North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Cisco config generator
Alan Hannan writes... > > If, for example, one user is set up with a variety of access services, > > and I disable or delete that user, then it should be removed from all > > places where it is configured without me having to know. > > This is a slightly different specification; you are talking about > deploying distributed security permissions. This could be a subfunction > of the configuration system. Among other things, yes. But I don't see it as exactly a subfunction. I see it as one complete system. > > Yes, I do combine my network operations and server operations together > > and I want a package that allows me to fully integrate it all together > > without having to have separate packages. > > You will be hard pressed to find a ready-made off the shelf package > to do what you want. I figured so, but I should check anyway. > <rambling opinion> > > Today's internet technology is complex. Harder than rocket science, > but it appears easier because we make up with BS that which is lost > by not understanding the formulas or having granular flow statistics. > > The sum complexity of a network configuration system is a function of > the router/switch interpreter, the routing policy, the routing protocols, > and the databases with which one works. > > Since implementing this complexity requires adhering to standards > or understanding your own policies and protocols (which few > really do), it's difficult to make generic solutions work for > networks of a given complexity. > > We worked hard with one router vendor to create such a system, but > the exponential amount of work put in resulted in only a few useful > widgetish interfaces. They just didn't get it. > > This is because they don't live and breathe it; they code; they write > MIBs; they don't fantasize about pull/push/check/click *presto* it's > configged. They live in their world, and rarely is the vendor's world > the practical world of the network engineer/operator. You've hit the nail on the head. That probably explains why lots of the software on the market is lacking in being a complete solution. > A smart guy who sends out reports that embarrass people once pointed > out to me: the largest internet networks all have radically different > designs, and yet they all work remarkably well. > > So, until someone with enough savvy, experience, and coding skills > attempts this task, I think it will stay proprietary and internally > developed by, and for, each network. Probably will. > A middleware interpretation layer (ie. sendmail's configuration > file) is needed before this generic configuration system can > be (fairly) easily implemented. Among other things. > Tools exist (whose names escape me, but I'm sure bmanning > or vixie will point them out) that profess to interpret > radb configs into cisco and ascend configs, but they (in my/our > limited experience and exploration) fail to capture the IGP > variables or the various L2/L3 platform requirements. Lots of tools exist, but do they work to gether and cover everything? I tend to doubt it. And will the database even include it all? > > It wouldn't be that big for a software development business that is > > banking on selling it to a lot of providers. > > Yes it would; read _The Mythical Man-Month_ by Brooks, pub. Addison-Wesley. I was incomplete in what I was saying. You are right for the real case. What I meant to refer to was what would be the case if things were done right. > > But is there even a market for this? > > There certainly is; but the cost of customization may exceed the > demand. Customization in terms of the variety of platforms? Or the variety of policies? > > One thing I note about Netsation's product is that they promote it as > > a tool to deal with "cryptic IOS commands". IOS is _NOT_ cryptic. > > I think one could say that Netstation or Netsys are good tools > for people who think IOS is cryptic. (don't flame me, dear vendors, > your tool can help mitigate detailed analysis, or help find > idiot mistakes [which we all make]; however, last time I looked > they didn't support IS-IS and choked when we tried to enter a smidgen > of our routers into the network). Imagine how you will feel when you see a copy of "Cisco Routers for Dummies" show up in the bookstore. > > Where such a product is useful is managing the huge complexity of a > > large network, and in the case of what I am looking for, all of the > > other services as well. > > For this, I think > you > should > write > your > own > or > hire or > fund > someone. It might happen. -- Phil Howard | [email protected] [email protected] [email protected] phil | [email protected] [email protected] [email protected] at | [email protected] [email protected] [email protected] milepost | [email protected] [email protected] [email protected] dot | [email protected] [email protected] [email protected] com | [email protected] [email protected] [email protected]
|