pushing config changes out to routers

While we're more or less on the subject, I'd be curious to see how various
networks manage pushing mass configuration changes (BGP filters, regular
password changes, updates to standard configs, etc) out to their boxes.
>From past experience I'll hazard a guess that this is largely custom
applications that people have specifically tailored to their needs.

Specifically, I'm interested in what safeguards people put in place to
1) hopefully prevent a typo in a master config database from getting
        pushed out to lots of devices, possible causing a large outage,
        and
2) integrity checking of the pending config beyond things like making sure
        that a static route has the correct next-hop address, e.g. things
        like if interface X has access-group Y applied to it, make sure
        that access-list Y actually exists...

Awhile back I wrote a fairly extensive system for backing up configurations
from network devices I'm responsible for and storing them in a journaled
format so I can pull an old revision if needed.  While it wouldn't be
especially tough to add the functionality in it to allow the system to
upload a modified config to a router, I specifically left that piece out
because I was still grappling with the safeguard issue.

Thoughts/insight are greatly appreciated.

jms
_______________________________________________
cisco-nsp mailing list  cisco-nsp@xxxxxxxxxxxxxxx
http://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/