North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: [eng/rtg] changing loopbacks
- From: Jake Khuon
- Date: Thu Sep 29 17:35:50 2005
### On Thu, 29 Sep 2005 13:25:48 -0700, Bruce Pinsky <firstname.lastname@example.org>
### casually decided to expound upon Randy Bush <email@example.com> the
### following thoughts about "Re: [eng/rtg] changing loopbacks":
BP> > what [else] am i missing?
BP> In addition to what others have said, I'd ask:
BP> - - Any ACL's anywhere that filter based on the old loopbacks?
BP> - - Any VTY access controls on the router based on the old loopbacks?
BP> - - Any external systems like authentication servers, management systems,
BP> etc, etc that need the old loopbacks and can't dynamically adapt?
BP> - - Any internal routing policies that reference the old loopbacks?
BP> - - Any DNS entries that need to be migrated (CNAME->A references)?
Also want to keep in mind things like tunnel endpoints (IPv6, VOIP,
multicast, VPN, etc). Barring any sort of advanced config management
package, grep and diff become your friends (some would say despite). As a
first pass, I'd snarf down all configs and do a grep for the loopbacks to
indtify which ones need attention. Then make your changes in each config
and do diffs to verify. Then I'd stage out deployment with stub and leaf
nodes going last to minimise churn in OSPF. If you've got iBGP going and
are using route-reflectors then do the top-most hierarchy first before the
/*===================[ Jake Khuon <khuon@NEEBU.Net> ]======================+
| Packet Plumber, Network Engineers /| / [~ [~ |) | | --------------- |
| for Effective Bandwidth Utilisation / |/ [_ [_ |) |_| N E T W O R K S |