Network Device Configuration Management
Anshuman Kanwar
Your most elaborate disaster recovery
plans are only as good as your backups. In the context of routers (and most
firewalls), all configuration is normally stored as a plain-text file in
flash memory or some sort of NVRAM. Creating a replica of a router in case
of catastrophic failure is simply a matter of physically plugging in a cold
standby and copying the configuration from some backup medium onto the new
device.
Rancid (Really Awesome New CIsco config Differ) is a
tool that automates the process of backing up
device configuration. In this article, I will discuss how to install and
maintain rancid and also explore the benefits that result from having a
working, up-to-date rancid repository.
What Is Rancid?
Rancid is a combination of shell, Perl, and Expect
scripts that work together to provide configuration management. Although
the name implies Cisco-only support, the tool has grown to work with a
multitude of devices from most major vendors. Adding extensions for new
device classes is also fairly easy. Details about supported devices can be
found at:
http://www.shrubbery.net/rancid/
Rancid takes as input a list of device names and login
credentials. It then cycles through this list and attempts to log into each
device. Then, it runs a pre-determined set of commands at the CLI and
collects the responses. Subsequently, it tries to match the generated
output against a template to filter out incrementing changes and sensitive
information. For instance, this step can mask out plain-text passwords or
IPSec keys from the config file [1].
|
