Script to deploy router configs & verify - how would you approach this?

Hello all –

I have a project that is going to involve creating and loading router configurations on 350 juniper routers. I have some individual snippets / functions for this process already written for other tasks but I am stuck with one part of the process. Here is some pseudo code that is going to outline the process I am thinking of and highlight where I am stuck

Ideally I would like this to thread somehow – I have had some success in the past with doing a workflow. I still want to look at Posh RS Jobs - but before I get there I need to understand the best way to do the verification process.

foreach($r in $router) { # generate the config for this router --> written and working $config = New-RouterConfig $r
# scp the config to the router --> written and working
# using the winscp.dll .net wrapper
Send-SCPItem $r $config

# load the configuration on the router and "commit confirm" the config for X minutes
# NOTE: This will save the config for X minutes OR until "commit" command is sent.  
# if no second "commit" command is sent within X minutes, the configuration will roll back to previous state
# written and working
# using the POSH-Junos module
Invoke-JunosCommand $command

# once the command runs to apply and commit confirm the config file start a process
# that waits Y minutes (where Y is less than X), tests network connectivity to the router 
# that was just loaded -- if we can ping, login and run commit, if we can't it will auto rollback




I’m not entirely sure what you mean by verification. However, I’d probably request a full configuration dump from the router and just diff it against the desired configuration. If there are no differences, you win. And I’d probably write all of that as one big function, which could then be spun up in discrete jobs to get some parallelization. Or, just use Warren’s Invoke-Parallel command.

Thanks Don.

Reading my OP I realized that I left out a potentially detail. These routers connect to HQ via VPN. So I suppose the verification would be – can I ping it? Did the VPN come back up? If I were doing this manually, this is how I would verify.

The idea of diff-ing the running config with the desired config is a different approach that I hadn’t thought of. I will put some thought into this method and see if it will fit.

Thanks again