|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Intelligent Automation of network tasks
In my opinion, every network with more than a dozen or so routers needs an automated method to distribute massive configuration changes. There is a lot of fear that something will break during updates, but with some intelligence, that risk can be minimized. Related to this, here is how I distribute Bogons, cognizant of the fact that the system has to be smart enough not to break anything in the event a telnet session breaks. So, here is what I send to my routers.. No ip prefix-list bogons ip prefix-list bogon seq 1 permit 0.0.0.0/0 Ip prefix-list bogon deny 0.0.0.0/7 le 32 Ip prefix-list bogon deny 2.0.0.0/8 le 32 <snip> Ip prefix-list bogon deny 197.0.0.0/8 le 32 Ip prefix-list bogon deny 223.0.0.0/8 le 32 ip prefix-list bogon permit 0.0.0.0/0 le 27 No ip prefix-list bogon seq 1 permit 0.0.0.0/0 Worst case scenario, I break my bogon filters... and that happens very very rarely. The same logic can be applied to access-list using named access lists. Hopefully that will help someone. -ejay
|