Is NCG like RANCID?

RANCID is a popular tool for monitoring for changes in the configurations of network devices (routers, switches, firewalls, etc.). NCG, on the other hand, is more analogous to a tool like Puppet or cfengine, though it's intended for networking gear rather than UNIX/Linux host. NCG generates the config files for your network devices and services, rather than simply monitoring those files for changes the way RANCID does.

If RANCID detects any meaningful changes in the configurations of the devices that it is monitoring, it emails you about them, and checks the new config into a version control system. RANCID doesn't generate configs, though; it doesn't know or care where a config originally comes from, or whether changes to it were made manually or by some automated system, it merely monitors those changes.

In contrast, NCG generates whole config files from templates and a high-level description of your network. Because the config files are generated rather than hand-maintained, they are more likely to be complete and consistent (particularly across multiple related devices, such as multiple redundant switches in a hosting environment, or across firewalls and load balancers serving the same hosting environment). More complete and consistent configs makes your network more reliable. Generating configs rather than maintaining them by hand makes your network easier to manage and grow; when you need to make a change, you change the templates and/or description of the network as appropriate, run NCG, and regenerate a new set of complete, consistent configs for all your devices (routers, switches, load balancers, firewalls, etc.) and services (DNS servers, DHCP servers, monitoring systems such as Nagios and Cacti and Munin, etc.).

You can read more about the philosophy behind NCG at http://www.netomata.com/benefits

The initial release of NCG doesn't actually attempt to place the generated configs on any of the devices; it merely generates config files which you can review and install as, when, and however you see fit. In the future, we'll be looking at integrating NCG with tools like Puppet (for installing config files for UNIX/Linux-based services such as DNS, DHCP, and monitoring) and Ziptie (for installing configs on network devices).