Rancid & IPPlan
As a network engineer, I need plenty of good tools at my disposal. I help to maintain an enterprise-level network of hundreds of Cisco devices, many hosts and even more users. Linux and open source projects become the "glue" which helps me perform my job.
The Linux command line has all sorts of good tools for manipulating text. Awk, sed, grep, perl, bash scripts ... anything you can think of doing is available. And because Cisco config files are just simply text, the marriage of Linux and Cisco makes perfect sense. I run access servers (I call them utility servers) and access all of our equipment from these heavily-secured hosts, which happen to be virtual guest machines. I can then tell the Cisco equipment only to trust these particular hosts. I also run tftp servers on these hosts, for easy config/file management and manipulation.
Rancid is a CVS or SVN repository for Cisco router configs. If you're like me, and you missed the kernel programmer calling in life, and ended up as only a network engineer, here's your chance to feel like a real kernel hacker superstar. Rancid treats all your configs like a software repository, backing them all up every hour (or whatever you setup in cron) and can email your whole team the diffs. It doesn't matter if you have 3 people on your team or 30, this program is automatic change control.
The commits are done automatically, and you can even checkout any revisions of your "code" that you would like. Want to know what the routers in Texas were configured with three months ago? Go back to your email, find the proper revision and check it out. I've learned more about SVN (Subversion) than I've ever wanted to. There may be a bit of a learning curve, but once you get it up and running, it's solid and does it's job well. There are a few good HowTo links out there.
My other choice was IPPlan. Everyone knows just about anything in IT is about organizing data and people or people's data. When you're a rather large service provider, you have one main issue with IP addresses: keeping track of them. What do you use? A spreadsheet? (Which is popular). Spreadsheets work for small deployments, but for very large netblocks, you need something enterprise level.
And forget buying one of the fancy software packages. They are typically very expensive, and incorporate other features you may not need like DNS servers and DHCP servers. We wanted a single-purpose IP management program.
IPPlan is a database which is structured exactly the way your network is numbered and organized, in areas, ASNs (autonomous system numbers), supernets and VLSM subnets (variable legnth subnet masks).
Once you get the database organized, adding a new network or customer assignment is easy. You can even let your users have access to request new IPs (or blocks of IPs), and provide all sorts of information, including a link from private addresses to public for NAT. I believe I can find any host on our network within about 10 seconds using IPPlan. IPPlan can also use NMAP to automatically scan subnets for used machines and enter their information automatically.
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems
Join editor Bill Childers and Bit9's Paul Riegle on April 27 at 12pm Central to learn how to keep your Linux systems secure.
Free to Linux Journal readers.Register Now!
- Cluetrain at Fifteen
- Embedding Python in Your C Programs
- Getting Good Vibrations with Linux
- [<Megashare>] Watch Mrs Brown's Boys Movie Online Full Movie HD 2014
- New Products
- Customizing Vim
- Memory Ordering in Modern Microprocessors, Part I
- Security Hardening with Ansible
- RSS Feeds
- Tech Tip: Really Simple HTTP Server with Python