Since six years, I’ve been in charge of backing up all eight hundred routers in our environment. This was done with a bunch of Perl scripts which retrieve the Cisco routers’ configuration via rcp and the other routers via TFTP. Because I’ve never been too pleased with that technology, I reworked the system ten months ago. Reasons for the rewrite included:
- Config retrieval from the router via rcp or TFTP are unreliable; any network issues automatically cause problems
- The routers have to be polled for their configurations, which imposes a certain load on the host system. Furthermore, if a router is unavailable, error-handling is difficult
- All configs are copied to a database, irrespective of whether they have changed or not; this greatly increases the amount of backed up configurations in the data store
- There is no version control of any sort
- Configuration retrieval is reduced to a single user on a defined system, due to rcp.
Since Cisco IOS 12.3 or 12.4, a router can save its configuration via my favorite protocol: HTTP, which is what I want to use here.
An IOS configuration snippet:
archive log config logging enable notify syslog hidekeys path http://www.example.com/store.php
Whenever a router desires to save a copy of its configuration, it submits this via HTTP to a web service implemented in PHP. The service creates a hash over the configuration data and if the key-pair hash and IP address of router (IP, MD5) have not yet been stored, they are saved to a MySQL database. During this transaction, the service contacts a second custom-made web service hosted on Lotus Domino and submits this new configuration to a Lotus Notes database, where it can subsequently be perused by authorized users.
The MySQL database is used to quickly determine if the configuration received from the Cisco router is duplicate. It is from this database (table) that an RSS feed is also generated to inform router administrators that a backup has been received.
The brunt of the work is done by the
store.php PHP script. It simultaneously
represents a server (from the point of view of the router) and a client (from
the point of the XML-RPC service). The PHP script receives (comparable to
a CGI) the router’s config and creates an in-core copy of it to retrieve
details such as the router’s hostname and IOS version. A touple consisting of
the IP address of the router plus an MD5 hash of the configuration data (IP,
MD5) are queried in a MySQL database. If it cannot be found, a new record is
inserted containing the key (IP, MD5) together with date/time of reception as
well as other details of the transaction.
Modified configs are subsequently submitted to a web service running on a Lotus Domino server. This custom-made C program is an XML-RPC web service written with XMLRPC-EPI which receives the configuration together with metadata and stores them in a new document into a Lotus Notes database. First of all, this enables configurations to be replicated to distinct locations, and secondly, it enables trusted employees to carry replicas of the Notes database with them when on the road.
An IOS configuration also carries information that is changed periodically by the router, but which mustn’t influence the MD5 hash. These values are removed before calculating the hash.
The system has been in production for almost a year now, without any problems.