Why use configc?

 
 
 

Find the mistakes

router bgp 65432
 neighbor IBGP-ENT peer-group
 neighbor IBGP-ENT remote-as 65499
 neighbor IBGP-ENT description Internal BGP peers - Enterprise WAN
 neighbor IBGP-ENT route-map ENT-WAN-IN in
 neighbor 10.55.3.1 peer-group IBGP-ENT
 neighbor 10.55.3.1 description ent-gw-A.hq
 neighbor 10.55.3.2 peer-group IBGP-ENT
 neighbor 10.55.3.2 description ent-gw-B.hq
!
! accept routes from enterprise network:
route-map ENT-WAN permit 10
 match ip address prefix-list ENT-NETWORKS-HQ
route-map ENT-WAN permit 20
 match ip address prefix-list ENT-NETWORKS-PHILLY
!
! announce routes to ent:
route-map ENT-WAN-OUT permit 10
 match ip address prefix-list ALL-ROUTES
!
! all routes: (from internet)
ip prefix-list ALL-ROUTES seq 10 permit 0.0.0.0/0 le 32
!
! ent net routes:
ip prefix-list ENT-NETWORKS-HQ seq 10 permit 172.16.20.0
ip prefix-list ENT-NETWORKS-HQ seq 9999 deny 0.0.0.0/0 le 32

Here's a config to add a couple new routers to an IBGP mesh.

Whoever implements this is about to have a bad night...or at least a very interesting one.

Can you find all four mistakes?

 
 
 

Add some color

router bgp 65432 
neighbor IBGP-ENT peer-group 
neighbor IBGP-ENT remote-as 65499 
neighbor IBGP-ENT description Internal BGP peers - Enterprise WAN 
neighbor IBGP-ENT route-map ENT-WAN-IN in 
neighbor 10.55.3.1 peer-group IBGP-ENT 
neighbor 10.55.3.1 description ent-gw-A.hq 
neighbor 10.55.3.2 peer-group IBGP-ENT 
neighbor 10.55.3.2 description ent-gw-B.hq 
! 
! accept routes from enterprise network: 
route-map ENT-WAN permit 10 
match ip address prefix-list ENT-NETWORKS-HQ 
route-map ENT-WAN permit 20 
match ip address prefix-list ENT-NETWORKS-PHILLY 
! 
! announce routes to ent: 
route-map ENT-WAN-OUT permit 10 
match ip address prefix-list ALL-ROUTES 
! 
! all routes: (from internet) 
ip prefix-list ALL-ROUTES seq 10 permit 0.0.0.0/0 le 32 
! 
! ent net routes: 
ip prefix-list ENT-NETWORKS-HQ seq 10 permit 172.16.20.0 
ip prefix-list ENT-NETWORKS-HQ seq 9999 deny 0.0.0.0/0 le 32 
 
 

Colorization and syntax highlighting helps, but it only finds a typo.

One mistake down, three to go.

 
 
 

Undefined, unused, unwanted?

Errors:
  • Unexpected token 172.16.20.0: ip prefix-list ENT-NETWORKS-HQ seq 10 permit 172.16.20.0
Undefined items:
Items used before definition:
Unused items:
  • route-map ENT-WAN
  • route-map ENT-WAN-OUT
Parse status:
  • Complete!

Missing prefix-list? That's mistake #2.

Hold on, wasn't ENT-WAN-OUT defined? No, only ENT-WAN was defined. That's mistake #3.

And ENT-WAN-OUT is never used. That's four, but can it be implemented better?

Yes, besides the implementation benefits, defining everything before it's used makes it easier to read too.

 
 
 

It's not 1992 anymore.

! 
! the password is definitely not a vendor name 
! 
enable password 7 0822455D0A16 
! 
access-list 10 permit 192.168.0.0 
! 
route-map CORP-IN permit 10 
match ip address 10 
! 
 

Still using a type 7 password? The replacement came out in 2001.

Not using prefix-lists either? Do you still say "Class C"?

Also find encryption and hash methods that are no longer secure.

 
 
 

configure; make; make install;

  • $0 to use
  • No install necessary
  • 100% "in the browser", all analysis is done client-side