
> Just curious what people are using for network configuration
> manangement systems. I'm guessing most places have something
> built in-house, but before starting down that road I figured it
> would be a good idea to see if people have any off-the-shelf
> systems they like.
>Solarwinds NCM is what we use. It's multivendor and even handles
menu-driven configurations and can easily be used to run commands on
devices such as Linux servers for iptables firewall rules. It can perform
inventory management and do things like search for MAC addresses on your
network. Moreover, it can do policy reporting to ensure that your devices
meet your configuration standards, both custom-made and for regulatory
compliance like HIPAA/SOX/PCI/etc.
We used to use RANCID, which worked great, but we outgrew it when we
needed something to backup multiple vendors and didn't have the resources
to modify the code to do what we needed.
As other posters mentioned, their sales force is unrelentless, even after
you purchase. It took a lot of complaining to finally get off whatever
internal sales list we were on. Cost is also a concern, as it increases
with the more devices you need to manage, plus there's a yearly maintenance
fee. That said, I feel the cost is somewhat justified, as they have a
pretty good development team that is quite active on their support forums
and they listen to customer feedback for features.
-evt
To those of you using Solarwinds: what about scalability? How many devices
do you presently support with this solution, and under which hardware or VM
and storage configuration, if you don't mind sharing that?
Stefan
I've used Kiwi Cattools as well as some homegrown perl and shell script
stuff for versioning / audit trails.
Cattools works OK and scales. Unsure of pricing structure though.
I never liked Ciscoworks for doing it even though it will manage your
devices that way.
You will grow tired of their sales people long before you approach a brick wall of scalability.
