A perl script to convert Cisco IOS/Nexus/ASA configurations to HTML for easier comprehension
Nanog, (This is me scratching an itch of my own and hoping that sharing it might be useful to others on this list. Apologies if it isn't) When I'm trying to comprehend a new or complicated Cisco router, switch or firewall configuration an old pet-peeve of mine is how needlessly difficult it is to follow deeply nested logic in route-maps, ACLs, QoS policy-maps etc etc To make this a bit simpler I’ve been working on a perl script to convert these text-based configuration files into HTML with links between the different elements (e.g. To an access-list from the interface where it’s applied, from policy-maps to class-maps etc), hopefully making it easier to to follow the chain of logic via clicking links and using the forward and back buttons in your browser to go back and forth between command and referenced list. I've put the script itself up here <https://github.com/jlmcgraw/network_configuration_navigator>: https://github.com/jlmcgraw/network_configuration_navigator See here <ttp://htmlpreview.github.com/?https://github.com/jlmcgraw/network_configuration_navigator/blob/master/examples/html_test_case_1.cfg.html> for output examples http://htmlpreview.github.com/?https://github.com/jlmcgraw/network_configura... Here's a quick web demo <https://hidden-waters-8218.herokuapp.com/> on Heroku https://hidden-waters-8218.herokuapp.com/ (This is just a simple web front-end to the script. I'm not a web-savvy guy so I'm sure it's poorly coded and terribly insecure. Please don't upload anything sensitive to this, it's just for testing!) I know there is a lot of stuff that could be done better so let me know if you think of anything new or notice something I’ve done wrong. One unexpected thing that has come out of this script is the ability to catch items that are defined but never actually used, whether it's due to a fat-finger or just being leftover cruft. This has proven very valuable in catching mistakes that are otherwise hard to spot. Unfortunately the script can't currently catch the inverse (things that are called but never defined) due to the way the regexes are constructed Surely this has all been done before but I couldn't find anything in a few brief moments of searching so here we are. -Jesse Notes: See the box on the right for a key and links to jump to the first line of the various types of sections or unused items There are some command-line options for reformatting (make some numbers that are hard to read into more human-readable ones, add colors to permits/denies, scrub sensitive info etc, remove some redundancy). Try and see what you like. If you run it against multiple configuration files at once it will also attempt to link between them when applicable (e.g. BGP neighbors, route next hops, interfaces on the same subnet etc). I regularly use it on a ~900 configuration files set with no problems Developed under Ubuntu Linux, somewhat tested on Windows but not at all on OS Based on configs that I work with so it doesn't cover all possible commands. Send patches!
On 10/6/16, Jesse McGraw <jlmcgraw@gmail.com> wrote:
Nanog,
(This is me scratching an itch of my own and hoping that sharing it might be useful to others on this list. Apologies if it isn't)
When I'm trying to comprehend a new or complicated Cisco router, switch or firewall configuration an old pet-peeve of mine is how needlessly difficult it is to follow deeply nested logic in route-maps, ACLs, QoS policy-maps etc etc
To make this a bit simpler I’ve been working on a perl script to convert these text-based configuration files into HTML with links between the different elements (e.g. To an access-list from the interface where it’s applied, from policy-maps to class-maps etc), hopefully making it easier to to follow the chain of logic via clicking links and using the forward and back buttons in your browser to go back and forth between command and referenced list.
I've put the script itself up here <https://github.com/jlmcgraw/network_configuration_navigator>: https://github.com/jlmcgraw/network_configuration_navigator
See here <ttp://htmlpreview.github.com/?https://github.com/jlmcgraw/network_configuration_navigator/blob/master/examples/html_test_case_1.cfg.html>
for output examples http://htmlpreview.github.com/?https://github.com/jlmcgraw/network_configura...
Here's a quick web demo <https://hidden-waters-8218.herokuapp.com/> on Heroku https://hidden-waters-8218.herokuapp.com/ (This is just a simple web front-end to the script. I'm not a web-savvy guy so I'm sure it's poorly coded and terribly insecure. Please don't upload anything sensitive to this, it's just for testing!)
I know there is a lot of stuff that could be done better so let me know if you think of anything new or notice something I’ve done wrong.
One unexpected thing that has come out of this script is the ability to catch items that are defined but never actually used, whether it's due to a fat-finger or just being leftover cruft. This has proven very valuable in catching mistakes that are otherwise hard to spot. Unfortunately the script can't currently catch the inverse (things that are called but never defined) due to the way the regexes are constructed
Surely this has all been done before but I couldn't find anything in a few brief moments of searching so here we are.
dunno about creating web pages, but https://www.nanog.org/meetings/abstract?id=785 has a section on showing filters that are defined but not referenced & referenced but not defined Regards, Lee
On 07/10/2016 00:33, Lee wrote:
dunno about creating web pages, but https://www.nanog.org/meetings/abstract?id=785 has a section on showing filters that are defined but not referenced & referenced but not defined
In IOS-XR it is one command "sho rpl unused ?" RP/0/RSP0/CPU0:petach-tikva-gp#show rpl unused ? as-path-set Display as-path-set objects community-set Display community-set objects extcommunity-set Display extended community objects prefix-set Display prefix-set objects rd-set Display rd-set objects route-policy Display route-policy objects tag-set Display tag-set objects RP/0/RSP0/CPU0:petach-tikva-gp#show rpl unused prefix Fri Oct 7 08:24:53.237 IDT ACTIVE -- Referenced by at least one policy which is attached INACTIVE -- Only referenced by policies which are not attached UNUSED -- Not attached (directly or indirectly) and not referenced -Hank
Regards, Lee
On 10/7/16, Hank Nussbacher <hank@efes.iucc.ac.il> wrote:
On 07/10/2016 00:33, Lee wrote:
dunno about creating web pages, but https://www.nanog.org/meetings/abstract?id=785 has a section on showing filters that are defined but not referenced & referenced but not defined
In IOS-XR it is one command "sho rpl unused ?" RP/0/RSP0/CPU0:petach-tikva-gp#show rpl unused ? as-path-set Display as-path-set objects community-set Display community-set objects extcommunity-set Display extended community objects prefix-set Display prefix-set objects rd-set Display rd-set objects route-policy Display route-policy objects tag-set Display tag-set objects
RP/0/RSP0/CPU0:petach-tikva-gp#show rpl unused prefix Fri Oct 7 08:24:53.237 IDT
ACTIVE -- Referenced by at least one policy which is attached INACTIVE -- Only referenced by policies which are not attached UNUSED -- Not attached (directly or indirectly) and not referenced
I'm actually starting to miss being out of the game. I'm retired, so don't have access to anything running IOS-XR. Just out of curiosity, how does the output of 'show rpl unused prefix' compare to the output of the script at http://pastebin.com/pem7tHAJ Thanks, Lee
On 07/10/2016 17:59, Lee wrote:
On 10/7/16, Hank Nussbacher <hank@efes.iucc.ac.il> wrote:
dunno about creating web pages, but https://www.nanog.org/meetings/abstract?id=785 has a section on showing filters that are defined but not referenced & referenced but not defined In IOS-XR it is one command "sho rpl unused ?" RP/0/RSP0/CPU0:petach-tikva-gp#show rpl unused ? as-path-set Display as-path-set objects community-set Display community-set objects extcommunity-set Display extended community objects
On 07/10/2016 00:33, Lee wrote: prefix-set Display prefix-set objects rd-set Display rd-set objects route-policy Display route-policy objects tag-set Display tag-set objects
RP/0/RSP0/CPU0:petach-tikva-gp#show rpl unused prefix Fri Oct 7 08:24:53.237 IDT
ACTIVE -- Referenced by at least one policy which is attached INACTIVE -- Only referenced by policies which are not attached UNUSED -- Not attached (directly or indirectly) and not referenced I'm actually starting to miss being out of the game. I'm retired, so don't have access to anything running IOS-XR. Just out of curiosity, how does the output of 'show rpl unused prefix' compare to the output of the script at http://pastebin.com/pem7tHAJ
Thanks, Lee
Samples: RP/0/RSP0/CPU0:petach-tikva-gp#sho rpl unused as-path Sat Oct 8 20:03:22.975 IDT ACTIVE -- Referenced by at least one policy which is attached INACTIVE -- Only referenced by policies which are not attached UNUSED -- Not attached (directly or indirectly) and not referenced The following as-path-sets are UNUSED ------------------------------------------ aspath_191_p1_permit P/0/RSP0/CPU0:petach-tikva-gp#sho rpl unused prefix Sat Oct 8 20:03:56.826 IDT ACTIVE -- Referenced by at least one policy which is attached INACTIVE -- Only referenced by policies which are not attached UNUSED -- Not attached (directly or indirectly) and not referenced The following prefix-sets are UNUSED ------------------------------------------ aspath_191_permit RP/0/RSP0/CPU0:petach-tikva-gp#sho rpl unused comm Sat Oct 8 20:04:20.953 IDT ACTIVE -- Referenced by at least one policy which is attached INACTIVE -- Only referenced by policies which are not attached UNUSED -- Not attached (directly or indirectly) and not referenced The following community-sets are UNUSED ------------------------------------------ 378:3300 378:65379 P/0/RSP0/CPU0:petach-tikva-gp#sho rpl unused rout Sat Oct 8 20:05:22.857 IDT ACTIVE -- Referenced by at least one policy which is attached INACTIVE -- Only referenced by policies which are not attached UNUSED -- Not attached (directly or indirectly) and not referenced The following policies are (UNUSED) ------------------------------------------ GEANT-QoS tagIIXroutes Note the sloppy code - sometimes they state UNUSED and sometimes (UNUSED). Or "the following policies are"... rather than "the following routing policies are". Just plain sloppy Cisco coding and poor QA. And once you delete these unreferenced objects, "show rpl unused" will still show them since there is a bug in Cisco code (CSCuy07932/CSCug9153). See: http://www.gossamer-threads.com/lists/cisco/nsp/192481 for details. -Hank
On 10/8/16, Hank Nussbacher <hank@efes.iucc.ac.il> wrote:
On 07/10/2016 17:59, Lee wrote:
On 10/7/16, Hank Nussbacher <hank@efes.iucc.ac.il> wrote:
dunno about creating web pages, but https://www.nanog.org/meetings/abstract?id=785 has a section on showing filters that are defined but not referenced & referenced but not defined In IOS-XR it is one command "sho rpl unused ?" RP/0/RSP0/CPU0:petach-tikva-gp#show rpl unused ? as-path-set Display as-path-set objects community-set Display community-set objects extcommunity-set Display extended community objects
On 07/10/2016 00:33, Lee wrote: prefix-set Display prefix-set objects rd-set Display rd-set objects route-policy Display route-policy objects tag-set Display tag-set objects
RP/0/RSP0/CPU0:petach-tikva-gp#show rpl unused prefix Fri Oct 7 08:24:53.237 IDT
ACTIVE -- Referenced by at least one policy which is attached INACTIVE -- Only referenced by policies which are not attached UNUSED -- Not attached (directly or indirectly) and not referenced I'm actually starting to miss being out of the game. I'm retired, so don't have access to anything running IOS-XR. Just out of curiosity, how does the output of 'show rpl unused prefix' compare to the output of the script at http://pastebin.com/pem7tHAJ
Thanks, Lee
Samples:
<.. snip samples ..> interesting.. thanks!
Note the sloppy code - sometimes they state UNUSED and sometimes (UNUSED). Or "the following policies are"... rather than "the following routing policies are". Just plain sloppy Cisco coding and poor QA. And once you delete these unreferenced objects, "show rpl unused" will still show them since there is a bug in Cisco code (CSCuy07932/CSCug9153). See: http://www.gossamer-threads.com/lists/cisco/nsp/192481 for details.
Which is why I like having the source code -- there's the possibility of fixing whatever myself instead of having to wait for the vendor to fix it :) Thanks, Lee
Neat! On Thu, Oct 6, 2016 at 1:26 PM, Jesse McGraw <jlmcgraw@gmail.com> wrote:
Nanog,
(This is me scratching an itch of my own and hoping that sharing it might be useful to others on this list. Apologies if it isn't)
When I'm trying to comprehend a new or complicated Cisco router, switch or firewall configuration an old pet-peeve of mine is how needlessly difficult it is to follow deeply nested logic in route-maps, ACLs, QoS policy-maps etc etc
To make this a bit simpler I’ve been working on a perl script to convert these text-based configuration files into HTML with links between the different elements (e.g. To an access-list from the interface where it’s applied, from policy-maps to class-maps etc), hopefully making it easier to to follow the chain of logic via clicking links and using the forward and back buttons in your browser to go back and forth between command and referenced list.
I've put the script itself up here <https://github.com/jlmcgraw/network_configuration_navigator>: https://github.com/jlmcgraw/network_configuration_navigator
See here <ttp://htmlpreview.github.com/?https://github.com/jlmcgraw/network_configuration_navigator/blob/master/examples/html_test_case_1.cfg.html> for output examples http://htmlpreview.github.com/?https://github.com/jlmcgraw/network_configura...
Here's a quick web demo <https://hidden-waters-8218.herokuapp.com/> on Heroku https://hidden-waters-8218.herokuapp.com/ (This is just a simple web front-end to the script. I'm not a web-savvy guy so I'm sure it's poorly coded and terribly insecure. Please don't upload anything sensitive to this, it's just for testing!)
I know there is a lot of stuff that could be done better so let me know if you think of anything new or notice something I’ve done wrong.
One unexpected thing that has come out of this script is the ability to catch items that are defined but never actually used, whether it's due to a fat-finger or just being leftover cruft. This has proven very valuable in catching mistakes that are otherwise hard to spot. Unfortunately the script can't currently catch the inverse (things that are called but never defined) due to the way the regexes are constructed
Surely this has all been done before but I couldn't find anything in a few brief moments of searching so here we are.
-Jesse
Notes: See the box on the right for a key and links to jump to the first line of the various types of sections or unused items
There are some command-line options for reformatting (make some numbers that are hard to read into more human-readable ones, add colors to permits/denies, scrub sensitive info etc, remove some redundancy). Try and see what you like.
If you run it against multiple configuration files at once it will also attempt to link between them when applicable (e.g. BGP neighbors, route next hops, interfaces on the same subnet etc). I regularly use it on a ~900 configuration files set with no problems
Developed under Ubuntu Linux, somewhat tested on Windows but not at all on OS
Based on configs that I work with so it doesn't cover all possible commands. Send patches!
-- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
On 10/6/16 1:26 PM, Jesse McGraw wrote:
Nanog,
(This is me scratching an itch of my own and hoping that sharing it might be useful to others on this list. Apologies if it isn't)
When I'm trying to comprehend a new or complicated Cisco router, switch or firewall configuration an old pet-peeve of mine is how needlessly difficult it is to follow deeply nested logic in route-maps, ACLs, QoS policy-maps etc etc
To make this a bit simpler I’ve been working on a perl script to convert these text-based configuration files into HTML with links between the different elements (e.g. To an access-list from the interface where it’s applied, from policy-maps to class-maps etc), hopefully making it easier to to follow the chain of logic via clicking links and using the forward and back buttons in your browser to go back and forth between command and referenced list.
Way cool. Now to hook it into RANCID.... -- Jay Hennigan - CCIE #7880 - Network Engineering - jay@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
On 10/10/16, Jay Hennigan <jay@west.net> wrote:
On 10/6/16 1:26 PM, Jesse McGraw wrote:
Nanog,
(This is me scratching an itch of my own and hoping that sharing it might be useful to others on this list. Apologies if it isn't)
When I'm trying to comprehend a new or complicated Cisco router, switch or firewall configuration an old pet-peeve of mine is how needlessly difficult it is to follow deeply nested logic in route-maps, ACLs, QoS policy-maps etc etc
To make this a bit simpler I’ve been working on a perl script to convert these text-based configuration files into HTML with links between the different elements (e.g. To an access-list from the interface where it’s applied, from policy-maps to class-maps etc), hopefully making it easier to to follow the chain of logic via clicking links and using the forward and back buttons in your browser to go back and forth between command and referenced list.
Way cool. Now to hook it into RANCID....
It looks like what I did in 2.3.8 should still work - control_rancid puts the diff output into $TMP.diff so add this bit: grep "^Index: " $TMP.diff | awk '/^Index: configs/{ if ( ! got1 ) { printf("/usr/local/bin/myscript.sh "); got1=1; } printf("%s ", $2) } END{ printf("\n") } ' >$TMP.doit /bin/sh $TMP.doit >$TMP.out if [ -s $TMP.out ] ; then .. send mail / whatever rm $TMP.doit $TMP.out fi Regards, Lee
Give these a shot. https://github.com/jlmcgraw/networkUtilities I know J could use a little feedback on those as well but all in all they are pretty solid.
On Oct 11, 2016, at 08:48, Lee <ler762@gmail.com> wrote:
On 10/10/16, Jay Hennigan <jay@west.net> wrote:
On 10/6/16 1:26 PM, Jesse McGraw wrote:
Nanog,
(This is me scratching an itch of my own and hoping that sharing it might be useful to others on this list. Apologies if it isn't)
When I'm trying to comprehend a new or complicated Cisco router, switch or firewall configuration an old pet-peeve of mine is how needlessly difficult it is to follow deeply nested logic in route-maps, ACLs, QoS policy-maps etc etc
To make this a bit simpler I’ve been working on a perl script to convert these text-based configuration files into HTML with links between the different elements (e.g. To an access-list from the interface where it’s applied, from policy-maps to class-maps etc), hopefully making it easier to to follow the chain of logic via clicking links and using the forward and back buttons in your browser to go back and forth between command and referenced list.
Way cool. Now to hook it into RANCID....
It looks like what I did in 2.3.8 should still work - control_rancid puts the diff output into $TMP.diff so add this bit: grep "^Index: " $TMP.diff | awk '/^Index: configs/{ if ( ! got1 ) { printf("/usr/local/bin/myscript.sh "); got1=1; } printf("%s ", $2) } END{ printf("\n") } ' >$TMP.doit /bin/sh $TMP.doit >$TMP.out if [ -s $TMP.out ] ; then .. send mail / whatever rm $TMP.doit $TMP.out fi
Regards, Lee
-- Jason Hellenthal JJH48-ARIN
On 10/12/16, Jason Hellenthal <jhellenthal@dataix.net> wrote:
Give these a shot. https://github.com/jlmcgraw/networkUtilities
I know J could use a little feedback on those as well but all in all they are pretty solid.
Where does one get Modern/Perl.pm ? Can't locate Modern/Perl.pm in @INC (you may need to install the Modern::Perl module) (@INC contains: /tmp/local/lib/perl5 /usr/lib/perl5/site_perl/5.22/i686-cygwin-threads-64int /usr/lib/perl5/site_perl/5.22 /usr/lib/perl5/vendor_perl/5.22/i686-cygwin-threads-64int /usr/lib/perl5/vendor_perl/5.22 /usr/lib/perl5/5.22/i686-cygwin-threads-64int /usr/lib/perl5/5.22 .) at /tmp/iosToHtml.pl line 87. BEGIN failed--compilation aborted at /tmp/iosToHtml.pl line 87. Lee
On Oct 11, 2016, at 08:48, Lee <ler762@gmail.com> wrote:
On 10/10/16, Jay Hennigan <jay@west.net> wrote:
On 10/6/16 1:26 PM, Jesse McGraw wrote:
Nanog,
(This is me scratching an itch of my own and hoping that sharing it might be useful to others on this list. Apologies if it isn't)
When I'm trying to comprehend a new or complicated Cisco router, switch or firewall configuration an old pet-peeve of mine is how needlessly difficult it is to follow deeply nested logic in route-maps, ACLs, QoS policy-maps etc etc
To make this a bit simpler I’ve been working on a perl script to convert these text-based configuration files into HTML with links between the different elements (e.g. To an access-list from the interface where it’s applied, from policy-maps to class-maps etc), hopefully making it easier to to follow the chain of logic via clicking links and using the forward and back buttons in your browser to go back and forth between command and referenced list.
Way cool. Now to hook it into RANCID....
It looks like what I did in 2.3.8 should still work - control_rancid puts the diff output into $TMP.diff so add this bit: grep "^Index: " $TMP.diff | awk '/^Index: configs/{ if ( ! got1 ) { printf("/usr/local/bin/myscript.sh "); got1=1; } printf("%s ", $2) } END{ printf("\n") } ' >$TMP.doit /bin/sh $TMP.doit >$TMP.out if [ -s $TMP.out ] ; then .. send mail / whatever rm $TMP.doit $TMP.out fi
Regards, Lee
-- Jason Hellenthal JJH48-ARIN
Cpan? Cpan minus? Or just download [1] and there's probably a Make::Maker or similar Build.PL to build a makefile or just install it for you - there's a #perl channel on freenode if you need more and Google doesn't get you set. 1. http://search.cpan.org/~chromatic/Modern-Perl-1.20161005/lib/Modern/Perl.pm On Oct 12, 2016 8:02 PM, "Lee" <ler762@gmail.com> wrote:
On 10/12/16, Jason Hellenthal <jhellenthal@dataix.net> wrote:
Give these a shot. https://github.com/jlmcgraw/networkUtilities
I know J could use a little feedback on those as well but all in all they are pretty solid.
Where does one get Modern/Perl.pm ?
Can't locate Modern/Perl.pm in @INC (you may need to install the Modern::Perl module) (@INC contains: /tmp/local/lib/perl5 /usr/lib/perl5/site_perl/5.22/i686-cygwin-threads-64int /usr/lib/perl5/site_perl/5.22 /usr/lib/perl5/vendor_perl/5.22/i686-cygwin-threads-64int /usr/lib/perl5/vendor_perl/5.22 /usr/lib/perl5/5.22/i686-cygwin-threads-64int /usr/lib/perl5/5.22 .) at /tmp/iosToHtml.pl line 87. BEGIN failed--compilation aborted at /tmp/iosToHtml.pl line 87.
Lee
On Oct 11, 2016, at 08:48, Lee <ler762@gmail.com> wrote:
On 10/10/16, Jay Hennigan <jay@west.net> wrote:
On 10/6/16 1:26 PM, Jesse McGraw wrote:
Nanog,
(This is me scratching an itch of my own and hoping that sharing it might be useful to others on this list. Apologies if it isn't)
When I'm trying to comprehend a new or complicated Cisco router, switch or firewall configuration an old pet-peeve of mine is how needlessly difficult it is to follow deeply nested logic in
route-maps,
ACLs, QoS policy-maps etc etc
To make this a bit simpler I’ve been working on a perl script to convert these text-based configuration files into HTML with links between the different elements (e.g. To an access-list from the interface where it’s applied, from policy-maps to class-maps etc), hopefully making it easier to to follow the chain of logic via clicking links and using the forward and back buttons in your browser to go back and forth between command and referenced list.
Way cool. Now to hook it into RANCID....
It looks like what I did in 2.3.8 should still work - control_rancid puts the diff output into $TMP.diff so add this bit: grep "^Index: " $TMP.diff | awk '/^Index: configs/{ if ( ! got1 ) { printf("/usr/local/bin/myscript.sh "); got1=1; } printf("%s ", $2) } END{ printf("\n") } ' >$TMP.doit /bin/sh $TMP.doit >$TMP.out if [ -s $TMP.out ] ; then .. send mail / whatever rm $TMP.doit $TMP.out fi
Regards, Lee
-- Jason Hellenthal JJH48-ARIN
Lee, Check out the setup.sh script, hopefully it does everything necessary to get the script working on a Debian-derived Linux system I've attempted to make the only globally-installed dependencies be cpanm and carton. Once those are installed it uses carton to install the dependencies locally On 10/12/2016 07:59 PM, Lee wrote:
On 10/12/16, Jason Hellenthal <jhellenthal@dataix.net> wrote:
Give these a shot. https://github.com/jlmcgraw/networkUtilities
I know J could use a little feedback on those as well but all in all they are pretty solid. Where does one get Modern/Perl.pm ?
Can't locate Modern/Perl.pm in @INC (you may need to install the Modern::Perl module) (@INC contains: /tmp/local/lib/perl5 /usr/lib/perl5/site_perl/5.22/i686-cygwin-threads-64int /usr/lib/perl5/site_perl/5.22 /usr/lib/perl5/vendor_perl/5.22/i686-cygwin-threads-64int /usr/lib/perl5/vendor_perl/5.22 /usr/lib/perl5/5.22/i686-cygwin-threads-64int /usr/lib/perl5/5.22 .) at /tmp/iosToHtml.pl line 87. BEGIN failed--compilation aborted at /tmp/iosToHtml.pl line 87.
Lee
On Oct 11, 2016, at 08:48, Lee <ler762@gmail.com> wrote:
On 10/6/16 1:26 PM, Jesse McGraw wrote:
Nanog,
(This is me scratching an itch of my own and hoping that sharing it might be useful to others on this list. Apologies if it isn't)
When I'm trying to comprehend a new or complicated Cisco router, switch or firewall configuration an old pet-peeve of mine is how needlessly difficult it is to follow deeply nested logic in route-maps, ACLs, QoS policy-maps etc etc
To make this a bit simpler I’ve been working on a perl script to convert these text-based configuration files into HTML with links between the different elements (e.g. To an access-list from the interface where it’s applied, from policy-maps to class-maps etc), hopefully making it easier to to follow the chain of logic via clicking links and using the forward and back buttons in your browser to go back and forth between command and referenced list. Way cool. Now to hook it into RANCID.... It looks like what I did in 2.3.8 should still work - control_rancid
On 10/10/16, Jay Hennigan <jay@west.net> wrote: puts the diff output into $TMP.diff so add this bit: grep "^Index: " $TMP.diff | awk '/^Index: configs/{ if ( ! got1 ) { printf("/usr/local/bin/myscript.sh "); got1=1; } printf("%s ", $2) } END{ printf("\n") } ' >$TMP.doit /bin/sh $TMP.doit >$TMP.out if [ -s $TMP.out ] ; then .. send mail / whatever rm $TMP.doit $TMP.out fi
Regards, Lee
-- Jason Hellenthal JJH48-ARIN .
Thanks for chiming in Jesse.
On Oct 13, 2016, at 08:08, Jesse McGraw <jlmcgraw@gmail.com> wrote:
Lee,
Check out the setup.sh script, hopefully it does everything necessary to get the script working on a Debian-derived Linux system
I've attempted to make the only globally-installed dependencies be cpanm and carton. Once those are installed it uses carton to install the dependencies locally
On 10/12/2016 07:59 PM, Lee wrote:
On 10/12/16, Jason Hellenthal <jhellenthal@dataix.net> wrote:
Give these a shot. https://github.com/jlmcgraw/networkUtilities
I know J could use a little feedback on those as well but all in all they are pretty solid. Where does one get Modern/Perl.pm ?
Can't locate Modern/Perl.pm in @INC (you may need to install the Modern::Perl module) (@INC contains: /tmp/local/lib/perl5 /usr/lib/perl5/site_perl/5.22/i686-cygwin-threads-64int /usr/lib/perl5/site_perl/5.22 /usr/lib/perl5/vendor_perl/5.22/i686-cygwin-threads-64int /usr/lib/perl5/vendor_perl/5.22 /usr/lib/perl5/5.22/i686-cygwin-threads-64int /usr/lib/perl5/5.22 .) at /tmp/iosToHtml.pl line 87. BEGIN failed--compilation aborted at /tmp/iosToHtml.pl line 87.
Lee
On Oct 11, 2016, at 08:48, Lee <ler762@gmail.com> wrote:
On 10/6/16 1:26 PM, Jesse McGraw wrote:
Nanog,
(This is me scratching an itch of my own and hoping that sharing it might be useful to others on this list. Apologies if it isn't)
When I'm trying to comprehend a new or complicated Cisco router, switch or firewall configuration an old pet-peeve of mine is how needlessly difficult it is to follow deeply nested logic in route-maps, ACLs, QoS policy-maps etc etc
To make this a bit simpler I’ve been working on a perl script to convert these text-based configuration files into HTML with links between the different elements (e.g. To an access-list from the interface where it’s applied, from policy-maps to class-maps etc), hopefully making it easier to to follow the chain of logic via clicking links and using the forward and back buttons in your browser to go back and forth between command and referenced list. Way cool. Now to hook it into RANCID.... It looks like what I did in 2.3.8 should still work - control_rancid
On 10/10/16, Jay Hennigan <jay@west.net> wrote: puts the diff output into $TMP.diff so add this bit: grep "^Index: " $TMP.diff | awk '/^Index: configs/{ if ( ! got1 ) { printf("/usr/local/bin/myscript.sh "); got1=1; } printf("%s ", $2) } END{ printf("\n") } ' >$TMP.doit /bin/sh $TMP.doit >$TMP.out if [ -s $TMP.out ] ; then .. send mail / whatever rm $TMP.doit $TMP.out fi
Regards, Lee
-- Jason Hellenthal JJH48-ARIN .
-- Jason Hellenthal JJH48-ARIN
On 10/13/16, Jesse McGraw <jlmcgraw@gmail.com> wrote:
Lee,
Check out the setup.sh script, hopefully it does everything necessary to get the script working on a Debian-derived Linux system
I'm using Windows + Cygwin; maybe it's just that I don't have them installed, but there is no sudo or apt so setup.sh isn't going to work for me. So while I was interested in seeing what this bit looked like
If you run it against multiple configuration files at once it will also attempt to link between them when applicable (e.g. BGP neighbors, route next hops, interfaces on the same subnet etc). I'm not willing to take any more time on this.
I appreciate all the people who've tried to help but at least for now, I'm done. Thanks, Lee
I've attempted to make the only globally-installed dependencies be cpanm and carton. Once those are installed it uses carton to install the dependencies locally
On 10/12/2016 07:59 PM, Lee wrote:
On 10/12/16, Jason Hellenthal <jhellenthal@dataix.net> wrote:
Give these a shot. https://github.com/jlmcgraw/networkUtilities
I know J could use a little feedback on those as well but all in all they are pretty solid. Where does one get Modern/Perl.pm ?
Can't locate Modern/Perl.pm in @INC (you may need to install the Modern::Perl module) (@INC contains: /tmp/local/lib/perl5 /usr/lib/perl5/site_perl/5.22/i686-cygwin-threads-64int /usr/lib/perl5/site_perl/5.22 /usr/lib/perl5/vendor_perl/5.22/i686-cygwin-threads-64int /usr/lib/perl5/vendor_perl/5.22 /usr/lib/perl5/5.22/i686-cygwin-threads-64int /usr/lib/perl5/5.22 .) at /tmp/iosToHtml.pl line 87. BEGIN failed--compilation aborted at /tmp/iosToHtml.pl line 87.
Lee
On Oct 11, 2016, at 08:48, Lee <ler762@gmail.com> wrote:
On 10/6/16 1:26 PM, Jesse McGraw wrote:
Nanog,
(This is me scratching an itch of my own and hoping that sharing it might be useful to others on this list. Apologies if it isn't)
When I'm trying to comprehend a new or complicated Cisco router, switch or firewall configuration an old pet-peeve of mine is how needlessly difficult it is to follow deeply nested logic in route-maps, ACLs, QoS policy-maps etc etc
To make this a bit simpler I’ve been working on a perl script to convert these text-based configuration files into HTML with links between the different elements (e.g. To an access-list from the interface where it’s applied, from policy-maps to class-maps etc), hopefully making it easier to to follow the chain of logic via clicking links and using the forward and back buttons in your browser to go back and forth between command and referenced list. Way cool. Now to hook it into RANCID.... It looks like what I did in 2.3.8 should still work - control_rancid
On 10/10/16, Jay Hennigan <jay@west.net> wrote: puts the diff output into $TMP.diff so add this bit: grep "^Index: " $TMP.diff | awk '/^Index: configs/{ if ( ! got1 ) { printf("/usr/local/bin/myscript.sh "); got1=1; } printf("%s ", $2) } END{ printf("\n") } ' >$TMP.doit /bin/sh $TMP.doit >$TMP.out if [ -s $TMP.out ] ; then .. send mail / whatever rm $TMP.doit $TMP.out fi
Regards, Lee
-- Jason Hellenthal JJH48-ARIN .
On 13/10/2016 19:38, Lee wrote:
On 10/13/16, Jesse McGraw <jlmcgraw@gmail.com> wrote:
Lee,
Check out the setup.sh script, hopefully it does everything necessary to get the script working on a Debian-derived Linux system I'm using Windows + Cygwin; maybe it's just that I don't have them installed, but there is no sudo or apt so setup.sh isn't going to work for me. So while I was interested in seeing what this bit looked like Have you tried Bash on Windows 10: http://www.howtogeek.com/249966/how-to-install-and-use-the-linux-bash-shell-... http://www.pcworld.com/article/3106463/windows/how-to-get-bash-on-windows-10...
-Hank
If you run it against multiple configuration files at once it will also attempt to link between them when applicable (e.g. BGP neighbors, route next hops, interfaces on the same subnet etc). I'm not willing to take any more time on this.
I appreciate all the people who've tried to help but at least for now, I'm done.
Thanks, Lee
Lee, FWIW, the script will work under straight Windows and I use it there frequently. I think Strawberry perl comes with cpanm (cpanminus) pre-installed so you can do: "cpanm Carton" and then cd to wherever you've got the script saved and do: "carton install" to install the dependencies Or, if you've got a set of configs with nothing sensitive/private left in them, try the simple web version I set up: https://hidden-waters-8218.herokuapp.com/ If I had a Windows VM setup I'd come up with a setup.bat On 10/13/2016 12:38 PM, Lee wrote:
On 10/13/16, Jesse McGraw <jlmcgraw@gmail.com> wrote:
Lee,
Check out the setup.sh script, hopefully it does everything necessary to get the script working on a Debian-derived Linux system I'm using Windows + Cygwin; maybe it's just that I don't have them installed, but there is no sudo or apt so setup.sh isn't going to work for me. So while I was interested in seeing what this bit looked like If you run it against multiple configuration files at once it will also attempt to link between them when applicable (e.g. BGP neighbors, route next hops, interfaces on the same subnet etc). I'm not willing to take any more time on this.
I appreciate all the people who've tried to help but at least for now, I'm done.
Thanks, Lee
I've attempted to make the only globally-installed dependencies be cpanm and carton. Once those are installed it uses carton to install the dependencies locally
On 10/12/2016 07:59 PM, Lee wrote:
On 10/12/16, Jason Hellenthal <jhellenthal@dataix.net> wrote:
Give these a shot. https://github.com/jlmcgraw/networkUtilities
I know J could use a little feedback on those as well but all in all they are pretty solid. Where does one get Modern/Perl.pm ?
Can't locate Modern/Perl.pm in @INC (you may need to install the Modern::Perl module) (@INC contains: /tmp/local/lib/perl5 /usr/lib/perl5/site_perl/5.22/i686-cygwin-threads-64int /usr/lib/perl5/site_perl/5.22 /usr/lib/perl5/vendor_perl/5.22/i686-cygwin-threads-64int /usr/lib/perl5/vendor_perl/5.22 /usr/lib/perl5/5.22/i686-cygwin-threads-64int /usr/lib/perl5/5.22 .) at /tmp/iosToHtml.pl line 87. BEGIN failed--compilation aborted at /tmp/iosToHtml.pl line 87.
Lee
On Oct 11, 2016, at 08:48, Lee <ler762@gmail.com> wrote:
On 10/6/16 1:26 PM, Jesse McGraw wrote: > Nanog, > > (This is me scratching an itch of my own and hoping that sharing > it > might be useful to others on this list. Apologies if it isn't) > > When I'm trying to comprehend a new or complicated Cisco router, > switch or firewall configuration an old pet-peeve of mine is how > needlessly difficult it is to follow deeply nested logic in > route-maps, > ACLs, QoS policy-maps etc etc > > To make this a bit simpler I’ve been working on a perl script to > convert > these text-based configuration files into HTML with links between the > different elements (e.g. To an access-list from the interface where > it’s > applied, from policy-maps to class-maps etc), hopefully making it > easier > to to follow the chain of logic via clicking links and using the > forward > and back buttons in your browser to go back and forth between command > and referenced list. Way cool. Now to hook it into RANCID.... It looks like what I did in 2.3.8 should still work - control_rancid
On 10/10/16, Jay Hennigan <jay@west.net> wrote: puts the diff output into $TMP.diff so add this bit: grep "^Index: " $TMP.diff | awk '/^Index: configs/{ if ( ! got1 ) { printf("/usr/local/bin/myscript.sh "); got1=1; } printf("%s ", $2) } END{ printf("\n") } ' >$TMP.doit /bin/sh $TMP.doit >$TMP.out if [ -s $TMP.out ] ; then .. send mail / whatever rm $TMP.doit $TMP.out fi
Regards, Lee -- Jason Hellenthal JJH48-ARIN .
participants (7)
-
Hank Nussbacher
-
Jason Hellenthal
-
Jay Hennigan
-
Jesse McGraw
-
Lee
-
Mike Hale
-
shawn wilson