Rancid & IPPlan
As a network engineer, I need plenty of good tools at my disposal. I help to maintain an enterprise-level network of hundreds of Cisco devices, many hosts and even more users. Linux and open source projects become the "glue" which helps me perform my job.
The Linux command line has all sorts of good tools for manipulating text. Awk, sed, grep, perl, bash scripts ... anything you can think of doing is available. And because Cisco config files are just simply text, the marriage of Linux and Cisco makes perfect sense. I run access servers (I call them utility servers) and access all of our equipment from these heavily-secured hosts, which happen to be virtual guest machines. I can then tell the Cisco equipment only to trust these particular hosts. I also run tftp servers on these hosts, for easy config/file management and manipulation.
Rancid is a CVS or SVN repository for Cisco router configs. If you're like me, and you missed the kernel programmer calling in life, and ended up as only a network engineer, here's your chance to feel like a real kernel hacker superstar. Rancid treats all your configs like a software repository, backing them all up every hour (or whatever you setup in cron) and can email your whole team the diffs. It doesn't matter if you have 3 people on your team or 30, this program is automatic change control.
The commits are done automatically, and you can even checkout any revisions of your "code" that you would like. Want to know what the routers in Texas were configured with three months ago? Go back to your email, find the proper revision and check it out. I've learned more about SVN (Subversion) than I've ever wanted to. There may be a bit of a learning curve, but once you get it up and running, it's solid and does it's job well. There are a few good HowTo links out there.
My other choice was IPPlan. Everyone knows just about anything in IT is about organizing data and people or people's data. When you're a rather large service provider, you have one main issue with IP addresses: keeping track of them. What do you use? A spreadsheet? (Which is popular). Spreadsheets work for small deployments, but for very large netblocks, you need something enterprise level.
And forget buying one of the fancy software packages. They are typically very expensive, and incorporate other features you may not need like DNS servers and DHCP servers. We wanted a single-purpose IP management program.
IPPlan is a database which is structured exactly the way your network is numbered and organized, in areas, ASNs (autonomous system numbers), supernets and VLSM subnets (variable legnth subnet masks).
Once you get the database organized, adding a new network or customer assignment is easy. You can even let your users have access to request new IPs (or blocks of IPs), and provide all sorts of information, including a link from private addresses to public for NAT. I believe I can find any host on our network within about 10 seconds using IPPlan. IPPlan can also use NMAP to automatically scan subnets for used machines and enter their information automatically.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- The Qt Company's Qt Start-Up
- Devuan Beta Release
- May 2016 Issue of Linux Journal
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The US Government and Open-Source Software
- Open-Source Project Secretly Funded by CIA
- The Death of RoboVM
- The Humble Hacker?
- BitTorrent Inc.'s Sync
- New Container Image Standard Promises More Portable Apps
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide