[rancid] xrrancid destroys ipv[46] ACLs

Erik Wenzel erik at code.de
Tue Jan 10 18:52:14 UTC 2012


Am 10.01.2012 um 18.36 schrieb heasley:

> Tue, Jan 10, 2012 at 05:41:26PM +0100, Erik Wenzel:
>> regardless of setting ACLSORT in rancid.conf xrrancid is sorting an ACL like:
>> ---snip---
>> #sh ipv4 access-lists eriktest-v4
>> ipv4 access-list eriktest-v4
>> 1 remark erik
>> 10 remark tests
>> 100 remark acls
>> 1000 deny ipv4 any any
>> #sh ipv6 access-lists eriktest
>> ipv6 access-list eriktest
>> 1 remark erik
>> 10 remark tests
>> 100 remark acls
>> 1000 deny ipv6 any any
>> ---snip---
>> to:
>> ---snip---
>> [?]
>> deny ipv6 any any
>> ipv6 access-list eriktest
>> 1 remark erik
>> 10 remark tests
>> 100 remark acls
>> [?]
>> !
>> deny ipv4 any any
>> ipv4 access-list eriktest-v4
>> 1 remark erik
>> 10 remark tests
>> 100 remark acls
>> !
>> [?]
>> ---snip---
>> ? in rancid backup. This is completely useless. This can't be used in case of 
>> recovery. I urge everyone who uses xrrancid and sequence numbers to verify their
>> ACLs in CVS. My workaround is to comment out line 1022-1037. Can someone who is
>> using IOS-XR in this setup confirm this behavior?
> 
> i'm not sure if i understand what the behavior is that you are trying to
> describe.  could you explain in more detail?
I want a working configuration backup. As you can see in the second snippet above the ACL is crippled. I extracted it from the checked out file from CVS. Why does xrrancid mess around with ACLs? I set ACLSORT to NO and still some code(line 1022-1037 in xrrancid) removes sequence numbers lines containing allow or deny from configuration. Is there a use case I do not see?

> 
>> 
>> xrrancid version string: $Id: xrrancid.in 2264 2010-11-04 23:35:17Z heas $
>> 
>> -- 
>> Erik Wenzel
>> erik at code.de
>> 
>> 
>> 
>> 
>> _______________________________________________
>> Rancid-discuss mailing list
>> Rancid-discuss at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo.cgi/rancid-discuss



More information about the Rancid-discuss mailing list