Rancid monitors a router's (or device's) configuration

Roman Hochuli | 7 Aug 2012 11:27

[rancid] ignoring toggling/changing output lines

Dear All

As much as I love RANCID I am fighting with two anoyances which I, at
the moment, have no ideas how to fix them.

The first one I do not seem to be the only one beeing hit by: changing
type 7 passwords within l2tp-class-sections on Cisco routers. As from
what the archives say this is probably even expected behaviour according
to TAC. Changesets look something like this:
--snip
  l2tp-class NAME
   hidden
   authentication
-  password 7 abcabcabcabcabcabc
+  password 7 xyzxyzxyzxyzxyzxyz
  !
--snap

To be honest: I would be glad with a solution that simply ingores the
password, but only the l2tp-class one. I would like to keep the other
passwords in the config. Any ideas?

The second issue involves Brocades (former Foundry Networks) Metro Ring
Protocol. You have to specify two interfaces which are defining the east
and west side of the ring as from this boxes perspective. Sure, they
might change if a break in the ring happens. But I am seeing toggling
between these interfaces way more than we have ring-breaks...

A typical output of such a changeset would look like this:
--snip

(Continue reading)

headers

heasley | 7 Aug 2012 18:57

Re: [rancid] ignoring toggling/changing output lines

Tue, Aug 07, 2012 at 11:27:56AM +0200, Roman Hochuli:
> Dear All
> 
> As much as I love RANCID I am fighting with two anoyances which I, at
> the moment, have no ideas how to fix them.
> 
> 
> The first one I do not seem to be the only one beeing hit by: changing
> type 7 passwords within l2tp-class-sections on Cisco routers. As from
> what the archives say this is probably even expected behaviour according
> to TAC. Changesets look something like this:
> --snip
>   l2tp-class NAME
>    hidden
>    authentication
> -  password 7 abcabcabcabcabcabc
> +  password 7 xyzxyzxyzxyzxyzxyz
>   !
> --snap
> 
> To be honest: I would be glad with a solution that simply ingores the
> password, but only the l2tp-class one. I would like to keep the other
> passwords in the config. Any ideas?

that must be an ios bug.  you should contact TAC and insist that they open
a ticket.

the only way to filter it would be to filter all passwords, or write a
filter that kept state to know when it enters/leaves a l2t-class def.

(Continue reading)

headers

heasley | 8 Aug 2012 01:18

Re: [rancid] ignoring toggling/changing output lines

Tue, Aug 07, 2012 at 09:57:18AM -0700, heasley:
> Tue, Aug 07, 2012 at 11:27:56AM +0200, Roman Hochuli:
> > Dear All
> > 
> > As much as I love RANCID I am fighting with two anoyances which I, at
> > the moment, have no ideas how to fix them.
> > 
> > 
> > The first one I do not seem to be the only one beeing hit by: changing
> > type 7 passwords within l2tp-class-sections on Cisco routers. As from
> > what the archives say this is probably even expected behaviour according
> > to TAC. Changesets look something like this:
> > --snip
> >   l2tp-class NAME
> >    hidden
> >    authentication
> > -  password 7 abcabcabcabcabcabc
> > +  password 7 xyzxyzxyzxyzxyzxyz
> >   !
> > --snap
> > 
> > To be honest: I would be glad with a solution that simply ingores the
> > password, but only the l2tp-class one. I would like to keep the other
> > passwords in the config. Any ideas?
> 
> that must be an ios bug.  you should contact TAC and insist that they open
> a ticket.
> 
> the only way to filter it would be to filter all passwords, or write a
> filter that kept state to know when it enters/leaves a l2t-class def.

(Continue reading)

headers

Roman Hochuli | 9 Aug 2012 13:09

Re: [rancid] ignoring toggling/changing output lines

Hi

> the only way to filter it would be to filter all passwords, or write a
> filter that kept state to know when it enters/leaves a l2t-class def.

I was already afraid you would say so...
Will give the patch/hack you sent a try and see how it works.

> so, you will need a filter or some sorting; if ring
> interfaces can be configured one per-line, like
> then i would split those lines like this and use ProcessHistory to sort on
> the interface.

Unfortuneatly no. :-/

Will have a chat with their support to have them fix this behaviour
someway in future releases.

Thank you for your help.

--

-- 
Best regards,
Roman Hochuli
Operations Manager

nexellent ag
Saegereistrasse 33
CH-8152 Glattbrugg

Phone:       +41 44 872 20 00

(Continue reading)