Abstract: A multi-chassis router allows an administrator to install software from a single user interface. The multi-chassis router automatically forwards the software to each chassis within the multi-chassis router when given a single command to install the software from an administrator. The multi-chassis router also automatically validates the software on each chassis. After reporting the results of the validations, the multi-chassis router may wait for the administrator to issue a commit command before committing each chassis within the multi-chassis router to the software. Alternatively, in response to a failed validation or for other reason, an administrator can issue a single ROLLBACK command. This allows each chassis within the multi-chassis router to have the same software during all stages of a software installation and ensures software on each chassis is compatible with software on every other chassis.

Abstract: A network management system is described for assuring that a network device complies with a device-specific configuration policy. One example of the network management system contains one or more business rules that describe a business policy regarding a computer network in a network-independent form. In general, the business rules refer to high-level business requirements and not to device-specific configuration information. The network management system uses the business rule to determine which business policies are currently in force. In addition, the network management system contains one or more network design rules that describe relationship between the business policy and one or more device-specific configuration policies. The network management server uses the network design rules to determine whether to deploy a device-specific configuration policies.

Abstract: In general, the invention is directed to techniques for establishing secure connections with devices residing behind a security device. In accordance with the techniques, a managed device initiates a transmission control protocol (TCP) session to establish a TCP session with a management device such that the management device acts as the TCP server and the managed device acts as a TCP client. Once established, the managed device sends a role reversal message specifying an identity of the managed device via the TCP session. Upon receiving the role reversal message, the management device initiates a secure connection over the TCP session in accordance with a secure protocol such that the management device acts as the secure protocol client and the managed device acts as the secure protocol server. By properly establishing the secure session, each of the devices assumes the proper roles and administrators may more easily configure the devices.

Abstract: In one example, a device includes a network interface configured to present a command interface to receive input comprising a command and an indicator, wherein the command conforms to an execution format and specifies one or more parameters to be applied during execution of the command, and wherein the indicator indicates, at least in part, that the command is not to be executed, and a control unit configured to reformat, based on the indicator, the command to conform to an extensible markup language (XML) format such that the reformatted command complies with a syntax supported by a script processing module of the network device and specifies the command and the one or more parameters in the XML format in a format that can be executed by the script processing module, and to output the reformatted command via the command interface. Thus, the device may provide XML formatted equivalents for commands.

Abstract: A network device may include logic configured to invoke proactive programs based on the expiration of a long time period within the network device, wherein the proactive programs collect data relating to operations of the network device, invoke reactive programs based on the detection of at least one of an event or expiration of a short time period, wherein the reactive programs collect, correlate and analyze data relating to the detected event or expiration of a short time period, determine a corrective action based on collected and analyzed data, and perform the determined corrective action within the network device.

Abstract: A multi-chassis router allows an administrator to install software from a single user interface. The multi-chassis router automatically forwards the software to each chassis within the multi-chassis router when given a single command to install the software from an administrator. The multi-chassis router also automatically validates the software on each chassis. After reporting the results of the validations, the multi-chassis router may wait for the administrator to issue a commit command before committing each chassis within the multi-chassis router to the software. Alternatively, in response to a failed validation or for other reason, an administrator can issue a single ROLLBACK command. This allows each chassis within the multi-chassis router to have the same software during all stages of a software installation and ensures software on each chassis is compatible with software on every other chassis.

Abstract: In one example, a device includes a network interface configured to present a command interface to receive input comprising a command and an indicator, wherein the command conforms to an execution format and specifies one or more parameters to be applied during execution of the command, and wherein the indicator indicates, at least in part, that the command is not to be executed, and a control unit configured to reformat, based on the indicator, the command to conform to an extensible markup language (XML) format such that the reformatted command complies with a syntax supported by a script processing module of the network device and specifies the command and the one or more parameters in the XML format in a format that can be executed by the script processing module, and to output the reformatted command via the command interface. Thus, the device may provide XML formatted equivalents for commands.

Abstract: Configuration information for a network device may be associated with a protection state that may restrict the modification of portions of the configuration information that are set to the protected state. The network device may be configured using configuration information defined as a group of hierarchically arranged configuration statements. Permissions may be stored for the network device relating to users permitted to modify the configuration information. The permissions may include permission tags, or other information defining the protection state, associated with the configuration statements. Intended modifications to the configuration information may be processed based on whether the intended modifications affect configuration statements associated with one of the permission tags.

Abstract: A multi-chassis router allows an administrator to distribute configuration data from a single user interface. Additionally, the multi-chassis router presents a software image consistent with that of a standalone router and uses configuration data syntax that is consistent with that of a standalone router. The multi-chassis router automatically distributes and validates relevant configuration data at each chassis within the multi-chassis router. In effect, an administrator does not need to account for the multiple chassis configuration, and an administrator familiar with the configuration data syntax for a standalone router can use that knowledge to configure the multi-chassis router.

Abstract: Configuration information for a network device may be associated with a protection state that may restrict the modification of portions of the configuration information that are set to the protected state. The network device may be configured using configuration information defined as a group of hierarchically arranged configuration statements. Permissions may be stored for the network device relating to users permitted to modify the configuration information. The permissions may include permission tags, or other information defining the protection state, associated with the configuration statements. Intended modifications to the configuration information may be processed based on whether the intended modifications affect configuration statements associated with one of the permission tags.

Abstract: Techniques are described for reliable restoration of archived configuration. For example, a device, such as a router, comprises a first memory to store operational configuration data and a second memory to store candidate configuration data. The candidate configuration data represents a working copy of the operational configuration data. The device further includes a control unit to lock the candidate configuration data, load archived configuration data to replace the locked candidate configuration data and commit the candidate configuration data to restore the archived configuration data as the operational configuration data of the device. In locking the candidate configuration, the device ensures reliable restoration of the candidate configuration by helping prevent the device from becoming both unreachable and inoperable.

Abstract: In general, the invention facilitates diagnosing fault conditions, such as flapping, by permitting users to request information for specific components in a network device such as a router. The invention also facilitates the diagnosis of other fault conditions, including, but not limited to, excessive numbers of dropped packets, hard drive crashes, high temperature readings, and inactive interface cards. A user may obtain a targeted log containing information relating to selected fault conditions or other network device events, rather than a system log containing information relating to all network device events, some of which may not be of interest to the user. The targeted log may be parsed and analyzed with greater ease than the system log.

Abstract: A multi-chassis router allows an administrator to install software from a single user interface. The multi-chassis router automatically forwards the software to each chassis within the multi-chassis router when given a single command to install the software from an administrator. The multi-chassis router also automatically validates the software on each chassis. This allows each chassis within the multi-chassis router to have the same software during all stages of a software installation and ensures software on each chassis is compatible with software on every other chassis. In effect, an administrator does not need to account for the multiple chassis configuration, and an administrator familiar with software installation on a standalone router can use that knowledge to install software on the multi-chassis router.

Abstract: A network router management interface offers two different presentation modes for viewing configuration and operational information encoded in extensible markup language output obtained from a network router. The network router management interface provides an application programming interface (API) that permits client applications to formulate configuration and operational requests according to an extensible markup language, such as XML. In response to the configuration and operational requests submitted by a client application, the router produces XML output. On a selective basis, the user may elect to view or archive the XML output in either a rendered or unrendered format. In this manner, clients such as network administrators, installation technicians and applications developers can view raw XML output on a selective basis for use in development and debugging.

Abstract: Techniques are described for application of implementation-specific configuration policies within a network device. For example, a device, such as a router, may comprise memory to store operational configuration data and candidate configuration data. The device further includes a control unit to apply changes to the candidate configuration data based on input from a client, and apply an implementation-specific configuration policy to a copy of the changed candidate configuration data. Based on a result of applying the implementation-specific configuration policy, the device selectively commits the changes made to the candidate configuration to the operational configuration. In the event an error occurs while applying the implementation-specific configuration policy, the device does not commit the changes to the operational configuration.

Abstract: A network device includes an initial data source to store configuration data for the network device, and a management module to generate a configuration patch that lists any differences between a working copy of the initial data source and the initial data source. The management module modifies the working copy based on configuration commands received from a client, and updates the initial data source in accordance with the differences defined by the configuration patch. During the update process, the management module verifies that any conditions specified by the patch are satisfied. The management module may generate the configuration patch in response to a first command from a client, and apply the patch in response to a second command from the client. The configuration patch may be communicated to other network devices for configuring the devices.

Abstract: In general, the invention is directed to techniques for establishing secure connections with devices residing behind a security device. In accordance with the techniques, a managed device initiates a transmission control protocol (TCP) session to establish a TCP session with a management device such that the management device acts as the TCP server and the managed device acts as a TCP client. Once established, the managed device sends a role reversal message specifying an identity of the managed device via the TCP session. Upon receiving the role reversal message, the management device initiates a secure connection over the TCP session in accordance with a secure protocol such that the management device acts as the secure protocol client and the managed device acts as the secure protocol server. By properly establishing the secure session, each of the devices assumes the proper roles and administrators may more easily configure the devices.

Abstract: Techniques are described for reliable restoration of archived configuration. For example, a device, such as a router, comprises a first memory to store operational configuration data and a second memory to store candidate configuration data. The candidate configuration data represents a working copy of the operational configuration data. The device further includes a control unit to lock the candidate configuration data, load archived configuration data to replace the locked candidate configuration data and commit the candidate configuration data to restore the archived configuration data as the operational configuration data of the device. In locking the candidate configuration, the device ensures reliable restoration of the candidate configuration by helping prevent the device from becoming both unreachable and inoperable.

Abstract: A network device may include logic configured to invoke proactive programs based on the expiration of a long time period within the network device, wherein the proactive programs collect data relating to operations of the network device, invoke reactive programs based on the detection of at least one of an event or expiration of a short time period, wherein the reactive programs collect, correlate and analyze data relating to the detected event or expiration of a short time period, determine a corrective action based on collected and analyzed data, and perform the determined corrective action within the network device.

Abstract: A network device displays applied and non-applied configurations in different formats to facilitate distinguishing between active and inactive configurations. In this way, a user can readily distinguish, for example, between applied configurations for active interfaces from loaded configurations for inactive interfaces and non-applied configurations for active interfaces. Configuration information may be encoded using an extensible markup language to identify the type of configuration. The network device uses this type identification to determine whether a particular part of the configuration should be displayed in as normal text or as altered text. The part of the configuration that is displayed in the altered form may represent the non-applied configurations.