[rancid] Extreme switch policy backup.

Paul Thornton paul at prt.org
Fri Jul 12 19:30:28 UTC 2019


Hi

We had a patch to 2.3's xrancid which we were running at some stage in 
the past N years that did this already - but can't I find it, and we 
aren't running it on our current rancid system either.  Thanks to Chris' 
E-mail at least I've been reminded of that.

It wasn't a hard thing to add.

On 12/07/2019 20:15, john heasley wrote:
> Tue, Jul 09, 2019 at 09:55:56PM +0000, Chris Davis:
>> We've just gotten a few Extreme switches (model X440-G2) and I've gotten them set up in Rancid.  But while I get the configs, I have a few policies as well.  They're kept as .pol files on the switch.  Is there a way to include the policy files in the backup that Rancid takes?  It would be particularly helpful.  I've done some searching, and seen folks ask about it.  But no real answers.  Lots of modifications to commands from 4 years ago but nothing current.  There's a command that will print it all out, just not sure how to add it into the mix.  Don't like to modify something like Rancid if there's already a way within the system to make it happen.
>
> what is the command to display the policy?  can you provide an example of
> the command and output, from prompt to the next prompt?  is the output
> format and order stable?
>
> i see an incomplete example here;
> http://www.shrubbery.net/pipermail/rancid-discuss/2014-May/007659.html

The format isn't great.  The switch basically outputs
Policies at Policy Server:
Policy: <name of policy>
<the policy file itself>
Number of clients bound to policy: <n>
Client: <info on what is using policy>

My hunch would be not to try and parse this lot at all, but just execute 
the 'show policy detail' and wait for the prompt to come back.  I'm 
pretty sure that's all we did; I remember it just diffed everything and 
you saw quickly if a policy was added/removed just as easily.
It is theoretically possible for someone to have a prompt matching 
string in the policy file as a comment, but lets ignore that madness for 
now.

This example shows three policies as an example:

* ag1.hbr.2 # dis clip
* ag1.hbr.3 # show policy detail
Policies at Policy Server:
Policy: as65001-in-v4
entry term10 {
if match all {
     nlri 185.0.0.0/23 exact ;
     nlri 185.0.2.0/24 exact ;
     nlri 185.0.3.0/24 exact ;
}
then {
     local-preference 500 ;
     community add "65301:200" ;
     permit  ;
}
}
entry term999 {
if match all {
}
then {
     deny  ;
}
}
Number of clients bound to policy: 1
Client: bgp bound once

Policy: as65001-in-v6
entry term10 {
if match all {
     nlri 2001:db8:0::/45 ;
}
then {
     local-preference 500 ;
     community add "65301:200" ;
     permit  ;
}
}
entry term999 {
if match all {
}
then {
     deny  ;
}
}
Number of clients bound to policy: 1
Client: bgp bound once

Policy: as65001-out-v4
entry term10 {
if match all {
     nlri 0.0.0.0/0 exact ;
}
then {
     permit  ;
}
}
entry term999 {
if match all {
}
then {
     deny  ;
}
}
Number of clients bound to policy: 1
Client: bgp bound once

* ag1.hbr.3 #



More information about the Rancid-discuss mailing list