[rancid] archive cisco command and rancid
Alligator
alligator94 at laposte.net
Mon Mar 23 19:04:22 UTC 2015
Thanks a lot for all these parameters to tune. I am thinking at <group>/rancid.conf that I didn't know.
I also have just had a look at the FAQ and "sec" seems to be quite simple to use and efficient.
Very helpful.
Thanks
Gilles
-----Original Message-----
From: 'Heasley' [mailto:heas at shrubbery.net]
Sent: lundi 23 mars 2015 19:27
To: alligator94
Cc: 'Heasley'; rancid-discuss at shrubbery.net
Subject: Re: [rancid] archive cisco command and rancid
Mon, Mar 23, 2015 at 06:35:18PM +0100, alligator94:
> We use rancid to backup daily around 3700 cisco devices (routers and switches + some WAP and FW) all around the world and let’s say that 10 percent randomly may not be reachable because they are switched off at night or due to any other connectivity issue. As we have the standard rancid configuration, I think that there are 3 retries, so it may take time.
>
> I have no access right now to the rancid config, but several clogin run in //.
>
> We have a lot of different models of cisco devices, connected through a stable and not overloaded mpls network or using ipsec tunnels. Some use satellite connectivity in the far east countries.
A few things I can suggest to improve the collection time:
- since you have a lot of devices (probably) with long RTTs
- increase rancid.conf:PAR_COUNT. Perhaps double the number of CPUs.
most processes will be waiting on the network. if the host *only*
does rancid, increase it furture - perhaps 4 times. you will have
to play with the value a bit to find your acceptable load vs time
comfort.
- if you can separate topologically distanct devices from near by
group, you could use <group>/rancid.conf to tailor PAR_COUNT for the
workload w/ 3.2.
- if devices may be turned-off or may suffer outages often, these two could be
separated into a separate group and use <group>/rancid.conf to lower the
MAX_ROUNDS variable.
- you could also try lowering the timeout in cloginrc for devices that are
often inaccessible.
- you may also consider switching to svn, which is faster than cvs. or git,
but please create a test instance for yourself before moving to git as the
support is new.
- rancid.conf:NOPIPE=YES will improve performance of the perl part of a
collection a little.
- also, see the FAQ for triggering rancid runs from syslog configuration
change messages. Use that for daily activity and run once a week to CYA.
> Rancid runs on a separate linux system, so it is not disturbing while rancid run is below 24hours . But I was wondering if, as we don’t change the devices configuration very often, once a week would be enough if we use the “archive “ cisco command to store the updated config. Today we run rancid on a daily basis not to miss any change in the devices configurations.
> As, most part of the time, the configurations have not changed, I would like to use the cisco archive command to ftp the configuration when it is saved in the cisco device. So we could run rancid only once a week .
>
> Is there a way to process the files sent by ftp as input to rancid to have the formatting and the differences processed and stored as with native rancid?
I've not tried transfering the archives from devices. there is no support currently for reading the ftp file, but it is of course entirely possible to add such a mechanism. but, it would still need to connect to the device to collect other info, or at least show version.
More information about the Rancid-discuss
mailing list