These options are mostly dependent on the manufacturer, since the hardware is often proprietary and custom-made for networking. But administrators managing open-source software routers running on commodity PC and server equipment have an entirely different assortment of hardware at their disposal, such as CDs, floppies, hard drives and USB drives. In this tip, we look at some ways to duplicate the operational aspects of managing images and configurations we're accustomed to on the open-source platform. (If you're not familiar with open source routers, please visit xorp.org or vyatta.com to learn more.)
Either way, you'll want to think about two things. The first is what you'll use to boot the device. The nice thing about all the common open source routing programs is that they can boot from a variety of media. You can boot from floppy, CD, the hard drive, or the network. If you get to pick, you should consider using a CD and not installing a hard drive because CDs aren't prone to failure, and they're far easier to replace if they do go bad. More importantly, it makes image upgrades incredibly simple and you'll have the confidence that you can easily restore the system, including the OS and router software, by reinserting the old disk in the event that your new "upgrade" fails for some reason. Solid back-out plans are worth way more than their weight in gold.
Another operational advantage of booting into Linux and running your routing software from CDs is that, because there are no licensing constraints, you can make as many copies as you like. You can burn the router software to CDs and mail them to the remote sites, or if you have staff in your remote sites, you can make an .ISO and let them burn it locally, saving a bit of postage. In either case, you can be sure everyone's using the same version with the same security patches, etc.
The second thing you have to decide is where you want to keep the configuration file. A best practice these days is certainly to have a central repository and a configuration management process where the master copies of all your router configs are stored. However, the version your staff will run on the routers can be distributed in a number of ways:
- Burn it onto the same image CD. There are a number of disadvantages to this, such as changes to the config, which happen far more often than changes to Linux and the router software, causing you to burn a lot more CDs than you would otherwise. Also, these changes can't be saved on the fly. Another disadvantage is that you can't mass produce the CDs -- every CD will need to be different, since it will have unique IP addresses and routes.
- Via the network: Simply run a script when Linux boots (but before the router process loads) that downloads the config from your central repository. This method is great if it works for you, but it can be complex, particularly if some router config is required in order to get connectivity to your repository. (TFTP can overcome this, but it is also a security exposure.)
- Keep the config on a USB thumb drive. The media is super cheap these days and has plenty of room, and you can read, write and erase easily, unlike a CD. It will also hold the router logs (it's best to write them locally and then use a script to transfer them to a central server; otherwise a hacker or outage can disrupt the network, causing you to lose the data if you're writing directly to a remote syslog server). Also, the technology will probably survive several generations of PC hardware. That is, when you upgrade the CPU/interfaces, you can still keep the USB drive.
Tom Lancaster, CCIE# 8829 CNX# 1105, is a consultant with 15 years of experience in the networking industry. He is co-author of several books on networking, most recently, CCSPTM: Secure PIX and Secure VPN Study Guide published by Sybex.
This was first published in June 2006