- Diff is more-or-less reliant on order being preserved between the files being compared. Some config elements are split across the config file when it is saved. Others may be stored in different locations depending on the software release. Certain items such as layer 3 interfaces are stored in the order that they were added, so two configs may contain the same interfaces but in a different order and traditional diff can't generally work that out.
- Traditional diff does not appreciate the significance of policy names, sequence numbers or service IDs in determining what should be compared to what. Ad-hoc insertions and deletions of policy entries or service often causes diff to get completely out of step, making it compare apples to oranges.
- Traditional diff does not provide context for differences. Quite often you just get a load of "shutdown" "no shutdown" pairs. It is possible to include a fixed number of lines pre- or post- difference, but even that does not always show the configuration context where the difference actually occurred and brings a load of junk with it. The only sure-fire way is to turn on side by side diff, which shows both configurations in full side by side with changes marked in a centre column.
Point 2 is the real killer, making traditional diff basically useless for audits where a handful of known policies must be validated within a config containing many other policies. Below is a (fairly common) worst case when working with diff - one policy has been removed and another two added:
Traditional diff makes a horrible job of this. Even seeing the two configs side by side it is confusing to look at and it is not immediately apparent what has changed.
I poked and played with a number of "diff" type tools to try and find something that would handle this kind of thing more gracefully but I eventually came to the conclusion that nothing currently existed. I had a rough idea of what I wanted:
- It must only compare the contents of like policies, i.e. policy "A" should only be compared to policy "A" and never to policy "B".
- It must compare configuration elements that appear in a different order in one config to the other.
- It should, ideally, report the full context of each difference within the hierarchy.
To address these points I decided to write a tool from scratch and called it, unimaginatively, 7750diff. Here's how 7750diff reports the same changes:
D:\7750diff>
That's not only much clearer (IMHO), but I can take the output and copy / paste it directly into the node to build the missing configuration. Happy days!
D:\7750diff>7750diff a.cfg b.cfg
Unique to a.cfg:
configure
qos
scheduler-policy "20000kbps" create
description "20000kbps Scheduler"
tier 1
scheduler "tier1" create
rate 20000 cir 20000
exit
exit
exit
exit
exit
Unique to b.cfg:
configure
qos
scheduler-policy "25000kbps" create
description "25000kbps Scheduler"
tier 1
scheduler "tier1" create
rate 25000 cir 25000
exit
exit
exit
scheduler-policy "40000kbps" create
description "40000kbps Scheduler"
tier 1
scheduler "tier1" create
rate 40000 cir 40000
exit
exit
exit
exit
exit
D:\7750diff>
That's not only much clearer (IMHO), but I can take the output and copy / paste it directly into the node to build the missing configuration. Happy days!
How it Works
The basic methodology used by 7750diff is to:
- Read each config into a hierarchical tree structure based on indent levels
- Recursively compare the trees starting at the root:
- For each branch of config A, search for an identical branch on config B within the same context.
- If a match is found, check for subordinate "child" configuration elements.
- If any children exist, recursively process them.
- If no children are then present, remove the matching elements.
Since the whole thing runs on indents it is not 7750 specific. It "may" work on ISAM configs, it may work on any other sort of config that uses indent / whitespace to denote hierarchy - I just haven't tested it. Try your luck :)
Obtaining the Tool
As usual, the tool is available for download at my github: https://github.com/theclam/7750diff - there is the C source code plus a Windows binary available to download.The code is pretty horrible as this was my first bit of C coding in over a decade. I may decide to clean the code up at some point but it is quite stable now, meaning I haven't found a config that upsets it for the last couple of versions. I've been running a nightly cron job for quite some time now which pulls down an entire lab's configs and 7750diffs each one against the previous day's and it works great.
If you download 7750diff, please let me know how you get along with it.
