North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Network Configuration Management Practices
On Wed, Sep 15, 2004 at 12:27:20AM -0700, Alexei Roudnev wrote: > > One more thing. We tried to review _proposed changes_ and _changed applied_. > Practice showed, that it is impossible to see errors in proposed updates, > even if 3 - 4 engineers review it (not design flaws, but syntac and > semantics errors), so we did not got many use from pre-change reviews > (except design ones). But we got extremely high profit from post-change > reviews (verifying, what really changed on the router / firewall after > maintanance window) - it allows to see some unwanted changes and avoid few > possible service disruptions. > This doesn't seem to scale too well. When you have frequent changes (i.e. many access devices) the diff load becomes unmanageably large. My ideal would be to have a network monitoring tool which compares the actual network against a configured baseline. The presumption would be that if the network matches what have been set forth as engineering rules, I don't really care what the specific settings are. Currently we do something sort of halfway: archive the actual configs and then run audit scripts against them, which parse the configs. Definitely not ideal but it helps catch simpler errors. One of these days when I have extra cycles.. (yeah, right) Austin
|