Re: Software or PHP/PERL scripts for simple network management?
On Tue, 19 Jun 2007 [EMAIL PROTECTED] wrote: information (i.e. source of all data). Canonical data is in routing/forwarding tables on routers/switches. That's the operational reality. The amount of data that you need to track IP allocations just doesn't fit well into DNS - there's no place to store customer id/service id, the length of allocation (is this IP part of a /28? /29?), etc. So you'll have to have canonical data somewhere else anyway. You've never used comments in your dns? I have yet to figure out how to insert a comment into my routing tables that tells me what a routing entry is for, but it's pretty easy to put a # line in my tinydns data or my bind zone file that tells me who this is for, how large it is, when it was allocated, by whom, and when it was deallocated and why After all, there are occasions when an allocated subnet won't show up in my routing tables --- david raistrickhttp://www.netmeister.org/news/learn2quote.html [EMAIL PROTECTED] http://www.expita.com/nomime.html
Re: Software or PHP/PERL scripts for simple network management?
david raistrick wrote: On Tue, 19 Jun 2007 [EMAIL PROTECTED] wrote: information (i.e. source of all data). Canonical data is in routing/forwarding tables on routers/switches. That's the operational reality. The amount of data that you need to track IP allocations just doesn't fit well into DNS - there's no place to store customer id/service id, the length of allocation (is this IP part of a /28? /29?), etc. So you'll have to have canonical data somewhere else anyway. You've never used comments in your dns? I have yet to figure out how to insert a comment into my routing tables that tells me what a routing entry is for, Communities ;-) -- Leigh
Re: Software or PHP/PERL scripts for simple network management?
[EMAIL PROTECTED] wrote: I agree, DNS should *reflect* reality, but I think it is very much misguided to say that DNS should be the place to have canonical information (i.e. source of all data). Canonical data is in routing/forwarding tables on routers/switches. That's the operational reality. Others have mentioned this, but that's just wrong. For 20 years, there's a reason we've been using policy-based routing, routing arbiters, etc. The amount of data that you need to track IP allocations just doesn't fit well into DNS - there's no place to store customer id/service id, the length of allocation (is this IP part of a /28? /29?), etc. So you'll have to have canonical data somewhere else anyway. Others have mentioned this, but of course all that should be stored as comments in the file. I never found any automated tool that stored all the information properly. Text records with comments are flexible. And the allocation size is extremely important, as you need pointer records to the customers' .arpa NS records! Surely, you don't handle everything on 8-bit boundaries in this day and age And when the routing table doesn't match, withdraw the route, and fire the miscreant that failed to properly maintain the allocation data! Unfortunately, I'll have to say again that this doesn't scale. :) There's a saying where I grew up: Ford is in the business of making cars. GM is in the business of making money. The notion is that GM doesn't really care about the quality of its cars, as long as it makes money. Branding the local congresscritter the representative from GM is not a compliment. (Not so coincidentally, his considerably younger trophy wife is a GM heiress.) The 'net is what I've spent most of my adult life making. 'nuff said.
Re: Software or PHP/PERL scripts for simple network management?
Drew Weaver wrote: Does anyone have a recommendation of any software products either commercial or freeware which will import the ip routing table from one of my routers/switches and display it in a sorted manner? We just need an easier distributed method than logging into our Black Diamond and typing sh iproute sorted every time we need to find an available subnet. Wow, LOL! The software product is called a text editor. Look at your list of assignments in your NS .arpa. file: 1) Find a subnet that hasn't been assigned. 2) Update the text file. 3) Wait for it to propagate. 4) Tell the customer. The concomitant procedure for static host assignment is: 1) Find a number that hasn't been assigned. 2) Update the text file. 3) Wait for it to propagate. 4) Then, and only then, update the forward NS file(s). 5) Tell the customer. Of course, there is software that will automatically maintain the files, and even send a signal to bind, but I've alway found them to be weak at subnet management. Text editor is the way to go -- using subversion for distributed file management (that is, knowing who to blame for mangling the assignment commit).
Re: Software or PHP/PERL scripts for simple network management?
On Mon, 18 Jun 2007 21:18:06 BST, Leigh Porter said: Just out of interest, why are you looking at routing tables to find an available subnet? If your predecessor wasn't quite as careful documenting allocations, it can be useful to see if your paperwork says a /28 is dark, but you're in fact routing traffic for it down some customer's link. Then you get to do two things: (a) check if there's any *return* traffic and (b) call the customer and ask if *they* think it's dark or not. Hilarity ensues for some combinations of answers... (And yes, I once had a co-worker looking for a free /24, found one that was nice and empty except for smack dab in the middle, a route for a /28 that for no apparent reason pointed at an unused but registered static IP of mine in the middle of our modem pool space. After some digging, we remembered that it was a work-around for when I had 2 IBM RTs at home, that did SLIP and static addresses, but not NAT or DHCP, so my home net had some routing workarounds that never got taken down when I replaced the 2 RTs with one box that was happy to accept whatever address PPP handed it) pgpkMkdAuXpfn.pgp Description: PGP signature
Re: Software or PHP/PERL scripts for simple network management?
Many years ago I worked for a small Mom-and-Pop type ISP in New York state (I was the only network / technical person there) -- it was a very free wheeling place and I built the network by doing whatever made sense at the time. One of my favorite customers (Joe somebody) was somehow related to the owner of the ISP and was a gamer. This was back in the day when the gaming magazines would give you useful tips like Type 'tracert $gameserver' and make sure that there are less than N hops. Joe would call up tech support, me, the owner, etc and complain that there was N+3 hops and most of them were in our network. I spent much time explaining things about packet-loss, latency, etc but couldn't shake his belief that hop count was the only metric that mattered. Finally, one night he called me at home well after midnight (no, I didn't give him my home phone number, he looked me up in the phonebook!) to complain that his gaming was suffering because it was too many hops to get out of your network. I finally snapped and built a static GRE tunnel from the RAS box that he connected to all over the network -- it was a thing of beauty, it went through almost every device that we owned and took the most convoluted path I could come up with. Yay!, I figured, now I can demonstrate that latency is more important than hop count and I went to bed. The next morning I get a call from him. He is ecstatic and wildly impressed by how well the network is working for him now and how great his gaming performance is. Oh well, I think, at least he is happy and will leave me alone now. I don't document the purpose of this GRE anywhere and after some time forget about it. A few months later I am doing some routine cleanup work and stumble across a weird looking tunnel -- its bizarre, it goes all over the place and is all kinds of crufty -- there are static routes and policy routing and bizarre things being done on the RADIUS server to make sure some user always gets a certain IP... I look in my pile of notes and old configs and then decide to just yank it out. That night I get an enraged call (at home again) from Joe *screaming* that the network is all broken again because it is now way too many hops to get out of the network and that people keep shooting him... What I learnt from this: 1: Make sure you document everything (and no, the network isn't documentation) 2: Gamers are weird. 3: Making changes to your network in anger provides short term pleasure but long term pain. --- Warren Kumari. http://www.kumari.net On Jun 19, 2007, at 2:05 PM, [EMAIL PROTECTED] wrote: On Mon, 18 Jun 2007 21:18:06 BST, Leigh Porter said: Just out of interest, why are you looking at routing tables to find an available subnet? If your predecessor wasn't quite as careful documenting allocations, it can be useful to see if your paperwork says a /28 is dark, but you're in fact routing traffic for it down some customer's link. Then you get to do two things: (a) check if there's any *return* traffic and (b) call the customer and ask if *they* think it's dark or not. Hilarity ensues for some combinations of answers... (And yes, I once had a co-worker looking for a free /24, found one that was nice and empty except for smack dab in the middle, a route for a / 28 that for no apparent reason pointed at an unused but registered static IP of mine in the middle of our modem pool space. After some digging, we remembered that it was a work-around for when I had 2 IBM RTs at home, that did SLIP and static addresses, but not NAT or DHCP, so my home net had some routing workarounds that never got taken down when I replaced the 2 RTs with one box that was happy to accept whatever address PPP handed it) Life is a concentration camp. You're stuck here and there's no way out and you can only rage impotently against your persecutors. -- Woody Allen
Re: Software or PHP/PERL scripts for simple network management?
On Tue, 19 Jun 2007, William Allen Simpson wrote: Drew Weaver wrote: Does anyone have a recommendation of any software products either commercial or freeware which will import the ip routing table from one of my routers/switches and display it in a sorted manner? We just need an easier distributed method than logging into our Black Diamond and typing sh iproute sorted every time we need to find an available subnet. Wow, LOL! The software product is called a text editor. Look at your list of assignments in your NS .arpa. file: 1) Find a subnet that hasn't been assigned. 2) Update the text file. 3) Wait for it to propagate. 4) Tell the customer. The concomitant procedure for static host assignment is: 1) Find a number that hasn't been assigned. 2) Update the text file. 3) Wait for it to propagate. 4) Then, and only then, update the forward NS file(s). 5) Tell the customer. Of course, there is software that will automatically maintain the files, and even send a signal to bind, but I've alway found them to be weak at subnet management. Text editor is the way to go -- using subversion for distributed file management (that is, knowing who to blame for mangling the assignment commit). In words of Vijay, It does not scale. In words of Randy, I encourage my competitors to do this. Neither 'show ip route' or 'have a text file' scale beyond a hundred customers. Proper IP management is complicated. You want to have following things: a) easy IP allocation b) IP association with customer and specific service for following purposes: * future IP justification with RIR's * abuse trackback c) easy IP deallocation when customer leaves d) minimizing additional fragmentation of blocks - for example, if you need a /29 and you have a /29 and a /28 available - you want to take /29 before fragmenting /28. e) support for 'special-purpose blocks' - ie, /30 for pt-pt and /32 for loopbacks are to be assigned from blocks that are not used for any other purpose. f) (similar to above) regional/local allocations: give me a /32 out of dallas loopback blocks g) two-way sync (or at least diff) of your databases to operational data (the configs in routers) - so you can see what it *should* be vs what it actually is. Ideally, generate commands to update configs to the database. I think everyone ends up writing their own systems to manage IP space as part of general network management. Unfortunately, they end up being very specific to the network in question (for example, my stuff is very geared toward terminating a large number of vlans on a l3 switches, etc)... -- Alex Pilosov| DSL, Colocation, Hosting Services President | [EMAIL PROTECTED]877-PILOSOFT x601 Pilosoft, Inc. | http://www.pilosoft.com
Re: Software or PHP/PERL scripts for simple network management?
William Allen Simpson wrote: Drew Weaver wrote: Does anyone have a recommendation of any software products either commercial or freeware which will import the ip routing table from one of my routers/switches and display it in a sorted manner? We just need an easier distributed method than logging into our Black Diamond and typing sh iproute sorted every time we need to find an available subnet. Wow, LOL! The software product is called a text editor. Look at your list of assignments in your NS .arpa. file: 1) Find a subnet that hasn't been assigned. 2) Update the text file. 3) Wait for it to propagate. 4) Tell the customer. The concomitant procedure for static host assignment is: 1) Find a number that hasn't been assigned. 2) Update the text file. 3) Wait for it to propagate. 4) Then, and only then, update the forward NS file(s). 5) Tell the customer. Of course, there is software that will automatically maintain the files, and even send a signal to bind, but I've alway found them to be weak at subnet management. Text editor is the way to go -- using subversion for distributed file management (that is, knowing who to blame for mangling the assignment commit). However Drew suffers because some idiots in his org fail to update the files correctly. I used to have the same problem when I took over ops at a small ISP. They were using the routing table to store assigned subnets trick. It was OK until a link died so a subnet dropped out of the routing table. They thought Oh look spare space and assigned it to somebody else. There are also a load of decent (not good) free IP address management systems available, some with built in DNS updaters. I do not use these because they all drove me mad. Now I just have somebody else do it for me. It's worth it ;-) -- Leigh
Re: Software or PHP/PERL scripts for simple network management?
[EMAIL PROTECTED] wrote: On Tue, 19 Jun 2007, William Allen Simpson wrote: Drew Weaver wrote: Does anyone have a recommendation of any software products either commercial or freeware which will import the ip routing table from one of my routers/switches and display it in a sorted manner? We just need an easier distributed method than logging into our Black Diamond and typing sh iproute sorted every time we need to find an available subnet. Wow, LOL! The software product is called a text editor. Look at your list of assignments in your NS .arpa. file: 1) Find a subnet that hasn't been assigned. 2) Update the text file. 3) Wait for it to propagate. 4) Tell the customer. The concomitant procedure for static host assignment is: 1) Find a number that hasn't been assigned. 2) Update the text file. 3) Wait for it to propagate. 4) Then, and only then, update the forward NS file(s). 5) Tell the customer. Of course, there is software that will automatically maintain the files, and even send a signal to bind, but I've alway found them to be weak at subnet management. Text editor is the way to go -- using subversion for distributed file management (that is, knowing who to blame for mangling the assignment commit). In words of Vijay, It does not scale. In words of Randy, I encourage my competitors to do this. Neither 'show ip route' or 'have a text file' scale beyond a hundred customers. Proper IP management is complicated. You want to have following things: a) easy IP allocation b) IP association with customer and specific service for following purposes: * future IP justification with RIR's * abuse trackback c) easy IP deallocation when customer leaves d) minimizing additional fragmentation of blocks - for example, if you need a /29 and you have a /29 and a /28 available - you want to take /29 before fragmenting /28. e) support for 'special-purpose blocks' - ie, /30 for pt-pt and /32 for loopbacks are to be assigned from blocks that are not used for any other purpose. f) (similar to above) regional/local allocations: give me a /32 out of dallas loopback blocks g) two-way sync (or at least diff) of your databases to operational data (the configs in routers) - so you can see what it *should* be vs what it actually is. Ideally, generate commands to update configs to the database. I think everyone ends up writing their own systems to manage IP space as part of general network management. Unfortunately, they end up being very specific to the network in question (for example, my stuff is very geared toward terminating a large number of vlans on a l3 switches, etc)... -- Alex Pilosov| DSL, Colocation, Hosting Services President | [EMAIL PROTECTED]877-PILOSOFT x601 Pilosoft, Inc. | http://www.pilosoft.com Do Pilosoft supply such a product? All the ones I tried so far suck soo much that I could never use them. Right now we manage address space with mysql and perl scripts... -- Leigh
Re: Software or PHP/PERL scripts for simple network management?
On Wed, 20 Jun 2007, Leigh Porter wrote: Do Pilosoft supply such a product? All the ones I tried so far suck soo much that I could never use them. Right now we manage address space with mysql and perl scripts... It is very much an internal system, designed to meet our needs, as such it is tightly integrated with the rest of the systems - billing, customer management, network mapping, etc. I've been giving some thought to cleaning it up and releasing it under some sort of a public license in hope it'll be useful to someone, but unfortunately hasn't found time yet :( I think realistically, even if you have full source, it'll be good for the ideas how to do things, it will be *very hard* to separate the IP management out of everything else. (IP management is maybe few hundred lines of perl pl/pgsql code total) hth -alex
Re: Software or PHP/PERL scripts for simple network management?
[EMAIL PROTECTED] wrote: Neither 'show ip route' or 'have a text file' scale beyond a hundred customers. Hogwash. Used text file allocation for ~3,000 customers. After all, it is *REQUIRED* to exist (for bind). You need *a* canonical place that is authoritative for all others. Existing tools easily track commits. DNS should always reflect reality. Then automated tools will show human readable information. Someday, it may even be authenticated (but I've been beating that horse for a decade). I'm sick and tired of bad NS data. Yes, we used a separate database for billing, and maybe could have automatically generated the text file. Didn't want the customer service/billing folks to have access to network configuration ;-) Any time you have more than a single location for maintaining network configuration data, or allow technicians to just slap a route into a router on a whim, you are bound for future difficulties! And when the routing table doesn't match, withdraw the route, and fire the miscreant that failed to properly maintain the allocation data!
Re: Software or PHP/PERL scripts for simple network management?
On Tue, 19 Jun 2007, William Allen Simpson wrote: [EMAIL PROTECTED] wrote: Neither 'show ip route' or 'have a text file' scale beyond a hundred customers. Hogwash. Used text file allocation for ~3,000 customers. After all, it is *REQUIRED* to exist (for bind). You need *a* canonical place that is authoritative for all others. Existing tools easily track commits. DNS should always reflect reality. Then automated tools will show human readable information. Someday, it may even be authenticated (but I've been beating that horse for a decade). I'm sick and tired of bad NS data. I agree, DNS should *reflect* reality, but I think it is very much misguided to say that DNS should be the place to have canonical information (i.e. source of all data). Canonical data is in routing/forwarding tables on routers/switches. That's the operational reality. The amount of data that you need to track IP allocations just doesn't fit well into DNS - there's no place to store customer id/service id, the length of allocation (is this IP part of a /28? /29?), etc. So you'll have to have canonical data somewhere else anyway. Yes, we used a separate database for billing, and maybe could have automatically generated the text file. Didn't want the customer service/billing folks to have access to network configuration ;-) Any time you have more than a single location for maintaining network configuration data, or allow technicians to just slap a route into a router on a whim, you are bound for future difficulties! And when the routing table doesn't match, withdraw the route, and fire the miscreant that failed to properly maintain the allocation data! Unfortunately, I'll have to say again that this doesn't scale. :) -alex
Re: Software or PHP/PERL scripts for simple network management?
--On June 20, 2007 1:02:05 AM +0100 Leigh Porter [EMAIL PROTECTED] wrote: Do Pilosoft supply such a product? All the ones I tried so far suck soo much that I could never use them. Right now we manage address space with mysql and perl scripts... Carnegie Mellon's NetReg http://www.net.cmu.edu/netreg (*) is an open source system that provides a pretty complete IP Address Management toolset, including management of DNS DHCP configurations for ISC bind/dhcpd. We manage DNS DHCP for 50K machines, and NetReg does it all. It is available under an OSS license and is in use at several other locations. NetReg provides a self service web interface with flexible permissions, privilege delegation, IP address space management, DNS record validation, and more. As the current primary developer of the system I'm a bit biased, but I think its a great system. It has a steep learning curve, and the documentation leaves something to be desired (like a tech writer...), but once you hit a certain scale the benefits outway the cost. On our site you'll find several screen shots and a working demo with some base data you can experiment with, but obviously the full power of the system isn't utilized until you have lots of data and can see the resulting zones config files. There is an active mailing list, feel free to join it and ask questions. *: Not to be confused with Southwestern University's NetReg, which is a completely different system developed in parallel around the same time. -David Nolan Network Software Designer Computing Services Carnegie Mellon University
Software or PHP/PERL scripts for simple network management?
Does anyone have a recommendation of any software products either commercial or freeware which will import the ip routing table from one of my routers/switches and display it in a sorted manner? We just need an easier distributed method than logging into our Black Diamond and typing sh iproute sorted every time we need to find an available subnet. Thanks in advance for any advice you can offer. Andrew No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.472 / Virus Database: 269.9.0/852 - Release Date: 6/17/2007 8:23 AM
Re: Software or PHP/PERL scripts for simple network management?
--- [EMAIL PROTECTED] wrote: Does anyone have a recommendation of any software products either commercial or freeware which will import the ip routing table from one of my routers/switches and display it in a sorted manner? We just need an easier distributed method than logging into our Black Diamond and typing sh iproute sorted every time we need to find an available subnet. -- How about something like this on a *nix box? The OID here is for Juniper... snmpwalk -Os -c public -v 1 111.111.111.111 1.3.6.1.4.1.2636.3.12.1.1 | cut -d . -f 8-12 | cut -d -f1 | sort | uniq scott
Re: Software or PHP/PERL scripts for simple network management?
On 2007-06-18-11:45:37, Drew Weaver [EMAIL PROTECTED] wrote: Does anyone have a recommendation of any software products either commercial or freeware which will import the ip routing table from one of my routers/switches and display it in a sorted manner? [...] I'd configure a 'nix host running openbgpd[1] as a BGP peer. This approach works great for periodic dumps and offline analysis of your routing table. I'll refrain from commenting on the wisdom in walking your RIB as a _means_ of address assignment (and not merely a safeguard), so as to avoid steering this discussion off-topic. :-) -a [1] http://www.openbgpd.org/
Re: Software or PHP/PERL scripts for simple network management?
Just out of interest, why are you looking at routing tables to find an available subnet? -- Leigh Porter Scott Weeks wrote: --- [EMAIL PROTECTED] wrote: Does anyone have a recommendation of any software products either commercial or freeware which will import the ip routing table from one of my routers/switches and display it in a sorted manner? We just need an easier distributed method than logging into our Black Diamond and typing sh iproute sorted every time we need to find an available subnet. -- How about something like this on a *nix box? The OID here is for Juniper... snmpwalk -Os -c public -v 1 111.111.111.111 1.3.6.1.4.1.2636.3.12.1.1 | cut -d . -f 8-12 | cut -d -f1 | sort | uniq scott
