Introduction
Configuration drift, human error, and hardware failure can result in network outages that are hard to recover from – especially in environments with equipment from multiple vendors. To mitigate these risks, we designed and implemented a custom automated backup system for routers, switches, and firewalls from various manufacturers, ensuring reliable, versioned, and auditable configuration snapshots.
The Challenge
- No centralized backup strategy for network equipment
- Devices from multiple vendors (e.g., Cisco, Juniper, MikroTik, HP, Fortinet, Ubiquiti)
- No standardized method for config retrieval (Telnet/SSH/HTTPS/SNMP/etc.)
- Need to:
- Schedule backups automatically
- Store configurations in versioned format
- Generate alerts on backup failures
- Keep everything on-premises
The Solution
🧠Architecture Design
- Core logic written in Python and Ansible, orchestrated via Ansible Automation Platform
- Modular vendor-specific handlers for:
- Cisco IOS/NX-OS
- Juniper
- MikroTik
- Fortinet
- Ubiquiti
- SSH key-based access or API tokens, securely managed via Vault or encrypted Ansible Vaults
💾Backup Logic & Storage
- Configs pulled and stored as plain text in a Git repository (for version control)
- Each device stored under vendor/device_name/YYYY-MM-DD.cfg
- Commit metadata: user, backup method, diff stats
- Fail-safe logic to retry failed connections and log unreachable devices
🗂️Scheduling & Reporting
- Ansible Automation Platform scheduled for:
- Daily backups (critical devices)
- Weekly backups (low-risk devices)
- Daily summary email + Slack alert:
- Success/failure per device
- Diff detection with previous config
🔐Security & Access Control
- Config backups encrypted at rest with AES-256
- Role-based access to backup archives
- Immutable Git logs for audit traceability
Results
| Metric | Before | After |
|---|---|---|
| Backup coverage | Incomplete, manual | 100% automation for all vendors |
| Configuration versioning | None | Git-based diff and history |
| Failure detection | Absent | Real-time alerts |
| Recovery time after incident | Hours to days | Minutes with verified snapshots |
| Cost | Proprietary tools | Zero-licensing, open-source stack |
Conclusion
This custom solution eliminated the manual burden of backing up network devices, improved disaster recovery posture, and provided traceable, versioned, and secure configuration snapshots – all with vendor-agnostic design and full on-premise control.
It’s a flexible and extensible platform that supports modern NetDevOps practices, integrates easily with CI/CD pipelines, and scales across datacenters, ISPs, and enterprise networks alike.
