Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Configuration ManagementPhilippines Network Operators Group, March 2018Jonathan BrewerTelco2 LimitedNew Zealand
ObjectivesParticipants will understand the basics of:
• Network Device Configuration• Configuration Backups• Version Control & File Differences (diff)• Configuration Management Tools
Network Device Configuration• At the command line, like Cisco• From a special tool, like Mikrotik• From a web browser, like Procurve• With JSON files, like Arista• With XML files, like Juniper
Configuration Backups• Stored as text files• Stored in databases• Stored in versioning systems
Why Download Configs?• Restore configs when devices fail• Roll back changes with unintended consequences• Track configuration & hardware changes• Track image (operating system) changes• Tie configuraiton changes to performance changes• Attribute (blame) performance changes to those who
made them
What's Version Control?• Also known as revision control or source control• Manages changes to files or documents with a
revision number• Allows users to find and highlight changes• Allows users to restore previous versions of a file or
document
What's a Diff?• A comparison of two versions of a single file or
document• Highlighting the changes between the two versions• Allowing users to quickly see only what's changed
What's a Diff?
https://github.com/git-up/GitUp
Why Manage Config?...I have noticed a behaviour change since implementing RANCID. The entire NOC team gets an email when a config change is made. The result is everyone is cautious about making changes on the fly, and any changes that are made are quickly explained by the changer. Before, changes would be made and if it broke something.....silence. So, at the very least we have fewer problems that magically appear.1 — Jason Lewis
1 http://www.shrubbery.net/rancid/
Configuration Management Tools• Retrieve configuration files• Allow for their storage as files or in versioning
systems• Solve many problems with network operations, for
free
Tools: RANCID• Really Awesome New Cisco config Differ• The (Internet) industry standard for configuration
management• Promoted at NANOG 26 in 2002
• Supports Cisco, Foundry, HP, Juniper, and more• Integrates with CVS or SVN• Interpreted application written in Perl, shell, Expect, an C• Runs on BSD, Linux, MacOS• Available at shrubbery
Tools: fetchconfig• Tool for retrieving configuration files• Supports Cisco, Fortigate, HP, Juniper, Procurve,
Mikrotik, and more• Interpreted application written in Perl• Runs under Linux and Windows• Available at github
Tools: Jazigo• Tool for retrieving configuration files• Supports Cisco, Datacom, Fortigate, Huawei, Juniper,
Linux, & Mikrotik• Runs in parallel to back up many devices
concurrently• Can store backups into an Amazon AWS S3 bucket• Compiled application written in Go• Available at github
Tools: Oxidized• Tool for retrieving configuration files• Stores files in a version control system• Supports a large number of manufacturers and
devices• Runs in parallel to back up many devices
concurrently• Compiled application written in Ruby• Runs on Linux, BSD, and as a Docker container• Available at github
Tools: Sweet• Tool for retrieving configuration files• Supports Cisco and Juniper• Runs in parallel to back up many devices concurrently• Stores device configurations directly in git (version
control system)• Email notifications• Runs on Linux and MacOS• Compiled application written in Go• Available at github