Discussion:
[rancid] ignoring toggling/changing output lines
Roman Hochuli
2012-08-07 09:27:56 UTC
Permalink
Dear All

As much as I love RANCID I am fighting with two anoyances which I, at
the moment, have no ideas how to fix them.


The first one I do not seem to be the only one beeing hit by: changing
type 7 passwords within l2tp-class-sections on Cisco routers. As from
what the archives say this is probably even expected behaviour according
to TAC. Changesets look something like this:
--snip
l2tp-class NAME
hidden
authentication
- password 7 abcabcabcabcabcabc
+ password 7 xyzxyzxyzxyzxyzxyz
!
--snap

To be honest: I would be glad with a solution that simply ingores the
password, but only the l2tp-class one. I would like to keep the other
passwords in the config. Any ideas?


The second issue involves Brocades (former Foundry Networks) Metro Ring
Protocol. You have to specify two interfaces which are defining the east
and west side of the ring as from this boxes perspective. Sure, they
might change if a break in the ring happens. But I am seeing toggling
between these interfaces way more than we have ring-breaks...

A typical output of such a changeset would look like this:
--snip
metro-ring ID
- ring-interfaces ethernet 1 ethernet 7
+ ring-interfaces ethernet 7 ethernet 1
--snap

Any ideas how to filter this toggling, but still keep the informations
about the ring-interfaces in the output?
--
Best regards,
Roman Hochuli
Operations Manager

nexellent ag
Saegereistrasse 33
CH-8152 Glattbrugg

Phone: +41 44 872 20 00
Fax: +41 44 872 20 01
URL: www.nexellent.ch
X-NCC-RegID: ch.nexellent

Imagination is the one weapon in the war
against reality.
-- Jules de Gaultier
heasley
2012-08-07 16:57:18 UTC
Permalink
Post by Roman Hochuli
Dear All
As much as I love RANCID I am fighting with two anoyances which I, at
the moment, have no ideas how to fix them.
The first one I do not seem to be the only one beeing hit by: changing
type 7 passwords within l2tp-class-sections on Cisco routers. As from
what the archives say this is probably even expected behaviour according
--snip
l2tp-class NAME
hidden
authentication
- password 7 abcabcabcabcabcabc
+ password 7 xyzxyzxyzxyzxyzxyz
!
--snap
To be honest: I would be glad with a solution that simply ingores the
password, but only the l2tp-class one. I would like to keep the other
passwords in the config. Any ideas?
that must be an ios bug. you should contact TAC and insist that they open
a ticket.

the only way to filter it would be to filter all passwords, or write a
filter that kept state to know when it enters/leaves a l2t-class def.
Post by Roman Hochuli
The second issue involves Brocades (former Foundry Networks) Metro Ring
Protocol. You have to specify two interfaces which are defining the east
and west side of the ring as from this boxes perspective. Sure, they
might change if a break in the ring happens. But I am seeing toggling
between these interfaces way more than we have ring-breaks...
--snip
metro-ring ID
- ring-interfaces ethernet 1 ethernet 7
+ ring-interfaces ethernet 7 ethernet 1
--snap
Any ideas how to filter this toggling, but still keep the informations
about the ring-interfaces in the output?
same answer; the state should never be reflected in the configuration. of
course, i do not know if foundry has ever fixed a UI bug, so they're
unlikely to fix it. so, you will need a filter or some sorting; if ring
interfaces can be configured one per-line, like
ring-interfaces ethernet 7
ring-interfaces ethernet 1
then i would split those lines like this and use ProcessHistory to sort on
the interface.
Post by Roman Hochuli
--
Best regards,
Roman Hochuli
Operations Manager
nexellent ag
Saegereistrasse 33
CH-8152 Glattbrugg
Phone: +41 44 872 20 00
Fax: +41 44 872 20 01
URL: www.nexellent.ch
X-NCC-RegID: ch.nexellent
Imagination is the one weapon in the war
against reality.
-- Jules de Gaultier
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
heasley
2012-08-07 23:18:18 UTC
Permalink
Post by heasley
Post by Roman Hochuli
Dear All
As much as I love RANCID I am fighting with two anoyances which I, at
the moment, have no ideas how to fix them.
The first one I do not seem to be the only one beeing hit by: changing
type 7 passwords within l2tp-class-sections on Cisco routers. As from
what the archives say this is probably even expected behaviour according
--snip
l2tp-class NAME
hidden
authentication
- password 7 abcabcabcabcabcabc
+ password 7 xyzxyzxyzxyzxyzxyz
!
--snap
To be honest: I would be glad with a solution that simply ingores the
password, but only the l2tp-class one. I would like to keep the other
passwords in the config. Any ideas?
that must be an ios bug. you should contact TAC and insist that they open
a ticket.
the only way to filter it would be to filter all passwords, or write a
filter that kept state to know when it enters/leaves a l2t-class def.
I came across these; tell us if it works:
http://www.shrubbery.net/pipermail/rancid-discuss/2010-July/005023.html
Post by heasley
Hi John,
3925: c3900-universalk9-mz.SPA.150-1 and c3900-universalk9-mz.SPA.150-1.M2
2811: c2800nm-advipservicesk9-mz.124-24.T
7206: c7200-advipservicesk9-mz.122-33.SRD1
7606: c7600rsp72043-advipservicesk9-mz.122-33.SRD4
As you can see the problem is not specific to a certain hardware or software
version, I suppuse I can assume all versions have this problem....
Hack for rancid 2.3.4
Post by heasley
Post by Roman Hochuli
Index: rancid.in
===================================================================
--- rancid.in (revision 2211)
+++ rancid.in (working copy)
@@ -1523,6 +1523,7 @@
sub WriteTerm {
print STDERR " In WriteTerm: $_" if ($debug);
my($lineauto,$comment,$linecnt) = (0,0,0);
+ my($subconfig) = "";
while (<INPUT>) {
tr/\015//d;
@@ -1539,6 +1540,9 @@
my($len) = length($1);
s/^$1\s{$len}//;
}
+ if (/^\S/) {
+ $subconfig = "";
+ }
/^! no configuration change since last restart/i && next;
# skip emtpy lines at the beginning
if (!$linecnt && /^\s*$/) {
@@ -1579,6 +1583,21 @@
}
$comment = 0;
+ # l2tp-class
+ if (/^l2tp-class /) { $subconfig = "l2tp-class"; }
+ if ($subconfig == "l2tp-class" && /password ((\d) \S+|\S+)/) {
+ if ($filter_pwds >= 2) {
+ ProcessHistory("L2TP","keysort","$subconfig",
+ "! password <removed>\n");
+ } elsif ($filter_pwds >= 1 && $4 ne "5"){
+ ProcessHistory("L2TP","keysort","$subconfig",
+ "! password <removed>\n");
+ } else {
+ ProcessHistory("L2TP","keysort","$subconfig","$_");
+ }
+ next;
+ }
+
# Dog gone Cool matches to process the rest of the config
The second issue involves Brocades (former Foundry Networks) Metro Ring
Protocol. You have to specify two interfaces which are defining the east
and west side of the ring as from this boxes perspective. Sure, they
might change if a break in the ring happens. But I am seeing toggling
between these interfaces way more than we have ring-breaks...
--snip
metro-ring ID
- ring-interfaces ethernet 1 ethernet 7
+ ring-interfaces ethernet 7 ethernet 1
--snap
Any ideas how to filter this toggling, but still keep the informations
about the ring-interfaces in the output?
same answer; the state should never be reflected in the configuration. of
course, i do not know if foundry has ever fixed a UI bug, so they're
unlikely to fix it. so, you will need a filter or some sorting; if ring
interfaces can be configured one per-line, like
ring-interfaces ethernet 7
ring-interfaces ethernet 1
then i would split those lines like this and use ProcessHistory to sort on
the interface.
Post by Roman Hochuli
--
Best regards,
Roman Hochuli
Operations Manager
nexellent ag
Saegereistrasse 33
CH-8152 Glattbrugg
Phone: +41 44 872 20 00
Fax: +41 44 872 20 01
URL: www.nexellent.ch
X-NCC-RegID: ch.nexellent
Imagination is the one weapon in the war
against reality.
-- Jules de Gaultier
_______________________________________________
Rancid-discuss mailing list
http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss
Roman Hochuli
2012-08-09 11:09:50 UTC
Permalink
Hi
Post by heasley
the only way to filter it would be to filter all passwords, or write a
filter that kept state to know when it enters/leaves a l2t-class def.
I was already afraid you would say so...
Will give the patch/hack you sent a try and see how it works.
Post by heasley
so, you will need a filter or some sorting; if ring
interfaces can be configured one per-line, like
then i would split those lines like this and use ProcessHistory to sort on
the interface.
Unfortuneatly no. :-/

Will have a chat with their support to have them fix this behaviour
someway in future releases.

Thank you for your help.
--
Best regards,
Roman Hochuli
Operations Manager

nexellent ag
Saegereistrasse 33
CH-8152 Glattbrugg

Phone: +41 44 872 20 00
Fax: +41 44 872 20 01
URL: www.nexellent.ch
X-NCC-RegID: ch.nexellent

Imagination is the one weapon in the war
against reality.
-- Jules de Gaultier
Loading...