Discussion:
[rancid] Rate-limiting connections through one host?
Howard Jones
2018-02-26 11:30:36 UTC
Permalink
I have a slightly unusual RANCID problem - we have some multi-context
Cisco ASAs, where for convenience, each context is backed up as a
separate 'host'. To do that:

1) hostnames are firewallname[contextname]
2) removed some 'force lower case stuff' because our context names are
capitalised
3) Pass the [contextname] bit as a separate parameter to the polling process
4) *rancid script that knows to switch to the correct context
5) some small patches to allow the filename to be different from the hostname

All of that is not standard, but the problem I see now is that rancid
blitzes the firewall with dozens of concurrent connections, as these
"different" devices are all polled together. It occurred to me that
anyone with a terminal server, or some other proxy would see similar
issues though, so maybe there's already a solution for it.

My current plan is to randomize the order of the hosts during
control_rancid passes, so at least it's not deterministic which ones
will fail 3 times, and I get a fairly recent backup of everything.

Has anyone else run across similar issues and found a more elegant solution?

Thanks,

Howard
heasley
2018-02-26 18:21:24 UTC
Permalink
Post by Howard Jones
I have a slightly unusual RANCID problem - we have some multi-context
Cisco ASAs, where for convenience, each context is backed up as a
1) hostnames are firewallname[contextname]
2) removed some 'force lower case stuff' because our context names are
capitalised
3) Pass the [contextname] bit as a separate parameter to the polling process
4) *rancid script that knows to switch to the correct context
5) some small patches to allow the filename to be different from the hostname
All of that is not standard, but the problem I see now is that rancid
blitzes the firewall with dozens of concurrent connections, as these
"different" devices are all polled together. It occurred to me that
anyone with a terminal server, or some other proxy would see similar
issues though, so maybe there's already a solution for it.
My current plan is to randomize the order of the hosts during
control_rancid passes, so at least it's not deterministic which ones
will fail 3 times, and I get a fairly recent backup of everything.
Has anyone else run across similar issues and found a more elegant solution?
reduce the number of concurrent connections in <group>/rancid.conf.
Howard Jones
2018-02-26 20:55:05 UTC
Permalink
Post by heasley
reduce the number of concurrent connections in <group>/rancid.conf.
Thanks! I didn't know <group>/rancid.conf was a thing!
heasley
2018-02-26 22:08:15 UTC
Permalink
Post by Howard Jones
Post by heasley
reduce the number of concurrent connections in <group>/rancid.conf.
Thanks! I didn't know <group>/rancid.conf was a thing!
it is in 3.something. see the change log.

Loading...