Graph of Protocol packet rate using python

Interactive Graph is plotted using python script form the packet rate captured using below command.
“show ddos-protection protocols statistics terse”

If you hover over plotted graph you will be able to see the exact packet count and time stamp.
Select the protocol from the left hand side to plot the graph.
You can further tweak the logic in the script to plot dropped packet or any other values against time. Else similar graph plotting logic can be used with other command output.

Python script and actual graph is at https://github.com/Routingmonkey/Graph-of-Protocol-packet-rate-using-python

Below is sample output captured with the help of other polling script.
Complete captured log file size is very large so this graph will provide meaningful complete view about packet rate

Compare MPLS L3 VPN route attributes using python

We have VRF-lite setup on CE with multiple customer on single CE.In this case we are moving wan circuit from old PE to New PE.

After this migration we need to validate and compare route announced from CE to PE and its attributes(SOO,Local pref,Route-target). Number of announced route varies depending upon number of customer connected on CE so manual validation and comparison is tedious task

From router configuration we are creating script to capture pre and post migration logs on PE end by extracting network command used in each vrf BGP address-family on CE.(this step of pre/post check script preparation is done separately with migration config generation)

Below is the sample of the pre and post activity logs.

Created GUI using tkinter for ease of use and non python user

Pre/post activity logs are provided as input to the program and empty excel file already configured with conditional formatting to highlight unique values by comparing odd and even rows also provide as input in the background to the we get the output as excel file with errors highlighted automatically as shown in below excel screenshot.

With help of library textfsm we are able create table from above pre/post text file and with openpyxl we are writing it to excel sheet for comparison.Final output is below.

Link for the code

https://github.com/Routingmonkey/Compare-MPLS-L3-VPN-route-attributes

Fibbing: OSPF and SDN (Hybrid model)

Fibbing is an architecture that enables central control over distributed routing.
http://fibbing.net/

This architecture is based on routing protocol OSPF and its ability to set third party next-hop with some tweak

Main trick is to create multiple LSA5 for same destination with Forward address set to IP addresses which will define path to reach destination

In LSA 5 forwarding address is set to 0.0.0.0
if the ASBR redistributes routes and OSPF is not enabled on the next hop interface for those routes

In LSA 5 forwarding address is set to non-zero address if
*OSPF is enabled on the ASBR’s next hop interface AND
*ASBR’s next hop interface is non-passive under OSPF AND
*ASBR’s next hop interface is not point-to-point AND
*ASBR’s next hop interface is not point-to-multipoint AND
*ASBR’s next hop interface address falls under the network range specified in the router OSPF command.

Controller speaks OSPF with rest of the OSPF enabled network and in turn push LSA 5 with third party next hop to influence routing centrally.
Controller can be simple computer which is capable of running OSPF and able to push LSA 5 as per our need.

For our demonstration I am using cisco router as controller. Below is the topology diagram in which R5 and switch is part of controller
We are using Secondary IP address which will resolve the third party next hop set by controller

When we try to reach IP 100.100.100.l00 from IP 40.40.40.40 we have 2 path available one via path R4-R2-R1 and other one via R4-R3-R1(marked with blue line)

Now with help of controller R5 we can move the traffic from IP 40.40.40.40 to IP 100.100.100.100 via path R4-R3-R2-R1(marked with red line)

Please check below link for more information
http://fibbing.net/
http://blog.ipspace.net/2015/11/fibbing-ospf-based-traffic-engineering.html
https://blog.ecitele.com/fibbing-and-sdn

Automate Static route config using python

In VRF-lite situation multiple customers are connected to the same CE (each customer belongs to different vrf)
Now in this design wan circuit is moving from old PE to new PE.

During this bulk migration we need to replace static route pointing to OLD PE and with static route pointing to new PE for every customer

This migration related Pre and Post data such as vrf,CE wan ip,customer name,PE name etc. is recorded in excel sheet

With help of library xlrd , ciscoconfparse we can automate the script generation for static route which can be used during migration

we are reading all info for each VRF such as (VRF,OLD_WAN_IP,NEW_WAN_INT) by running FOR Loop on excel and storing it in dictionary

e.g Below 2 static routes needs to be replaced with new wan interface and new wan IP

ip route vrf ABC 10.10.10.10 255.255.255.255 Serial1/0.10 192.168.1.1
ip route vrf ABC 10.10.10.20 255.255.255.255 Serial1/0.10 192.168.1.1

Logic for the python code is
1. Get the static routes from router config for each vrf (one by one) using OLD wan IP (regular expression)
2. Take one IP route at a time and create list using split method so we will get 8 elements in list from 0-7
3. Pop the elements from the list till list contains only 6 elements from 0-5 (remove old interface and old wan ip)
4. Append new wan interface and then new wan PE IP to the list
5. Prepend no to the old static route and print it
6. Using join method on the list create new static route pointing to new wan IP and interface and print it

output is

no ip route vrf ABC 10.10.10.10 255.255.255.255 Serial1/0.10 192.168.1.1
ip route vrf ABC 10.10.10.10 255.255.255.255 FastEthernet0/1.10 192.168.2.1
!
no ip route vrf ABC 10.10.10.20 255.255.255.255 Serial1/0.10 192.168.1.1
ip route vrf ABC 10.10.10.20 255.255.255.255 FastEthernet0/1.10 192.168.2.1
!

python code for static route script for bulk migration.

import xlrd
from ciscoconfparse import CiscoConfParse

# provide config file path
routerconfig = CiscoConfParse(configfilepath)
wanip = c[‘OLD_WAN_IP’].split(“.”)
# result [192,168,1,1]
wanipregex = “\.”.join(wanip)
# result 192\.168\.1\.1
a = “^ip route vrf ” + c[‘VRF’] +”(.+?)” + wanipregex
# result ^ip route vrf ABC(.+?)192\.168\.1\.1

# running for loop over list of static routes for vrf ABC 2 routes in this case
for staticroute in routerconfig.find_objects(a):
line = staticroute.text

sroute = line.split(” “)
# result [ip, route, vrf, ABC, 10.10.10.10, 255.255.255.255, Serial1/0.10, 192.168.1.1]

while len(sroute) > 6:
sroute.pop()
# result [ip, route, vrf, ABC, 10.10.10.10, 255.255.255.255]

sroute.append(c[‘NEW_WAN_INT’])
# result [ip, route, vrf, ABC, 10.10.10.10, 255.255.255.255,FastEthernet0/1.10,]
sroute.append(c[‘NEW_PE_WAN_IP’])
#result [ip, route, vrf, ABC, 10.10.10.10, 255.255.255.255, FastEthernet0/1.10, 192.168.2.1]
print “no ” + line
# result no ip route vrf ABC 10.10.10.10 255.255.255.255 Serial1/0.10 192.168.1.1
print ” “.join(sroute)
# result ip route vrf ABC 10.10.10.10 255.255.255.255 FastEthernet0/1.10 192.168.2.1
print “!”

Netmiko SSH from Windows PC via Jump server

Netmiko is Multi-vendor library to simplify Paramiko SSH connections to network devices with the help of netmiko library we can do network automation using python.
https://github.com/ktbyers/netmiko

In some situations we can not directly connect to network devices like router and switches. We can only access them via jump server
If we have Linux machine from where are initiating ssh connection and jump server is also Linux.

Linux(script server)—–Linux(jump server)—–Router

Then we can use Linux ProxyCommand to access devices via jump server.
Below link provides detail for Netmiko SSH Proxy Support
https://pynet.twb-tech.com/blog/automation/netmiko-proxy.html

But we can not use proxy command if script server is windows.

windows(script server)—–Linux(jump server)—–Router

Below code can be use in this situation
In this code i tried to get device up time via jump server using redispatch(Netmiko 1.3.0 Release). Need to adjust global_delay_factor by doing trail and error method

from netmiko import ConnectHandler
import time
from netmiko import redispatch

jumpserver = {‘device_type’: ‘terminal_server’,’ip’: ‘x.x.x.x’,’username’: ‘name’,’password’: ‘pass’,’global_delay_factor’:5}

net_connect = ConnectHandler(**jumpserver)
print net_connect.find_prompt()

net_connect.write_channel(‘command to access router’)
time.sleep(1)
net_connect.read_channel()

redispatch(net_connect, device_type=’cisco_ios’)
net_connect.send_command(‘show version | i uptime’)

Sorted logs in one file from /var/log tar file (without manual extraction)

This script will extract message log , syslog and chassisd logs from the var/log tar file dowloaded from juniper router (without manual extraction)

Link for the code

https://github.com/Routingmonkey/Sorted-logs-in-one-file-from-var-log-tar-file-without-manual-extraction-

And sorted logs will be put in 3 different file message , syslog , chassisd Which can used befor manual log analysis or we can extend this script to further automate the log analysis. (This is really useful if we are using windows PC and using notepad++ for log analysis.)

Methods of switching and Routing

Methods of Switching

Store and Forward Switching
Each Ethernet frame is copied in to switch memory to check for CRC error.
If no error found forward the frame else drop the frame.
This adds delay in forwarding frame.

Cut-through Switching
switch reads destination address and forwards the frame,
instead of copying entire frame and checking for CRC error
This reduces delay in forwarding frame but bad frames can be forwarded.

Fragment-Free Switching
This is advanced cut-through switching.
In fragment-free switching switch reads at least 64 bytes of the Ethernet frame before switching it to avoid forwarding Ethernet runt frames.

Methods of Routing

Processing switching
Packet is copied to the CPU memory and looks up the destination IP
address in the IP routing table. Based on the outcome of this lookup,
the process switches out the packet on a particular interface.

Fast switching
First packet for a destination that arrives is process switched.
Based on forwarding decision cache (IP fast switching route cache) is built to forward subsequent packets.
On-demand cache is built.

CEF switching
In this method packet switching table is pre-built based on routing table to make forwarding decision independent of CPU.

Why IS-IS MTU is 1497 on Ethernet interface

IS-IS works at layer 2
As mentioned in previous post we have three different Ethernet frame formats
IS-IS uses 802.3 LLC frame format in which Ethernet header is increased by 3 bytes

So IS-IS can send maximum 1497 bytes in one frame instead of 1500 bytes when used Ethernet II frame format.

Different types of Ethernet frame format

There are three Ethernet frame format

1. Ethernet II
2. IEEE 802.3 with LLC
3. IEEE 802.3 with SNAP

EthernetII (ICMP or any other packet)

IEEE 802.3 with LLC (IS-IS packet)

IEEE 802.3 with SNAP (Cisco discovery protocol CDP)

For detail information related to all three frame format please check below link
http://lostintransit.se/2012/06/06/the-history-of-ethernet-dix-vs-802-3/