We have fairly complicated 'standard' setups; vlans, eoip tunnels, IPs and routing settings, access, SNMP, NTP and so on. We template the standard setup; when a new router is going in, all of the various services are provisioned in a database, the template is filled in automagically with that data and spits out a copy-paste config script. Part of the template is a nightly export compact and TFTP access rules to our backup server, which hits up all the routers listed in Icinga and backs them up nightly. Generally, if a router needs replacing, we go back to the template rather than the backups, but there's always that one extra tunnel, that one special setting to accommodate that one guy, and so on. With the compact script, even if you can't just copy/paste, it's at least plainly visible what commands need to be run.
Sure, I could do it from memory or from scratch, and that's fine for run of the mill stuff, but 'our procedures are usually good enough' is an inferior response to 'customers are down.' That all said, this is another one of those problems that has been solved for years, but people are doomed to repeat, badly. Cisco has this nailed; you don't have configurations, you have configuration scripts that are run at start up, working config is different than the saved config, you can have multiple configs, and blah blah blah. And yes, absolutely agree with Scott. Bus syndrome, continuity of business, and so on. > -----Original Message----- > From: [email protected] [mailto:mikrotik- > [email protected]] On Behalf Of Scott Reed > Sent: May-02-12 8:49 AM > To: Mikrotik discussions > Subject: Re: [Mikrotik] Strange FTP problem > > I normally agree with Butch, but I can't on this one. > Maybe for a small organization, this works, but even there I think there are > significant risks with this approach. > Suppose, since it is tornado season, that you are the one that normally sets up > new routers for your organization. A tornado rips through your territory. > Unfortunately, you are at home when the tornado destroys your house and > sends you to the hospital. The good folks of WISPA show up the next day to get > the 2 destroyed towers back in operation so your network can support the > clean-up efforts. How will they know how things are to be setup? > Second scenario is similar, but for a larger organization. The "one" in the know > is out of contact for a couple of days, whether work or pleasure. A site goes > down and someone that normally doesn't do the setups is called on to get the > site up. > In both cases I see three things are are a requirement: > 1) Disaster Recovery Plan - what needs to be done to get back in operation. > Should be written so a 3rd party can do it. > 2) As-built documentation - how is every piece of equipment to be configured. > 3) Backups for all (critical) equipment - so that it is easy to implement the > recovery plan. > These are the very things I am working now that we have added a part-time > person so I have more time to get it done. I see these 3 things becoming more > and more critical as we grow. > > On 5/2/2012 2:29 AM, Butch Evans wrote: > > On Wed, 2012-05-02 at 00:48 -0400, Josh Luthman wrote: > >> You take it out of the box, configure it from memory and put into place? > > All I typically need is the IP addresses, ssids and firewall, so yes. > > Then again, it depends on what the device is DOING on the network. > > Core routers are easy. PPPoE servers are easy. Even APs are pretty > > quick, IF I know the ssid. These things can be magical and are > > capable of SO many things, but MOST networks use only a small portion > > of that capability on each given router. > > > > -- > Scott Reed > Owner > NewWays Networking, LLC > Wireless Networking > Network Design, Installation and Administration > > > > Mikrotik Advanced Certified > > www.nwwnet.net > (765) 855-1060 > (765) 439-4253 > (855) 231-6239 > > > _______________________________________________ > Mikrotik mailing list > [email protected] > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS _______________________________________________ Mikrotik mailing list [email protected] http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
