Managing Routers with Similar Configurations

Problem

Some of the configuration sections for many of the routers in your network are identical, and you want to propagate the common information to all routers so your network operations center (NOC) staff never has to set it.

Solution

Define the common information in a configuration group:

	[edit]
	aviva@router1# edit groups global 
	[edit groups global ]
	aviva@router1# set system domain-name mynetwork.com 
	aviva@router1# set system backup-router 192.168.15.2 
	aviva@router1# set system name-server 192.168.15.3 
	aviva@router1# set system root-authentication encrypted-password $123 
poppI 
	aviva@router1# set system ntp server 192.168.2.100 
	aviva@router1# set system services ssh 
	aviva@router1# set snmp location "JUNOS cookbook lab" 
	aviva@router1# set snmp contact cookbook-lab-admin 
	aviva@router1# set snmp interface fxp0.0 
	aviva@router1# set snmp community public authorization read-only 

Then apply the group to the configuration:

	[edit]
	aviva@router1# set apply-groups global

 

Discussion

JUNOS configuration groups define common configuration snippets in one part of the router configuration, which you then import, or apply, in other parts of the configuration. This allows you to define common portions of the configuration once and have them apply in many places in the configuration, thus minimizing or eliminating the risk of configuration inconsistencies or errors. If you are a network designer who develops router configurations that are then distributed to a number of routers in a point of presence (POP) or NOC, configuration groups are a good tool for propagating common configuration snippets across a number of routers. Having this information in a separate part of the configuration also lessens the possibility that others might inadvertently modify it. Use configuration groups for network-wide information, such as the domain name, addresses of name and authentication servers, router login accounts, and static routes (as we have done in this recipe) and to make it easier to configure items that have multiple instances, such as all channels on channelized interfaces.

Create the configuration groups under the [edit groups] hierarchy. The structure of the statements in the configuration group mirrors that of the complete JUNOS configuration.

In this recipe, we create one configuration group named global that defines the basic router information discussed in Recipe 1.1, along with pointers to our SNMP NMS system. You can create any number of group configurations, each with a distinct name.

The apply-groups statement causes the statements in a group be inherited by the proper location in the configuration. This recipe applies the global group at the top level ([edit] level) of the configuration because the group includes statements that affect a number of different top-level hierarchies ([edit system], [edit snmp], and [edit routing-options]).

You can include the configuration group statements in the configuration file of each router or in a template file that you use when configuring new routers. An easy way to add the information to existing configurations is to copy the configuration snippet using the load merge terminal command (see Recipe 1.13).

When you issue a plain show command in configuration mode, you see the statements only where you actually typed them. This means that you see the configuration group statements in the [edit groups] portion, not in the hierarchies where they are applied. If you pipe the show output to the display inheritance command, you see the statements in the hierarchy that inherited them:

	[edit system]
	aviva@router1# show | display inheritance
	host-name router1;
	domain-name mynetwork.com;
	##
	## 'backup-router' was inherited from group 'global'
	## '192.168.71.254' was inherited from group 'global'
	##
	backup-router 192.168.15.2;
	##
	## 'root-authentication' was inherited from group 'global'
	##
	root-authentication {
	 ##
	 ## '$1$ZUlES4dp$OUwWo1g7cLoV/aMWpHUnC/' was inherited from group 'global'
	 ##
	 encrypted-password "$1$ZUlES4dp$OUwWo1g7cLoV/aMWpHUnC/"; ## SECRET-DATA
	}
	name-server {
	 ##
	 ## '192.168.15.3' was inherited from group 'global'
	 ##
	 192.168.15.3;
	}
	services {
	 ##
	 ## 'ssh' was inherited from group 'global'
	 ##
	 ssh;
	 ##
	}
	##
	## 'ntp' was inherited from group 'global'
	##
	ntp {
	 ##
	 ## '192.168.2.100' was inherited from group 'global'
	 ##
	 server 192.168.2.100;
	 ##
	}

Although this recipe shows how to apply a group at the top level of the configuration, you can apply a group anywhere in the configuration. For example, if all the serial interfaces on your router act as data terminal equipment (DCE), you can use groups to configure the common serial options:

	[edit groups serial-dte-options]
	aviva@RouterA# set interfaces  serial-options clocking-mode  
dce
	aviva@RouterA# set interfaces  serial-options clock-rate 125.0khz

Here, the group is called serial-dte-options. The angle brackets enclose the wildcard se-* to apply the statements to all serial interfaces. You can then apply the group in the interfaces portion of the configuration:

	[edit interfaces}
	aviva@routerA# set apply-groups serial-dte-options

Look at the group configuration to verify it:

	[edit groups]
	aviva@RouterA# show
	serial-dte-options {
	 interfaces {
	  {
	 serial-options {
	 clocking-mode dce;
	 clock-rate 125.0khz;
	 }
	 }
	 }
	}

In the interfaces section, set up the basic configuration of the serial interfaces and verify it:

	[edit interfaces]
	aviva@RouterA# show
	se-0/0/2 {
	 unit 0 {
	 family inet {
	 address 10.0.21.1/24;
	 }
	 }
	}
	se-0/0/3 {
	 unit 0 {
	 family inet {
	 address 10.0.16.1/24;
	 }
	 }
	}

Finally, check that the DCE configuration is inherited:

	[edit interfaces]
	aviva@RouterA#  
show | display inheritance
	se-0/0/2 {
	 ##
	 ## 'serial-options' was inherited from group 'serial-dte-options'
	 ##
	 serial-options {
	 ##
	 ## 'dce' was inherited from group 'serial-dte-options'
	 ##
	 clocking-mode dce;
	 ##
	 ## '125.0khz' was inherited from group 'serial-dte-options'
	 ##
	 clock-rate 125.0khz;
	 }
	 unit 0 {
	 family inet {
	 address 10.0.21.1/24;
	 }
	 }
	}
	se-0/0/3 {
	 ##
	 ## 'serial-options' was inherited from group 'serial-dte-options'
	 ##
	 serial-options {
	 ##
	 ## 'dce' was inherited from group 'serial-dte-options'
	 ##
	 clocking-mode dce;
	 ##
	 ## '125.0khz' was inherited from group 'serial-dte-options'
	 ##
	 clock-rate 125.0khz;
	 }
	 unit 0 {
	 family inet {
	 address 10.0.16.1/24;
	 }
	 }
	}

The output confirms that both serial interfaces inherited the serial-options statement into the configurations.

See Also

Recipe 1.13


Router Configuration and File Management

Basic Router Security and Access Control

IPSec

SNMP

Logging

NTP

Router Interfaces

IP Routing

Routing Policy and Firewall Filters

RIP

IS-IS

OSPF

BGP

MPLS

VPNs

IP Multicast



JUNOS Cookbook
Junos Cookbook (Cookbooks (OReilly))
ISBN: 0596100140
EAN: 2147483647
Year: 2007
Pages: 290
Authors: Aviva Garrett

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net