Now what do you use for the rest of the fucking owl?
I've been helping build a regional fiber network, and since january I've created about 10 servers, 15 vlans, learned JuneOS, figured out the calix gear and their hella bad gui thing.
I have NMS setup (monitoring not alerting yet) Servers with letsencrypt/snmp/intrusiondetection. I've done preliminary vulnerability scans and that has been ok. My issue is documentation is sprawling (hence netbox) I'm basically the only one that understands how the dns/dhcp/ntp/ftp servers work or how to update and troubleshoot them (I'm trying to teach as I go, but their isn't much time) I'm hoping netbox will let me condense everything i've been putting in visio/notepad/excel into one place.
But I'm missing some type of config management preferably open source. (right now i have the devices that support it, sending a copy of the config to my office server on commit, and server backups doing the same) but sometimes I catch the other guys doing things they don't fully understand (I've found a few config files with /example/example copied directly from the configuration guide) Dont get me wrong they are learning a ton and great to work with, but there are so many moving parts its hard to keep track of it all. I have a syslog server setup and everything is dumping logs there too, so I can go back and see what people changed and fix it. I have a small pfsense instance with snort setup, but have been thinking about expanding that. This is a community/rural environment so budget is a concern (I thought they were going to choke when a networking company wanted 170$/hr to do some configuration work... LOL
There was really no plan as far as I can tell from layer 2 up. Layer 1 was well planned and engineered, but they did't even have a single server setup for dhcp/dns when I started in january. There are vlans going all over the place for voip/TV/etc (i hope netbox will help there too) I've been working so much I actually just found where I setup a g2032 ring and barely remember doing it, much less documenting it in my crappy spreadsheet. We have strong passwords for everything, I showed them how to gen random ones and never use the same one twice, but that is becoming an issue too (does netbox securely store that? or do I need to just break down and get keypass or setup openlap or something?)
I've been out of the ISP side for probaby 10 years so i'm rustly as hell. None of the vendors have been much help, Everyone that told them to buy juniper... when we asked for help said "oh we don't have it yet, we can get professional services to help in 6-8 weeks" /facedesk Over all it has been really fun but exhausting, I see the guys getting exicted when we turned up the first customer and it reminded me of building the first ISP I started when I was 20. We have plenty of drive, but there is only 3 of them and 1 of me. If you made it this far thanks for reading and if you have idea on configmangement and password/api/keys those are the 2 big things I know I'm missing.
TLDR Jumped in head first building a regional fiber network with 3 electrical engineers and have come a long way in 3 months, but i'm loosing track of all the moving parts, Need something to pull it all together.
No comments:
Post a Comment