On Sep 13, 2007, at 5:33 AM, <michael(_dot_)dillon(_at_)bt(_dot_)com>
OK, how is it possible to automate the renumbering of my firewall
entries which contain IPv6 addresses and prefixes?
How is it possible to automate the renumbering of my extranet business
partner firewalls who also contain some of my IPv6 addresses and
How do I automate the renumbering of router ACLs in my own IPv6
As a practical matter, these things are quite doable. Sane network
practices store the configuration for such devices in offline
By then writing these configurations in a parameterized form, you can
the current variable definitions to expand out a concrete
configuration. The tools
for this are not rare. Languages such as Perl, or macro processors
such as cpp or
m4 are more than adequate to the task.
Loading the results of these tools into devices is also trivial. See
rancid, for example.
For larger cases, one can also integrate a SQL database to help
This is not theoretical, I've worked with all of the above.
Ietf mailing list