Hi all,
Currently, I'm pretty good at putting together stuff like subversion, rancid,
RRDtool, Cacti, Nagios, tftp, scp, together into a somewhat useful package for
basic stuff, automated diffs and version control and Monitoring. I think we can
all agree that such homegrown systems are great for that sort of thing. There
certainly isn't a cfengine type application for multivendor network devices, but
with cisco Incorporating Tcl shells and precompilers in IOS, F5 using a Tcl
shell to replace their proprietary scripting language, There just needs to be an
Open Reference model or XML schema to describe device functions... I don't think
we're there yet.
What I don't like are some of the things various vendors are doing to try to
address the problem in their devices, like the Cisco "AutoSecure" feature. I
suppose this will open discussion into how much automation is a good thing. If
it saves me from carpel tunnel or having to produce funky perl code, then
perhaps it is useful.
I think we get into trouble when the tools start to dynamically alter the
network topology. If you take a look at some IDS/IDP systems, you'll understand
what I mean. While they are policy driven, they aren't very useful out of the
box and take considerable work in order to have them function properly for your
specific environment.
Regards,
Max
Quoting Paxton <paxton@binsh.com>:
>
> I haven't seen any messages yet so I have no idea who has signed up, but I
> would love to hear a frank discussion of currently available network
> automation/configuration management (not monitoring) tools, both $$$ and
> open source.
>
> I was interested by Brent's original NANOG posting, in which he states:
>
> ..."I'm not simply talking about [..] device configuration monitoring
> systems [..] Instead I'm talking about systems that will start from a
> description of how a network ought to be configured, then interact with
> the various devices on that network to make it so..."
>
> What currently available tools actually do this? IMO the $$$ tools out
> there today (or at least those I have seen referenced, ie the network
> world article, rendition/Opsware, etc) all are pandering to the
> sarbanes-oxley scare tactics because that's where the money is. If you
> really look at them and peel away the marketing fluff and hand-waving,
> they are all basically a configuration monitoring systems with a stamp on
> the cd that says: your sarbanes-oxley problems solved here! Is their
> goal even to solve network automation problems? I find it
> ironically humorous that rendition renamed true control to "network
> automation". Maybe they should have renamed it: Sarbanes-Oxley BandAid.
> Not to pick on rendition, but the reality is there's money in checkbox
> sarbanes-oxley solutions - and that's money in the right place (execs) and
> a lot of it. So are real network management solutions getting left in the
> dust? And what's worse at least IMO is that these guys all claim to
> provide network management solutions, but don't actually provide value to
> network administrators (or that isn't their main goal, its an
> afterthought if its given any consideration at all), and because the money
> is already spent, the network administrators don't get tools that might
> actually solve a real problem.
>
> I hope this is just controversial enough to spur on some conversation,
> because I would really like to hear everyone else's opinions and
> experiences, and what else is out there that I haven't seen yet.
>
> Can anyone recommend open source tools for configuration
> management/network automation, or is there interest in starting such a
> project?
>
>
> Thanks!
>
>
>
>
References:
|
|
