Rancid & IPPlan

As a network engineer, I need plenty of good tools at my disposal. I help to maintain an enterprise-level network of hundreds of Cisco devices, many hosts and even more users. Linux and open source projects become the "glue" which helps me perform my job.

The Linux command line has all sorts of good tools for manipulating text. Awk, sed, grep, perl, bash scripts ... anything you can think of doing is available. And because Cisco config files are just simply text, the marriage of Linux and Cisco makes perfect sense. I run access servers (I call them utility servers) and access all of our equipment from these heavily-secured hosts, which happen to be virtual guest machines. I can then tell the Cisco equipment only to trust these particular hosts. I also run tftp servers on these hosts, for easy config/file management and manipulation.

Two of my favorite projects are Rancid and IPPlan.

Rancid is a CVS or SVN repository for Cisco router configs. If you're like me, and you missed the kernel programmer calling in life, and ended up as only a network engineer, here's your chance to feel like a real kernel hacker superstar. Rancid treats all your configs like a software repository, backing them all up every hour (or whatever you setup in cron) and can email your whole team the diffs. It doesn't matter if you have 3 people on your team or 30, this program is automatic change control.

The commits are done automatically, and you can even checkout any revisions of your "code" that you would like. Want to know what the routers in Texas were configured with three months ago? Go back to your email, find the proper revision and check it out. I've learned more about SVN (Subversion) than I've ever wanted to. There may be a bit of a learning curve, but once you get it up and running, it's solid and does it's job well. There are a few good HowTo links out there.

My other choice was IPPlan. Everyone knows just about anything in IT is about organizing data and people or people's data. When you're a rather large service provider, you have one main issue with IP addresses: keeping track of them. What do you use? A spreadsheet? (Which is popular). Spreadsheets work for small deployments, but for very large netblocks, you need something enterprise level.

And forget buying one of the fancy software packages. They are typically very expensive, and incorporate other features you may not need like DNS servers and DHCP servers. We wanted a single-purpose IP management program.

IPPlan is a database which is structured exactly the way your network is numbered and organized, in areas, ASNs (autonomous system numbers), supernets and VLSM subnets (variable legnth subnet masks).

Once you get the database organized, adding a new network or customer assignment is easy. You can even let your users have access to request new IPs (or blocks of IPs), and provide all sorts of information, including a link from private addresses to public for NAT. I believe I can find any host on our network within about 10 seconds using IPPlan. IPPlan can also use NMAP to automatically scan subnets for used machines and enter their information automatically.

Routing Tables

FredR's picture

IPPlan can read routing tables of remote equipment via snmp. I've done this very thing myself. It's not an automated action, but it does list the contents of the routing table next to your IPPlan database, and one can "fill in the blanks" for the netblocks you're missing.

Some quick perl (or python, or bash, or...) script could grep out all the ip addresses from your CVS/SVN repo and perhaps format it in a way which was importable to IPPlan.

-- FLR or flrichar is a superfan of Linux Journal, and goofs around in the LJ IRC Channel

Can you integrate the two?

Josh's picture

We use these two tools as well. I'd love to find a way to integrate the two. Ideally, a method of crawling router configs for IP addresses, and populating IP Plan accordingly. That way if someone forgets to update ip plan, it'll still get marked in use.

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix