[rancid] xrrancid destroys ipv[46] ACLs

heasley heas at shrubbery.net
Tue Jan 10 19:40:25 UTC 2012


Tue, Jan 10, 2012 at 07:52:14PM +0100, Erik Wenzel:
> 
> Am 10.01.2012 um 18.36 schrieb heasley:
> 
> > Tue, Jan 10, 2012 at 05:41:26PM +0100, Erik Wenzel:
> >> regardless of setting ACLSORT in rancid.conf xrrancid is sorting an ACL like:
> >> ---snip---
> >> #sh ipv4 access-lists eriktest-v4
> >> ipv4 access-list eriktest-v4
> >> 1 remark erik
> >> 10 remark tests
> >> 100 remark acls
> >> 1000 deny ipv4 any any
> >> #sh ipv6 access-lists eriktest
> >> ipv6 access-list eriktest
> >> 1 remark erik
> >> 10 remark tests
> >> 100 remark acls
> >> 1000 deny ipv6 any any
> >> ---snip---
> >> to:
> >> ---snip---
> >> [?]
> >> deny ipv6 any any
> >> ipv6 access-list eriktest
> >> 1 remark erik
> >> 10 remark tests
> >> 100 remark acls
> >> [?]
> >> !
> >> deny ipv4 any any
> >> ipv4 access-list eriktest-v4
> >> 1 remark erik
> >> 10 remark tests
> >> 100 remark acls
> >> !
> >> [?]
> >> ---snip---
> >> ? in rancid backup. This is completely useless. This can't be used in case of 
> >> recovery. I urge everyone who uses xrrancid and sequence numbers to verify their
> >> ACLs in CVS. My workaround is to comment out line 1022-1037. Can someone who is
> >> using IOS-XR in this setup confirm this behavior?
> > 
> > i'm not sure if i understand what the behavior is that you are trying to
> > describe.  could you explain in more detail?
> I want a working configuration backup. As you can see in the second snippet above the ACL is crippled. I extracted it from the checked out file from CVS. Why does xrrancid mess around with ACLs? I set ACLSORT to NO and still some code(line 1022-1037 in xrrancid) removes sequence numbers lines containing allow or deny from configuration. Is there a use case I do not see?

removing the sequence numbers is intentional - they're useless and cause diffs
that obscure what actually changed.  removing sequence numbers does not render
the config for restoration.

ACLSORT does not affect the removal of the sequence numbers, which you already
know.

but, i now understand the behavior and i'll fix it.

> > 
> >> 
> >> xrrancid version string: $Id: xrrancid.in 2264 2010-11-04 23:35:17Z heas $
> >> 
> >> -- 
> >> Erik Wenzel
> >> erik at code.de
> >> 
> >> 
> >> 
> >> 
> >> _______________________________________________
> >> Rancid-discuss mailing list
> >> Rancid-discuss at shrubbery.net
> >> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss


More information about the Rancid-discuss mailing list