How to Install and Configure Oxidized Backup Tool Using Docker Step-by-Step

Introduction

Network devices are the foundation of modern IT infrastructure. Routers, switches, firewalls, wireless controllers, load balancers, and security appliances all rely on configuration files that define how they operate. Losing these configurations due to hardware failure, accidental changes, security incidents, or operational mistakes can result in significant downtime and lengthy recovery efforts.

This is why automated network configuration backup solutions have become an essential component of network operations, disaster recovery planning, compliance initiatives, and configuration management strategies.

Among the available tools, Oxidized has emerged as one of the most popular open-source network configuration backup platforms. Designed as a modern replacement for legacy solutions such as RANCID, Oxidized automates the collection, versioning, and tracking of network device configurations while supporting a wide range of vendors including Cisco, Juniper, Arista, Fortinet, Palo Alto Networks, MikroTik, and many others.

Running Oxidized in Docker further simplifies deployment by providing portability, consistency, easier upgrades, and streamlined management. Instead of manually installing dependencies and maintaining application environments, administrators can deploy Oxidized within a containerized environment and begin backing up devices within minutes.

In this comprehensive guide, you’ll learn how to install and configure Oxidized using Docker, understand its architecture, prepare a production-ready environment, and establish the foundation for automated network configuration backups.

What Is Oxidized?

Quick Definition

Oxidized is an open-source network configuration backup and change-tracking platform that automatically connects to network devices using protocols such as SSH and Telnet, retrieves their running configurations, stores them in a version-controlled repository, and provides visibility into configuration changes over time.

Unlike manual backup methods, Oxidized continuously monitors devices and creates configuration snapshots automatically.

Why Network Configuration Backups Matter

Network devices contain critical operational information, including:

Routing protocols
VLAN assignments
Firewall rules
Access control lists (ACLs)
VPN settings
Interface configurations
Security policies
Quality of Service (QoS) configurations

Without regular backups, organizations face several risks:

Risk	Impact
Hardware failure	Complete loss of configuration
Human error	Accidental deletion of settings
Unauthorized changes	Security and compliance issues
Failed upgrades	Difficult rollback process
Disaster recovery events	Extended downtime

Automated backups significantly reduce these risks by maintaining a continuously updated repository of device configurations.

How Oxidized Works

At its core, Oxidized follows a simple workflow:

Retrieve device inventory.
Connect to devices using SSH or Telnet.
Execute vendor-specific commands.
Collect configuration output.
Process and normalize configuration data.
Save configurations to storage.
Track changes through Git version control.
Display backup status through a web interface.

The process runs automatically based on configurable polling intervals.

Key Features of Oxidized

Feature	Description
Automated Backups	Scheduled configuration retrieval
Multi-Vendor Support	Supports hundreds of device models
Git Integration	Tracks configuration history
Web Interface	Provides visibility into backups
Docker Support	Simplifies deployment
REST API	Enables automation workflows
SSH & Telnet Support	Flexible connectivity options
Change Tracking	Detects configuration modifications
Open Source	No licensing costs

Why Oxidized Replaced RANCID for Many Organizations

Historically, many organizations used RANCID (Really Awesome New Cisco Configuration Differ) for network backups.

While RANCID remains functional, Oxidized introduced several improvements.

Feature	Oxidized	RANCID
Modern Architecture	Yes	Limited
REST API	Yes	No
Docker Deployment	Easy	Manual
Git Integration	Native	Limited
Web Interface	Built-in	External
Vendor Support	Extensive	Extensive
Community Development	Active	Moderate
Configuration Tracking	Advanced	Basic

For organizations adopting network automation and Infrastructure as Code principles, Oxidized often aligns better with modern operational practices.

Supported Network Vendors

One of Oxidized’s strongest advantages is broad vendor compatibility.

Commonly supported platforms include:

Vendor	Operating System
Cisco	IOS
Cisco	IOS-XE
Cisco	NX-OS
Cisco	ASA
Cisco	IOS-XR
Juniper	JunOS
Arista	EOS
Fortinet	FortiOS
Palo Alto Networks	PAN-OS
MikroTik	RouterOS
Dell	OS10
HPE	Comware
Extreme Networks	EXOS

This broad compatibility makes Oxidized suitable for heterogeneous enterprise environments.

Oxidized Architecture Overview

Before deployment, it is important to understand the major components.

Core Components

Component	Function
Oxidized Engine	Main backup service
Device Source	Inventory provider
Input Module	SSH/Telnet connectivity
Model Library	Vendor-specific commands
Output Module	Storage backend
Git Repository	Version tracking
Web Interface	Monitoring and access
Docker Container	Runtime environment

Backup Lifecycle

Stage	Description
Discovery	Device inventory loaded
Authentication	Login to device
Collection	Execute backup commands
Processing	Normalize output
Storage	Save configuration
Versioning	Commit changes to Git
Monitoring	Display status

This architecture enables scalable and reliable network configuration management.

Benefits of Running Oxidized in Docker

Why Use Docker Instead of Native Installation?

Although Oxidized can be installed directly on Linux, Docker offers several operational advantages.

Organizations increasingly standardize applications using containers because they simplify deployment, upgrades, portability, and maintenance.

Portability

A Docker container packages:

Oxidized application
Dependencies
Runtime environment
Configuration structure

As a result, deployments behave consistently across:

Ubuntu
Debian
Rocky Linux
AlmaLinux
Virtual Machines
Cloud Instances
On-Premises Servers

This consistency reduces troubleshooting effort and deployment variability.

Simplified Deployment

Traditional installations often require:

Ruby dependencies
Gem packages
System libraries
Manual updates

Docker abstracts these complexities.

Instead of installing numerous packages, administrators can deploy a single container image.

Easier Upgrades

Updating Oxidized natively may involve:

Package upgrades
Dependency conflicts
Service interruptions

Docker upgrades are simpler:

Pull latest image.
Stop old container.
Start new container.
Retain persistent data volumes.

This approach minimizes operational risk.

Isolation and Security

Containers isolate applications from the host operating system.

Benefits include:

Reduced dependency conflicts
Better resource control
Simplified rollback procedures
Improved operational consistency

Infrastructure as Code Compatibility

Docker Compose files can be stored in:

GitHub
GitLab
Bitbucket
Internal Git repositories

This enables:

Version-controlled deployments
Automated rebuilds
Repeatable infrastructure

Docker Benefits Summary

Benefit	Operational Value
Portability	Consistent deployments
Isolation	Reduced conflicts
Upgrades	Faster maintenance
Automation	CI/CD friendly
Recovery	Faster restoration
Scalability	Easier expansion

Prerequisites Before Installing Oxidized

Proper preparation helps avoid installation issues later.

Hardware Requirements

Oxidized is lightweight compared to many network management platforms.

Recommended baseline:

Environment Size	CPU	RAM	Storage
Lab	1 Core	1 GB	10 GB
Small Business	2 Cores	2 GB	20 GB
Medium Enterprise	4 Cores	4 GB	50 GB
Large Enterprise	8+ Cores	8+ GB	100+ GB

Storage requirements increase when:

Managing thousands of devices
Retaining long configuration history
Storing backups in Git

Software Requirements

The following software should be available:

Component	Version Recommendation
Ubuntu	22.04 LTS or newer
Docker Engine	Latest stable
Docker Compose	Latest stable
Git	Latest stable
OpenSSH	Latest stable

Network Requirements

Oxidized must communicate with devices using management connectivity.

Required access may include:

Protocol	Default Port
SSH	22
Telnet	23
HTTPS	443
SNMP (optional)	161

Best practice is to use SSH whenever possible.

Device Access Requirements

Ensure the backup account has:

Read-only access where appropriate
Permission to display running configuration
Access to required show commands
SSH connectivity

Typical Cisco commands include:

show running-config
show version

The exact commands vary by vendor model.

Security Best Practices Before Deployment

Before installation:

Create dedicated backup accounts.
Use SSH keys whenever possible.
Restrict management network access.
Implement role-based access control.
Protect Git repositories.
Store secrets securely.

These practices improve operational security and compliance.

Oxidized Deployment Architecture

Understanding deployment architecture simplifies configuration and troubleshooting.

Components Overview

A typical Docker-based deployment contains the following layers.

Layer	Component	Purpose
Infrastructure	Linux Server	Host platform
Container Runtime	Docker Engine	Executes containers
Application	Oxidized	Backup automation
Connectivity	SSH/Telnet	Device communication
Storage	Volumes	Persistent data
Version Control	Git	Change tracking
Monitoring	Web Interface	Operational visibility

Data Flow Workflow

The following sequence illustrates how backups occur.

Device inventory is loaded.
Oxidized selects a target device.
SSH session is established.
Authentication is performed.
Device-specific commands execute.
Configuration output is collected.
Output is normalized.
Configuration is stored.
Git commits changes.
Web UI updates status.

This workflow repeats continuously according to configured intervals.

Typical Production Architecture

Component	Example
Host OS	Ubuntu Server 24.04
Container Runtime	Docker Engine
Application Container	Oxidized
Storage Volume	Persistent Docker Volume
Repository	GitHub or GitLab
Monitoring	LibreNMS Integration
Inventory Source	CSV or NetBox

Storage Considerations

Persistent storage is critical.

Important directories include:

Directory	Purpose
Configurations	Device backups
Git Repository	Version history
Logs	Troubleshooting
Configuration Files	Application settings

Without persistent volumes, backups may be lost when containers are recreated.

High Availability Considerations

For larger environments:

Use redundant storage.
Back up Git repositories.
Protect Docker host snapshots.
Monitor backup success rates.
Maintain configuration documentation.

These practices support business continuity objectives.

Installing Docker and Docker Compose

Before deploying Oxidized, Docker must be installed.

The examples in this guide use Ubuntu Server.

Update the System

Begin by updating package repositories.

sudo apt update
sudo apt upgrade -y

This ensures the operating system is current.

Install Required Packages

Install supporting dependencies.

sudo apt install -y \
ca-certificates \
curl \
gnupg \
lsb-release

These packages support repository management and secure downloads.

Add Docker Repository Key

Create the keyring directory.

sudo mkdir -p /etc/apt/keyrings

Download Docker’s signing key.

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | \
sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg

Add Docker Repository

Add the Docker package source.

echo \
"deb [arch=$(dpkg --print-architecture) \
signed-by=/etc/apt/keyrings/docker.gpg] \
https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

Install Docker Engine

Update repositories again.

sudo apt update

Install Docker.

sudo apt install -y docker-ce docker-ce-cli containerd.io

Verify Docker Installation

Check Docker version.

docker --version

Example output:

Docker version 27.x.x

Verify service status.

sudo systemctl status docker

You should see the Docker service running.

Enable Docker at Boot

Ensure Docker starts automatically.

sudo systemctl enable docker

Install Docker Compose Plugin

Install the Compose plugin.

sudo apt install docker-compose-plugin -y

Verify installation.

docker compose version

Expected output resembles:

Docker Compose version v2.x.x

Test Docker Functionality

Run a test container.

sudo docker run hello-world

Successful output confirms Docker is functioning correctly.

Allow Non-Root Docker Usage (Optional)

Add your account to the Docker group.

sudo usermod -aG docker $USER

Apply changes.

newgrp docker

Verify access.

docker ps

You should be able to execute Docker commands without sudo.

Key Takeaways

At this stage, you have learned:

What Oxidized is and why it is widely used.
How Oxidized automates network configuration backups.
The advantages of deploying Oxidized with Docker.
Hardware, software, and network prerequisites.
Core Oxidized architecture and workflow.
Production deployment considerations.
How to install Docker Engine and Docker Compose on Ubuntu.
How to verify a container-ready environment.

Creating the Oxidized Project Structure

With Docker and Docker Compose installed, the next step is creating a structured and maintainable project layout for Oxidized. Proper organization makes upgrades, troubleshooting, backups, and Git integration significantly easier.

Why Directory Structure Matters

Many first-time deployments place all files in a single directory. While this may work in a lab environment, it quickly becomes difficult to manage in production.

A well-designed structure provides:

Easier backups
Cleaner configuration management
Simplified upgrades
Better Git organization
Faster troubleshooting
Clear separation of data and application components

Recommended Directory Layout

Create a dedicated project directory:

mkdir -p ~/oxidized-docker
cd ~/oxidized-docker

Create the required subdirectories:

mkdir -p oxidized/config
mkdir -p oxidized/devices
mkdir -p oxidized/output
mkdir -p oxidized/logs
mkdir -p oxidized/git

Recommended structure:

oxidized-docker/
├── docker-compose.yml
├── oxidized/
│   ├── config/
│   ├── devices/
│   ├── output/
│   ├── logs/
│   └── git/

Directory Purpose

Directory	Purpose
config	Oxidized configuration files
devices	Device inventory files
output	Configuration backups
logs	Application logs
git	Git repository storage

Persistent Storage Design

One of the most important considerations when running applications in containers is data persistence.

Containers are designed to be disposable. If a container is removed and no persistent storage exists, all collected configurations may be lost.

Always map the following to persistent volumes:

Data Type	Persist?
Device inventory	Yes
Oxidized configuration	Yes
Backup repository	Yes
Logs	Recommended
Git history	Yes

This approach ensures backups remain intact even after upgrades or container recreation.

Creating the Docker Compose File

Docker Compose simplifies deployment by defining services, storage, networking, and runtime settings in a single file.

Why Docker Compose Is Recommended

Instead of manually starting containers with lengthy commands, Docker Compose allows infrastructure to be managed as code.

Benefits include:

Reproducibility
Version control
Simplified upgrades
Easier troubleshooting
Team collaboration

Creating docker-compose.yml

Create the file:

nano docker-compose.yml

Add the following configuration:

services:
  oxidized:
    image: oxidized/oxidized:latest
    container_name: oxidized
    restart: unless-stopped

    ports:
      - "8888:8888"

    volumes:
      - ./oxidized/config:/home/oxidized/.config/oxidized
      - ./oxidized/output:/home/oxidized/output
      - ./oxidized/logs:/home/oxidized/logs

    environment:
      CONFIG_RELOAD_INTERVAL: 600

Save and exit.

Docker Compose Configuration Breakdown

Image

image: oxidized/oxidized:latest

Specifies the Oxidized container image.

Container Name

container_name: oxidized

Provides predictable container identification.

Restart Policy

restart: unless-stopped

Automatically restarts Oxidized after:

Host reboot
Service interruption
Container crash

Port Mapping

ports:
  - "8888:8888"

Exposes the Oxidized web interface.

Volumes

volumes:

Mounts persistent data locations from the host.

Production Compose Enhancements

For enterprise environments, consider:

Setting	Purpose
Resource Limits	Prevent excessive CPU usage
Dedicated Networks	Improve isolation
Read-Only Filesystems	Enhance security
Logging Drivers	Centralized logging
Health Checks	Improve monitoring

A production-ready deployment should evolve as operational requirements grow.

Configuring Oxidized

After creating the deployment structure, the next step is configuring Oxidized itself.

Generate Initial Configuration

Start the container temporarily:

docker compose up -d

Access the container:

docker exec -it oxidized bash

Generate a default configuration:

oxidized

The default configuration file will be created inside:

/home/oxidized/.config/oxidized/config

Exit the container:

exit

Understanding the Oxidized Configuration File

The configuration file controls:

Device sources
Authentication
Storage methods
Polling intervals
Logging
Web interface settings

A simplified example:

---
username: backupuser
password: StrongPassword

model: ios

interval: 3600

use_syslog: false

threads: 10

timeout: 20

retries: 3

rest: 0.0.0.0:8888

Core Parameters Explained

Parameter	Purpose
username	Login account
password	Device password
model	Device platform
interval	Backup frequency
timeout	Connection timeout
retries	Retry attempts
threads	Parallel connections
rest	Web interface binding

Backup Interval Best Practices

Environment	Recommended Interval
Lab	1 Hour
Small Business	4 Hours
Enterprise	12 Hours
Compliance-Driven	1 Hour

Excessively aggressive polling can generate unnecessary load.

Configuring Sources

A source defines where Oxidized obtains its device inventory.

Supported source types include:

CSV
SQLite
HTTP
LibreNMS
NetBox
SQL Databases

For simplicity, this guide starts with CSV.

Configure CSV Source

Add the following section:

source:
  default: csv
  csv:
    file: /home/oxidized/.config/oxidized/router.db
    delimiter: !ruby/regexp /:/
    map:
      name: 0
      model: 1

How CSV Source Works

Oxidized reads device information from a text file.

Each line represents:

hostname:model

Example:

R1:ios
R2:ios
SW1:nxos
FW1:asa

This method is simple and reliable for small and medium environments.

Configuring Outputs

Outputs determine where collected configurations are stored.

File-Based Output

Most deployments begin with file output.

output:
  default: file
  file:
    directory: /home/oxidized/output

Benefits:

Simplicity
Easy troubleshooting
Local storage

Git Output

For production environments, Git is strongly recommended.

Example:

output:
  default: git
  git:
    user: Oxidized
    email: oxidized@example.com
    repo: /home/oxidized/output/configs.git

Benefits include:

Version tracking
Historical analysis
Rollback capability
Compliance reporting

We will implement Git fully later in this guide.

Configuring Authentication

Authentication is critical because Oxidized must access network devices automatically.

Username and Password Authentication

Basic configuration:

username: backupuser
password: StrongPassword

This approach works but has limitations.

SSH Key Authentication

For production deployments, SSH keys are preferred.

Benefits:

Improved security
Reduced password exposure
Better compliance alignment
Easier credential rotation

SSH keys are covered in detail later in the guide.

Per-Device Credentials

Large environments may require unique credentials per device group.

Examples include:

Core routers
Data center switches
Firewalls
Customer-managed devices

This can be implemented through advanced source integrations.

Configuring Git Repository Support

One of Oxidized’s most valuable capabilities is Git integration.

Why Git Matters

Without Git:

Only current backups exist
Historical visibility is limited

With Git:

Every change is tracked
Configuration drift is visible
Rollbacks become easier
Auditing improves significantly

Git Workflow

Oxidized performs:

Backup collection
Change detection
Git commit
History retention

This effectively creates a configuration timeline.

Example Git Output Configuration

output:
  default: git

  git:
    user: Oxidized
    email: oxidized@example.com
    repo: /home/oxidized/output/configs.git

Each configuration update generates a commit when changes are detected.

Adding Network Devices to Oxidized

Now that the source configuration exists, devices must be added.

Create router.db

Create the inventory file:

nano oxidized/config/router.db

Add sample devices:

core-rtr01:ios
edge-rtr01:ios
dc-sw01:nxos
branch-fw01:asa

Save the file.

Device Inventory Fields

At minimum:

Field	Purpose
Hostname	Device address
Model	Vendor platform

Advanced inventories may include:

Additional Field	Purpose
Username	Override credentials
Password	Device-specific login
Group	Device categorization
Port	Custom SSH port

Cisco Router Example

Example inventory:

10.10.10.1:ios

Model:

model: ios

Oxidized automatically executes Cisco IOS-specific commands.

Cisco Nexus Example

10.10.20.1:nxos

Oxidized loads NX-OS commands automatically.

Cisco ASA Example

10.10.30.1:asa

Firewall configurations are collected using ASA-specific logic.

Multi-Vendor Inventory Example

10.10.10.1:ios
10.10.20.1:nxos
10.10.30.1:asa
10.10.40.1:junos
10.10.50.1:eos
10.10.60.1:fortios

This demonstrates the flexibility of Oxidized in heterogeneous environments.

Starting the Oxidized Container

After configuration is complete, launch the service.

Start Deployment

docker compose up -d

Verify:

docker ps

Expected output:

CONTAINER ID
oxidized
Up

Check Logs

Review startup logs:

docker logs -f oxidized

Look for:

Successful startup
Device inventory loading
SSH connections
Backup operations

Common Startup Messages

Message	Meaning
Configuration Loaded	Success
Node Added	Inventory recognized
Configuration Saved	Backup completed
Git Commit Created	Version tracked

Logs provide immediate visibility into deployment health.

Verifying Container Health

Check Running Status

docker inspect oxidized

Verify:

State: Running

Resource Monitoring

Monitor resource consumption:

docker stats oxidized

Useful metrics include:

CPU
Memory
Network activity
Disk I/O

Restart Testing

Test restart behavior:

docker restart oxidized

Verify data remains intact.

This confirms persistent storage is functioning correctly.

Accessing the Oxidized Web Interface

The built-in web interface provides operational visibility.

Open the Dashboard

Navigate to:

http://SERVER-IP:8888

Example:

http://192.168.1.100:8888

Dashboard Functions

The web interface displays:

Device inventory
Backup status
Configuration history
Recent activity
Device models

Why the Web Interface Matters

Benefits include:

Quick verification
Operational visibility
Troubleshooting assistance
Backup confirmation

Many administrators use the dashboard as their primary operational view.

Verifying Successful Backups

After initial polling completes:

Open the dashboard.
Select a device.
View collected configuration.
Verify command output.
Confirm latest backup timestamp.

Successful retrieval confirms:

Connectivity
Authentication
Model mapping
Storage functionality

Understanding Backup Operations

Before moving into advanced integrations and production hardening, it is important to understand how Oxidized performs ongoing backups.

Polling Mechanism

Oxidized continuously cycles through devices according to the configured interval.

Example:

interval: 3600

This instructs Oxidized to poll devices every hour.

Configuration Collection Process

For each device:

Establish SSH connection.
Authenticate.
Execute model-specific commands.
Capture output.
Normalize configuration.
Compare with previous version.
Save changes.
Commit to Git if modified.

Change Detection

Oxidized avoids unnecessary storage growth.

If no configuration changes occur:

No new commit is created.
Existing backup remains valid.

If changes are detected:

New backup generated.
Git commit created.
Historical version retained.

Configuration History Benefits

Organizations gain:

Change visibility
Rollback capability
Compliance evidence
Audit support
Troubleshooting context

These capabilities are among the primary reasons engineers adopt Oxidized over manual backup methods.

Key Takeaways

At this point, you have:

Built a production-ready project structure.
Created a Docker Compose deployment.
Configured Oxidized settings.
Configured device inventory sources.
Added network devices.
Started and verified the container.
Accessed the web interface.
Understood backup workflows.
Enabled the foundation for Git-based version control.

Configuring Git Version Control

One of the biggest advantages of Oxidized is its native integration with Git. While storing configuration files locally provides backup protection, Git transforms Oxidized into a complete configuration management and change-tracking platform.

Why Git Integration Matters

Network environments constantly change due to:

Maintenance activities
Security updates
Routing modifications
VLAN additions
Firewall rule updates
Infrastructure upgrades

Without version control, identifying who changed what and when becomes difficult.

Git provides:

Benefit	Description
Change Tracking	Tracks configuration modifications
Rollback Capability	Restore previous versions
Audit History	Review historical changes
Compliance Support	Demonstrate configuration control
Collaboration	Multiple administrators can review changes

Initializing a Local Git Repository

Access the Oxidized container:

docker exec -it oxidized bash

Navigate to the output directory:

cd /home/oxidized/output

Initialize Git:

git init

Verify:

git status

Oxidized will automatically create commits whenever configuration changes are detected.

GitHub Integration

Many organizations store configuration backups in private GitHub repositories.

Create a repository in GitHub and configure remote access:

git remote add origin git@github.com:organization/network-backups.git

Verify:

git remote -v

Push configurations:

git push -u origin main

GitLab Integration

GitLab provides similar functionality.

Example:

git remote add origin git@gitlab.com:organization/network-backups.git

Benefits include:

Private repositories
CI/CD pipelines
Merge requests
Access controls
Self-hosted options

Viewing Configuration History

Useful Git commands:

View commit history:

git log

Compare changes:

git diff

View specific commit:

git show COMMIT_ID

These capabilities make troubleshooting configuration drift significantly easier.

Integrating Oxidized with LibreNMS

Many organizations already use LibreNMS for monitoring. Integrating Oxidized allows device inventory to be automatically synchronized.

Benefits of LibreNMS Integration

Benefit	Value
Dynamic Inventory	Automatically imports devices
Reduced Manual Work	No duplicate inventory management
Centralized Operations	Monitoring and backups work together
Scalability	Supports large environments

Integration Workflow

LibreNMS discovers devices.
Oxidized retrieves inventory.
Device information is synchronized.
Backups begin automatically.
Configuration changes are tracked.

Example LibreNMS Source Configuration

source:
  default: http

  http:
    url: https://librenms.example.com/api/v0/oxidized
    scheme: https

Operational Advantages

Using LibreNMS as a source eliminates the need to maintain:

CSV files
Manual inventory lists
Duplicate device records

This improves operational efficiency and reduces administrative overhead.

Integrating Oxidized with NetBox

NetBox has become one of the most popular sources of truth for network infrastructure.

Combining NetBox with Oxidized creates a highly automated network management workflow.

Why Integrate with NetBox?

NetBox stores:

Devices
Interfaces
Sites
IP addresses
Racks
Roles
Platforms

Oxidized can leverage this inventory automatically.

Integration Benefits

Feature	Benefit
Dynamic Inventory	Automatic device updates
Single Source of Truth	Consistent infrastructure data
Reduced Errors	Less manual entry
Automation Friendly	Supports Infrastructure as Code

Example Workflow

Device added to NetBox.
NetBox inventory updates.
Oxidized discovers device.
Backup process begins.
Configuration history tracked.

This creates a modern network automation ecosystem.

Securing Oxidized in Production

Security should never be an afterthought.

Because Oxidized stores network configurations and device credentials, hardening is critical.

SSH Key Authentication

SSH keys are strongly recommended over passwords.

Generate a key pair:

ssh-keygen -t ed25519

Copy public key to devices:

ssh-copy-id backupuser@router-ip

Benefits include:

Stronger security
Reduced credential exposure
Easier automation
Better compliance alignment

Credential Protection

Avoid:

Shared accounts
Hardcoded passwords
Weak passwords
Excessive privileges

Instead:

Best Practice	Purpose
Dedicated Backup Accounts	Accountability
Strong Passwords	Security
SSH Keys	Improved Authentication
Role-Based Access	Least Privilege

Docker Security Best Practices

Production deployments should include:

Updated images
Minimal exposed ports
Regular vulnerability scans
Secure volume permissions
Non-root execution where possible

Network Segmentation

Place Oxidized in a dedicated management network.

Benefits:

Reduced attack surface
Improved access control
Better monitoring visibility

Repository Security

Protect Git repositories using:

Private repositories
MFA
Access control policies
Audit logging

Network configurations often contain sensitive operational information.

Monitoring and Logging

Operational visibility is essential for long-term reliability.

Log Analysis

View logs:

docker logs oxidized

Follow logs in real time:

docker logs -f oxidized

Common Log Events

Event	Meaning
Node Added	Device recognized
Connection Established	Authentication successful
Config Saved	Backup completed
Git Commit Created	Change tracked
Timeout Error	Connectivity issue

Health Monitoring

Important metrics include:

Metric	Why It Matters
Backup Success Rate	Operational reliability
Failed Devices	Problem identification
Authentication Failures	Security visibility
Polling Duration	Performance monitoring
Storage Growth	Capacity planning

Backup Validation

Do not assume backups are valid.

Regularly verify:

Device configurations exist.
Files are readable.
Git commits are being generated.
Inventory synchronization works.
Recent changes appear correctly.

Validation should be part of operational procedures.

Common Oxidized Issues and Troubleshooting

Even well-designed deployments encounter occasional problems.

Authentication Failures

Common causes:

Incorrect credentials
Expired passwords
SSH key issues
Access restrictions

Troubleshooting steps:

ssh backupuser@device-ip

Verify manual login succeeds before troubleshooting Oxidized.

SSH Timeout Errors

Possible causes:

Firewall restrictions
Routing issues
ACLs
Device load

Verify connectivity:

ping DEVICE_IP

Test SSH:

ssh DEVICE_IP

Device Model Issues

Symptoms:

Empty backups
Incomplete configurations
Command failures

Verify:

router.db

contains the correct model identifier.

Example:

10.10.10.1:ios

instead of:

10.10.10.1:cisco

Docker Permission Problems

Symptoms:

Missing files
Volume mount failures
Startup issues

Verify permissions:

ls -la

Correct ownership if necessary.

Git Synchronization Failures

Possible causes:

Authentication problems
Incorrect repository URL
Network restrictions

Verify:

git remote -v

Test connectivity manually.

Troubleshooting Matrix

Problem	Likely Cause	Solution
Login Failed	Incorrect Credentials	Verify Account
SSH Timeout	Connectivity Issue	Check Network
Empty Config	Wrong Model	Correct Model Mapping
No Git Commits	Output Configuration	Verify Git Settings
Container Stops	Docker Error	Review Logs

Oxidized Best Practices

Successful deployments share several characteristics.

Use Dedicated Backup Accounts

Avoid using administrator accounts.

Benefits:

Better accountability
Reduced risk
Easier auditing

Implement Git from Day One

Organizations frequently delay Git integration and later regret it.

Version control should be enabled immediately.

Group Devices Logically

Examples:

Core
Distribution
Access
Firewalls
Data Center

Grouping improves scalability and management.

Monitor Backup Success Rates

Regularly review:

Failed devices
Authentication issues
Configuration changes

Do not wait until an outage occurs.

Secure Configuration Data

Treat backups as sensitive information.

Protect:

Device credentials
VPN settings
Security policies
Infrastructure details

Regularly Test Recovery Procedures

A backup strategy is incomplete without recovery testing.

Validate that configurations can be restored when needed.

Scaling Oxidized for Enterprise Environments

As environments grow, planning becomes increasingly important.

Small Environment

Typical characteristics:

Metric	Value
Devices	Under 100
Threads	5–10
Polling Interval	1–4 Hours

Medium Environment

Metric	Value
Devices	100–1000
Threads	20–50
Polling Interval	4–12 Hours

Large Enterprise

Metric	Value
Devices	1000+
Threads	50+
Dedicated Storage	Recommended
Monitoring Integration	Required

Enterprise Recommendations

Use NetBox inventory.
Integrate monitoring.
Protect repositories.
Enable centralized logging.
Implement backup validation.

These practices improve reliability at scale.

Oxidized vs RANCID

Many network engineers evaluate Oxidized against RANCID.

Feature Comparison

Feature	Oxidized	RANCID
Open Source	Yes	Yes
Git Support	Native	Limited
Docker Support	Excellent	Limited
REST API	Yes	No
Web Interface	Built-In	External
Modern Development	Active	Less Active
Automation Friendly	High	Moderate

Operational Comparison

Category	Oxidized	RANCID
Deployment Simplicity	Easier
Container Support	Native
Inventory Integration	Extensive
Network Automation Compatibility	Excellent

Which One Should You Choose?

For most modern environments:

Oxidized is the preferred option.
Docker simplifies deployment.
Git integration improves visibility.
API support enables automation.

RANCID remains functional but is often chosen only in legacy environments.

Frequently Asked Questions

What is Oxidized used for?

Oxidized is used to automatically back up network device configurations, track changes, and maintain version-controlled configuration history.

Is Oxidized free?

Yes. Oxidized is an open-source project and can be used without licensing costs.

Can Oxidized run in Docker?

Yes. Docker is one of the most popular deployment methods because it simplifies installation, upgrades, and maintenance.

Does Oxidized support Cisco devices?

Yes. Oxidized supports Cisco IOS, IOS-XE, NX-OS, ASA, IOS-XR, and many other platforms.

How often does Oxidized perform backups?

Backup frequency depends on the configured polling interval. Common intervals range from one hour to twelve hours.

Does Oxidized support Git?

Yes. Native Git integration is one of its most valuable features.

Can Oxidized integrate with LibreNMS?

Yes. LibreNMS can serve as an inventory source and automatically synchronize device information.

Can Oxidized integrate with NetBox?

Yes. NetBox integration enables dynamic inventory management and source-of-truth workflows.

Is SSH recommended over Telnet?

Yes. SSH provides encryption and significantly better security.

Is Oxidized suitable for enterprise environments?

Absolutely. Many enterprises use Oxidized to manage hundreds or thousands of network devices.

Final Thoughts

Network configuration backups are no longer optional. Modern networks require automated, reliable, and auditable backup processes to support operational resilience, security, compliance, and disaster recovery.

Oxidized has become one of the leading open-source solutions for network configuration management because it combines broad vendor support, Git-based version control, automation capabilities, API access, and straightforward deployment models.

Running Oxidized in Docker further enhances operational efficiency by providing portability, simplified upgrades, predictable deployments, and easier maintenance. When integrated with tools such as GitHub, GitLab, LibreNMS, and NetBox, Oxidized becomes a powerful component of a modern network automation strategy.

Whether you manage a small lab, a growing enterprise network, or a large-scale service provider environment, implementing Oxidized provides visibility into configuration changes, strengthens disaster recovery readiness, and helps establish configuration management best practices across the organization.

By following the steps in this guide, you now have the knowledge required to deploy, configure, secure, monitor, and scale Oxidized using Docker in a production-ready environment.

Key Takeaways

Oxidized automates network configuration backups.
Docker simplifies deployment and lifecycle management.
Git integration provides configuration version control.
SSH should be preferred over Telnet.
LibreNMS and NetBox integrations improve automation.
Security hardening is essential for production deployments.
Monitoring and backup validation should be ongoing processes.
Oxidized is a modern alternative to RANCID.
The platform scales effectively from labs to enterprise environments.
Automated configuration management significantly improves operational resilience and disaster recovery readiness.