RANCID – the Really Awesome New Cisco confIg Differ

Do you want to backup all your router configurations in one location? Keep them under revision control? Also include their hardware specs, modules etc? grep for serial numbers or configuration directives in all of them? Execute a series of command in some of them? Generate graphs of your network topology automagically? Run security audits on your configs? See what changed last night by other co-workers?

Meet RANCID, the Really Awesome New Cisco confIg Differ, by Shrubbery Networks!

RANCID monitors a router’s (or more generally a device’s) configuration, including software and hardware (cards, serial numbers, etc) and uses CVS or Subversion to maintain history of changes.

RANCID does this by the very simple process summarized here:

  • login to each device in the router table (router.db),
  • run various commands to get the information that will be saved,
  • cook the output; re-format, remove oscillating or incrementing data,
  • email any differences from the previous collection to a mail list,
  • and finally commit those changes to the revision control system

Rancid currently supports Cisco routers, Catalyst switches, Juniper routers, F5 devices, HP Procurve switches and a host of others.

Using a tool like ViewVC, WebSVN or chora to put your repository on the web is a must.

A possible alternative is ZipTie, nowadays known as NetworkAuthority Inventory by AlterPoint.


Munin – performance monitoring tool

My favorite performance monitoring tool: Munin by linpro.

Munin monitoring tool surveys all your computers and remembers what it saw. It presents all the information in graphs through a web interface. Its emphasis is on plug and play capabilities. After completing a installation a high number of monitoring plugins will be playing with no more effort.

Using Munin you can easily monitor the performance of your computers, networks, SANs, applications, weather measurements and whatever comes to mind. It makes it easy to determine «what’s different today» when a performance problem crops up. It makes it easy to see how you’re doing capacity-wise on any resources.

Munin uses the excellent RRDTool and the framework is written in Perl, while plugins may be written in any language. Munin has a master/node architecture in which the master connects to all the nodes at regular intervals and asks them for data. It then stores the data in RRD files, and (if needed) updates the graphs. One of the main goals has been ease of creating new plugins (graphs).

Previous articles in my blog about munin:

mtr: Matt’s traceroute

Another favorite tool.. mtr by Matt Kimball.

mtr combines the functionality of the ‘traceroute’ and ‘ping’ programs in a single network diagnostic tool.As mtr starts, it investigates the network connection between the host mtr runs on and a user-specified destination host. After it determines the address of each network hop between the machines, it sends a sequence ICMP ECHO requests to each one to determine the quality of the link to each machine. As it does this, it prints running statistics about each machine.

Dstat: Versatile resource statistics tool

Meet Dstat, the Versatile resource statistics tool by Dag Wieers.

Dstat is a versatile replacement for vmstat, iostat, netstat, nfsstat and ifstat. Dstat overcomes some of their limitations and adds some extra features, more counters and flexibility. Dstat is handy for monitoring systems during performance tuning tests, benchmarks or troubleshooting.

Dstat allows you to view all of your system resources instantly, you can eg. compare disk usage in combination with interrupts from your IDE controller, or compare the network bandwidth numbers directly with the disk throughput (in the same interval).

Dstat gives you detailed selective information in columns and clearly indicates in what magnitude and unit the output is displayed. Less confusion, less mistakes.Dstat is unique in letting you aggregate block device throughput for a certain diskset or networkset, ie. you can see the throughput for all the block devices that make up a single filesystem or storage system.

Dconf: System config collector

Recommended tool for any linux distro: Dconf by Dag Wieers.
Dconf is a tool to collect a system’s hardware and software configuration. It allows to take your system configuration with you or compare systems (like nodes in a cluster) to troubleshoot HW or SW problems.

Dconf is also useful in projects where you have to manage changes as a team. Dconf can send out changes to your systems to a list of email addresses so that they can be revised.

As a sysadmin, you won’t become too paranoid if less experienced people have root-access. As a consultant, you won’t feel isolated if you don’t have remote access to your systems. As a support engineer, you won’t become frustrated if a customer has fiddled around with some important config file and you have to find what.