Shulou(Shulou.com)06/01 Report--

Sina Weibo: @ wandering

Blog address: dayong.info

After a period of in-depth network work, we began to solve the problems of the availability of AAA, NTP, SYSLOG basic services and the correctness of online equipment-related configurations.

In the early stage, the basic services are optimized and reconstructed while the online configuration is modified. However, this project is a systematic project and cannot be completed in a short period of time, so it is necessary to maintain the results so that the revised configuration will not go wrong, and it is hoped that the newly added equipment can be configured correctly. In addition, how to ensure that other engineers also configure the equipment correctly is also a problem that needs to be solved. After all, the work ultimately requires the cooperation of multiple teams.

Therefore, it is a priority to automatically check whether the network management services, Spanning-Tree, VTP Mode and other important configurations of all important switches and routers online are correct.

The most direct way is to directly check the corresponding configuration, which is in line with the thinking and operating habits of network managers. Therefore, it is decided to give priority to the requirement of batch execution of commands for multiple devices.

I have always had such a point of view on programming, the program that can not solve the problem is not a good program, so the program must first achieve the function, followed by the effectiveness of the program. Only when the scale and demand reach a certain degree is it necessary to pursue the extreme of efficiency and performance. For non-professional developers, it is necessary to pay more attention to the allocation of energy and time. 20% of the input gets 80% return. The input-output ratio is considerable, and it is necessary to be cautious to spend 80% more energy to improve the performance of up to 20%. Therefore, it is decided to use simulated human-computer interaction to realize the batch operation of network equipment.

The basic logic of program implementation is:

1) automatically log in to the switch and the router to execute the commands in batch and output the results.

2) carry on the secondary processing to the output results to achieve different goals.

In this way, it can basically solve most of the network management needs, and its main advantage is that it is simple and can be used by people who can operate the switch / router. However, the biggest problem with this method is efficiency, because in essence, the program imitates manual operation and needs to consider the operation frequency acceptable to cli. Have considered SNMP, TCL-Script, NET-CONF and other methods, but consider their own capabilities and energy allocation, cross-vendor platform compatibility issues and finally give up.

There are two methods to simulate the interactive operation of human commands that can be found on the Internet: perl and expect.

The first consideration is perl, because there is a basis for perl programming, there are similar functional scripts written by other colleagues, but eventually give up. Because the switch module of perl does not support the content output of Nexus platform of Cisco, the solution is very complex, it is necessary to modify the source code of switch module, which will produce its own branch, and the cost of management and maintenance is too high, which is not conducive to the continuous development and promotion of the program.

Finally, choose expect, whose principle is to execute the command, take different actions according to different output feedback, and repeat the process.

The study and use of expect is beyond the scope of this article.

The following latest version of the code:

#! / usr/local/bin/expect## Statement: sw-telnet.exp # # ip for telnet# For example Sw-backup is cmd-prefix of sw-backup.cmd.h4c and# sw-backup.cmd.cisco# uid for telnet# pwd for telnet### Depends: .cmd.h4c # .cmd.cisco # Last modified: 2012 set cmd_telnet 05 set path_cmd "/ aaa/bin" set cmd_telnet "telnet" set timeout_default 10set timeout $timeout_defaultset Vendor "cisco" # Arg 1set ip [lindex $argv 0] if {$ip = = ""} {puts "" puts "Statement: command" puts "^" puts "ip for telnet" puts "For example Sw-backup is cmd-prefix of sw-backup.cmd.h4c and "puts" sw-backup.cmd.cisco "puts" uid for telnet "puts" pwd for telnet "puts"exit 1} # Arg 2set cmd_prefix [lindex $argv 1] if {$cmd_prefix = ="} {puts"puts" Statement: command "puts" ^ "puts" ip for telnet "puts" For example Sw-backup is cmd-prefix of sw-backup.cmd.h4c and "puts" sw-backup.cmd.cisco "puts" uid for telnet "puts" pwd for telnet "puts"exit 1} # Arg 3set uid [lindex $argv 2] if {$uid ="} {# set uid "backup" puts "" puts "Statement: command" puts " ^ "puts" ip for telnet "puts" For example Sw-backup is cmd-prefix of sw-backup.cmd.h4c and "puts" sw-backup.cmd.cisco "puts" uid for telnet "puts" pwd for telnet "puts"exit 1} # Arg 4set pwd [lindex $argv 3] if {$pwd ="} {# set pwd "M2dpSF6rSU" puts "" puts "Statement: command" puts " ^ "puts" ip for telnet "puts" For example Sw-backup is cmd-prefix of sw-backup.cmd.h4c and "puts" sw-backup.cmd.cisco "puts" uid for telnet "puts" pwd for telnet "puts"exit 1} # _ _ start telnet _ _ spawn $cmd_telnet" $ip "sleep 1expect" H3C "{set vendor" h4c "} expect-re" Username: | Login: | login: "{send" $uid\ r "sleep" 1} expect "Password:" {send "$pwd\ r" sleep 1} # _ login failed _ expect {"Access denied" {exit} "Connection refused" {exit} "Login failed" {exit} "Login incorrect" {exit} "Login invalid" {exit} "Password incorrect." {exit} "timeout expired!" {exit}} # _ Command sets selection by vendor (cisco) H4C) _ switch-- $vendor cisco {# vendor: cisco set timeout_cisco 60 set timeout $timeout_cisco # _ _ get commands _ set file [open "$path_cmd/$cmd_prefix.cmd.$vendor"r"] set cmd_count 0 while 1 {if {[gets $file line] =-1} break incr cmd_count set cmd_list ($cmd_count) $line} close $file expect-re ". * # * $"send" term len 0\ r\ n\ n\ n "set I 1 while {$I > / bak/1.2.3.4_show-ver_$ (date +"% Y%m%d ")

OK, which makes it possible to automatically grab running-config and record cpu status for 1.2.3.4.

On the basis of this code, the following work is completed:

Grab the running-config for the important equipment of the whole network, and realize the key configuration check and alarm

Monitor and alarm the traffic of a certain product-related server accessing the switch port (company monitoring cannot view port-channel attributes)

Monitor the mac address table of an IDC core switch, alarm by more than 5%

Automatic batch execution command script is the core code, which can be called by other programs to achieve more complex functions, such as batch operations on multiple IP. The specific implementation will not be discussed in this article.

I hope this article can be helpful to friends in need, and the program code can be used freely.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.