1 |
On Sat, 5 May 2012 16:29:47 +0000 (UTC) |
2 |
James <wireless@×××××××××××.com> wrote: |
3 |
|
4 |
> Alan McKinnon <alan.mckinnon <at> gmail.com> writes: |
5 |
> |
6 |
> |
7 |
> > > #copy running-config [http | https] <url> |
8 |
> |
9 |
> > How many routers are you backing up and what are your needs? |
10 |
> |
11 |
> It varies. I seem to 'inherit' networks that are not populated |
12 |
> by humans (mostly machines & controls). I like to first copy |
13 |
> the running configurations to my laptop as often the routers are old |
14 |
> and nobody seems to know much about them. (yea as an old linux_hag |
15 |
> I get work on stuff that most other will not touch)..... |
16 |
> As a PE in Controls, I seem to get lucky and am able |
17 |
> to patch, enhance or replace equipment, with minimal |
18 |
> disturbances to the myriad of protocols and legacy |
19 |
> heuristics that inhabit these plants. It's a situation |
20 |
> where if you break it, you own the problem. I try very |
21 |
> hard to keep Microsoft based technologies out of the plants. |
22 |
> Microsoft(anything) is mostly a disaster in the Process |
23 |
> Controls space. I often prove this to a customer, by dropping |
24 |
> in a sniffer here and there and show them the myriad of |
25 |
> shit_traffic that Microsoft(anything) generates just to move |
26 |
> a few bits around. Besides, if you don't believe me, |
27 |
> just ask the IRANIANS how wonderful MS is (think stuxnet virus). |
28 |
> |
29 |
> (enough background?) |
30 |
> |
31 |
> I use a laptop, as often the sites do not have any remote |
32 |
> access or it is blocked. I grab a config and then figure |
33 |
> out a fix, only to return later, sometimes with drop in |
34 |
> replacement hardware. Too often, I'm content to just hack |
35 |
> at the old existing (shit) hardware. Industrial folks are not |
36 |
> so robust on their nets that control machines and such.Often, |
37 |
> Poor practices and little of a structured management system exist. |
38 |
> Still, I get to avoid humans, so I trudge along, meeking out a |
39 |
> living.... |
40 |
> |
41 |
> |
42 |
> > https://www.shrubbery.net/rancid |
43 |
> |
44 |
> Rancid looks interesting enough to explore. Do you have an |
45 |
> unofficial ebuild somewhere, or do you just hack the install on |
46 |
> gentoo? |
47 |
|
48 |
Our rancid stuff runs on FreeBSD (I banned Gentoo from all new |
49 |
production installs 3 years ago...) so we mostly don't bother with |
50 |
packages. Good old "./configure && make && make install" is what works |
51 |
for us. |
52 |
|
53 |
rancid is awesome for what it does, but I doubt it will suit your |
54 |
needs. Because it logs int a device periodically, it needs direct |
55 |
access somehow. And considering the age of some of the stuff you |
56 |
have[1] most of it won't support ssh properly, so you need telnet. |
57 |
There goes any idea of polling devices for backup purposes and we're |
58 |
back to grabbing the config off the router on-site. Like several others |
59 |
said already, I'd go for ftp rather than http for this, it's just |
60 |
easier. |
61 |
|
62 |
[1] lemme guess - you deal with actual live networks right? Real ones |
63 |
that people built. Not the kind of mythical networks described in |
64 |
Gartner white papers and Cisco training manual where everything is |
65 |
somehow supposed to all just magically work out the box (but |
66 |
doesn't...)? |
67 |
|
68 |
-- |
69 |
Alan McKinnnon |
70 |
alan.mckinnon@×××××.com |