Upgrading IOS-XR Using Python: Cisco AUT

If you have ever upgraded an IOS-XR you definitely are aware that it is a long process which includes so much control steps. Cisco has written a python tool, known as Cisco Automatic  Upgrade Tool, that upgrades an IOS-XR device with pre and post checks. Cisco CPOC video explains nearly everything about this tool which you should watch before start reading this post. Probably the video recorded for an older version of AUT, you will realize that there are little differences between the post and the video. 

Installing The Tool & Prerequisites

The tool works on Linux and Mac cause it uses pexpect module of python so it is not possible to use it on Windows Operating System. Find yourself a Linux/MAC system that is allowed to reach your routers. 

Python Version Check

The script itself does not give any warning about python version if it is old, so be sure that your python version is up to date. I successfully used the tool with python version 2.7.6. I also tried  with version 2.6  and it did not work.

You can check your python version on a Centos system using the below command: 

python -v

Pexpect Module Install

Pexpect python module must be installed on the operating system. Here is the way to install pexpect module on a Centos system:

wget http://pexpect.sourceforge.net/pexpect-2.3.tar.gz
tar xzf pexpect-2.3.tar.gz
cd pexpect-2.3
python ./setup.py install

Cisco AUT Install

You should first download the tool itself. Go the the sourceforge website 

http://sourceforge.net/p/acceleratedupgrade/code/ci/master/tree/ and get the gitclone code. Then: 

python install -d /destination_folder

Cisco AUT

If you have installed all the necessary tools and Cisco AUT , you might start using it by checking which options the script gives, by executing the command below: 

python accelerated_upgrade -h

Below is sample command you might use to upgrade a IOS-XR device.

python accelerated_upgrade --url ssh://admin:yourpassword@11.11.11.11:22  -f packagelist.txt -r tftp://10.0.0.1/ -c  extracommands.txt

As the name reveals itself, packagelist.txt includes the packages we wanted to install on the device. A sample txt file must be like below (based on your needs): 

asr9k-k9sec-px.pie-5.1.3
asr9k-fpd-px.pie-5.1.3
asr9k-mcast-px.pie-5.1.3
asr9k-mpls-px.pie-5.1.3
asr9k-mini-px.pie-5.1.3
asr9k-mgbl-px.pie-5.1.3
asr9k-doc-px.pie-5.1.3

If you wanted to upgrade more than 1 device, you can also create a device.txt file (name it as you want) and the change the command like below: 

python accelerated_upgrade --urls devices.txt -f packagelist.txt -r tftp://10.0.0.1/ -c extracommands.txt

As you already noticed, in the command we gave tftp address where router is going to download the packages from. You may also give ftp link also (including username and password)

Extracommands file, as the name reveals itself again, includes the commands that you might want to execute before upgrade, so that you can compare after the upgrade. Here is a sample file output:

show redundancy summary
show platform
admin show ds
admin show hw-module fpd location all

Pre-checks 

Pre-upgrade steps of the tool are:

• Node Status Check 
• Ping Check
• Disck Space Check
• Active Package Check 
• Inactive Package Check 
• Commited Package Check
• Redundancy Nde Check 
• Configuration Backup 
• Backup CLI Snapshots 
• Turboboot Check 

You can find detailed information about the pre-check steps in the Cisco CPOC video.

Sample Upgrade 

I upgraded an ASR9010 IOS-XRdevice from 4.2.3 to 5.1.3  using AUT with parameters below:

python accelerated_upgrade --url ssh://admin:yourpassword@11.11.11.11:22  -f packagelist.txt -r tftp://10.0.0.1/ -c extracommands.txt

Unfortunately telnet did not work for me, may be it was related with my router config, but ssh worked. Here are the outputs: 

As you might see in the output, post-check warned me about failed startup config (which is due to changed syntax of MoFRR), and difference between total ospf neighbor count of pre and post upgrade situations. 

FPD Upgrade

In my attempt, script did not do an automatic fpd upgrade, so you need to check and do a fpd upgrade manually. 

Log Files 

Script creates to folders, named "aulogs" and "au_out" in the executed folder, to store logs of the operation. You can see the structure in the screenshot below. 

In aulogs folder, the scripts session to the router is stored. In au_out folder the extracommands (if used) and predetermined commands output, which are taken before upgrade procedure, are stored. 

Automating Telnet to Cisco/Juniper/Huawei Routers Using Python

When choosing a method for router automation, netconf, ssh, snmp etc are more reliable and stable than telnet but still you may it. I needed a telnet script/library which can execute multiple commands on a router and assign every output to a different variable so that i could. parse related areas.

Telnetlib is a native library in python and it can be used in the same way on all operating systems that support python. You should check the details (like how it is used basically) of the library from https://docs.python.org/2/library/telnetlib.html


In my opinion, a good telnet script for router automatization must support:

• executing multiple commands in order
• executing long commands (longer than terminal width)
• assigning every result to a different variable or print it.
• JUNOS, IOS-XR, IOS, VRP

SCRIPT

You can download the script files from here if you don't want to read the rest of the post.

We will use class logic in this script. Classes are very useful if you repeat the same tasks again and again. With a class it is possible to create many objects. For example  every telnet session to a different router could be an object of the same class, and every object could have different values. If you don't know much about classes in python, i would suggest you to take a lookout at page Jeff Knupp's page: http://www.jeffknupp.com/blog/2014/06/18/improve-your-python-python-classes-and-object-oriented-programming/

Variables

Login and Password Phrases

When telnetting to a router, different vendors has different login and password phrases. It is possible to wait for these phrases and then send the username or password. The variables  that we will use in the script  to identify these phrases  are:

login_phrase = ["sername:", "ogin:"]
password_phrase = ["assword:"]

You might realize that the first letters are missing, this is done to avoid case sensitivity.

Terminal Length

When you execute a command, a  router will return a limited output cause it has a preconfigured terminal length and if you wanted to see the continuning parts of the result you need to press "enter" key. When using a script we want the router to return an infinite output. To do so every vendor has a different command which we can assign to different variables:

ios_cli_length = " terminal length 0"
junos_cli_length = " set cli screen-length 0"
iosxr_cli_length = " terminal length 0"
vrp_cli_length = " screen-length 0 temporary"

Various Variables

line_break = "\r\n" #need to be send after a command to get it executed like sending "enter" key stroke
timeout_for_reply = 1 #1 second time variable
exclude_start = ("#", "$")

TELNET Class

Init Definition

We need a init definition as we are using a class, so that every object that is created using this class could be identified.

class TELNET(object):
 """connect to hosts"""
 def __init__(self):
  self.connections = []
  self.device_names = []
  self.result_dictionary = {}

You may notice that inside the _init_ definition there is two list and one dictionary variable. We have created these empty  lists and dictionary to pass values between definitions inside the class. You will have a better understanding reading through the other definitions.

Connect Definition

This definition is the longest one in TELNET class. Inside the definition, you may notice that there is a router variable and it is a list. Telnetlib needs router hostname and port number for the connection to get established. And you will also need to enter username and password after getting connected, if it is needed. In "router" the positions of the elements must be like below. Based on your needs, you may enter this variable as a static element in the script file itself or you may make the script read it from a txt/xml file.

router = [ip,software_type,connection_type,port_number,username,password,first_command]
##e.g.
router = [1.2.3.4,ios,telnet,23,admin,password,show ip bgp 8.8.8.8]

 def connect (self, router):
  try:
   connection = telnetlib.Telnet(router[0], router[3])
  except IOError:
   print "IOError, could not open a connection to %s" % router[0]
   return
  """send username"""
  try:
   if router[4] != "":
    connection.expect(login_phrase)
    connection.write(router[4] + line_break)
  except IOError:
   #Send failed
   print "sending username %s failed" % router[4]
   return
  """send password"""
  try:
   if router[5] != "":
    connection.expect(password_phrase)
    connection.write(router[5] + line_break)
  except IOError:
   #Send failed
   print "sending username %s failed" % router[5]
   return

The upper part of the "connect" definition is for getting connected to the router and sending  username and password. The lower part, which you can see below, is for setting the terminal length based on router type and getting the device_name as a variable.

Why we are trying to take the device name as a variable ? Whenever the connection type is telnet, after executing a command you must be sure that you get the whole output. So if there is delay how long should you wait for the output, or how many bytes you should get ? The best way that i could find is to wait for the router_name to be send through the connection. This way even the execution of the command takes long, or there is a delay in network you can be sure that you get the whole output.

  """set terminal length and take device name"""
  try :
   if router[1] == "ios-xr":
    time.sleep(timeout_for_reply)
    connection.write(iosxr_cli_length + line_break)
    device_name = connection.read_until(iosxr_cli_length).split()[-len(iosxr_cli_length.split(' '))]
   elif router[1] == "junos":
    time.sleep(timeout_for_reply)
    connection.write(junos_cli_length + line_break)
    device_name = connection.read_until(">").split()[-1]
   elif router[1] == "vrp":
    time.sleep(timeout_for_reply)
    connection.write(vrp_cli_length + line_break)
    device_name = connection.read_until(vrp_cli_length).split()[-len(vrp_cli_length.split(' '))]
   elif router[1] == "ios":
    time.sleep(timeout_for_reply)
    connection.write(ios_cli_length + line_break)
    device_name = connection.read_until(ios_cli_length).split()[-len(ios_cli_length.split(' '))]
   else:
    print router[1] + " is not an appropriate connection type"
    sys.exit(1)
  except IOError:
   #Send failed
   print "setting terminal length failed"
   return
  self.connections.append(connection)
  self.device_names.append(device_name)

If you examine inside the if confidition for  every router type we wait "timeout_for_reply" second, then send the terminal length command (line break is for "enter" key stroke). And for last we catch the device name by splitting the received data and getting the last value. You may add a "print device_name" statement to see the device name.


At the end of the "connect definition" we created a connections and device_names dictionaries, so that we can pass the active connection to the next definitions

Execute Definition

At this definition the aim is to execute commands, and if needed multiple commands in order. As we get the connection info as a variable from "connect" definition, the definiton is:

 def execute (self, router):
  for conn in self.connections:
   for device in self.device_names:
    conn.write(line_break) #if executing more than one, line break will push device name again and next read_until wont get stuck
    conn.read_until(device)
    conn.write(router[6]+line_break+line_break)
    time.sleep(1)
    catch_end_of_output = [device+" "+line_break, device+line_break]
    self.result_dictionary[router[0]] = conn.expect(catch_end_of_output)[-1]

You may notice that catch_end_of_output is a dictionary and it contains device_name+ line_break elements with and without an empty space character. If you are execu_ing a long command, which is longer than the terminal width, the first part of the command  will be resent back to you from the router including the host name.(you may check this pcap file).It is not enough to wait only for the device name to get the output, as you will get it before executing the command. To solve this problem we can send another line_break after command execution (that is why you see 2 line+breaks for conn.write) and catch device_name+line_break in output.
Why our list has 2 elements with and without space character. This is because some routers return device name after line break with a space character while others send it without a space in order which i realised in various capture files. Close Definition As we get connected to the router with "connect" definition, we also need to close that session. For that purpose the definition is:

 def close(self):
  for conn in self.connections:
   conn.close

Reading Router Info From a Text File

After close definition, the TELNET class is ready to be used. Now we need the script to read connection information from a txt file.

## open routers.txt, clear comments, get all data as "lines" variable
f = open('routers.txt', "r")
lines =  [n for n in f.readlines() if not n.startswith(exclude_start)] #read the lines that does not start with the characters defined in exclude_estart variable
f.close()
total_connections = len(lines) #determine number of routers/connections by counting the lines

#split "lines" variable and turn every line into new variables named as routerx which contains connection infos
for x in range(0, total_connections):
    globals()['router%s' % x] = (lines[x]).split(',')

You may also try getting the data from an xml file. Getting data from an xml file is easier than getting it from a text  cause you wont' need parsing the text file. You may have a look at xml.etree.elementtree python library from https://docs.python.org/2/library/xml.etree.elementtree.html

Connecting, Executing and Printing

It is time to connect and execute the commands as all infos and class are ready. We will create a loop and for every router create an instance of the class (object) so that we session is created and command is executed.

##connect, execute command and print 
##connect, execute command and print  
for x in range(0, total_connections):
 telnet = TELNET()
 telnet.connect(globals()["router"+str(x)])
 telnet.execute(globals()["router"+str(x)])
 result= telnet.result_dictionary[(globals()["router"+str(x)][0])].split("\r\n")
 for line in result:
  print line
 telnet.close

Trial

As everything is ready lets try adding two globally available looking glass and try getting BGP info for 8.8.8.8. The routers.txt file must be in the same folder with the script. Here is the text info:

#Comments here
##
##
route-server.eu.gblx.net,ios,telnet,23,,,show ip bgp 8.8.8.8
route-server.ip.att.net,junos,telnet,23,rviews,rviews,show route protocol bgp 8.8.8.8

Here is the result when we call the script in Windows PowerShell

Cisco ASR9K L2VPN Mac Usage Script - TCL

If you manage a ASR9K router you must be sure that the mac address usage of the linecards do not exceed their capacity, otherwise based on the configuration traffic either going to be dropped or flooded. Trident based old line cards has a capacity of 128k Mac adress, and this limit could be a problem if you terminate too many l2 circuits.In such a scenerio, it is possible to write a TCL to create a syslog entry whenever the usage reaches a certain configurable amount. To do so, i wrote a TCL script, here are the details:

Command to Check Mac Usage
 You can check any of the linecards  resource like below:

RP/0/RSP0/CPU0:xxxx: show l2vpn forwarding resource hardware ingress detail location 0/0/CPU0 | include TOTAL MAC
Mon Nov 33 20:49:01.870 xxx
    TOTAL MAC     -/-         -/-         -/-         -/-         -/-         -/-      4325/2097152
    TOTAL MAC     -/-         -/-         -/-         -/-         -/-         -/-      4325/2097152
    TOTAL MAC     -/-         -/-         -/-         -/-         -/-         -/-      4325/2097152
    TOTAL MAC     -/-         -/-         -/-         -/-         -/-         -/-      4323/2097152
    TOTAL MAC     -/-         -/-         -/-         -/-         -/-         -/-      4323/2097152
    TOTAL MAC     -/-         -/-         -/-         -/-         -/-         -/-      4325/2097152
    TOTAL MAC     -/-         -/-         -/-         -/-         -/-         -/-      4323/2097152
    TOTAL MAC     -/-         -/-         -/-         -/-         -/-         -/-      4323/2097152


Prerequisites
For any script to work, router must have a hostname. Unless it is a lab router, you probably wouldn’t have such a problem, but keep in mind.

Determine a folder  in router  to copy the script, and make that directory.
#cd disk0:
#pwd
Mon Nov 21 15:37:24.393 UTC
disk0:
#mkdir tcl_scripts
Mon Nov 21 15:37:30.098 UTC
Create directory filename [tcl_scripts?
Created dir disk0:/ tcl_scripts


Point your user scripts folder to event manager.
(config)#event manager directory user policy disk0:/tcl_scripts

Configure AAA, so that event manager use locally configured users.
(config)#aaa authorization eventmanager default local

Under “admin” hierarchy create a user to execute scripts.
(config)#admin
(config)#username eem
(config-un)#group root-system
(config-un)#group cisco-support

The Script File:
I am a beginner if the case is writing a TCL script. In the script below i did not use loop/while cyles, as a result some part of the code repeats itself for every line card, moreover anyone experienced in regexps could shorten the code.

If you are not going to do any change, copy the script below into a text file and save it as a file. In my case i named it as “”.

• Script should work on ASR9010 and ASR9006.
• Script checks only the cards that are in “IOS-XR RUN” state. So there should not be a problem if linecard slots are empty or  the linecards are off due to any reason. 
• Do not use tcl operators supported by TCL versions newer than 8.3.4

::cisco::eem::event_register_timer cron name l2maccheck cron_entry $l2maccheck maxrun_sec 240
namespace import ::cisco::eem::*
namespace import ::cisco::lib::*
################################################################################################
#                                                                                              #
#  Revision #          :1.2                                                                    #
#  Last Updated        :01.10.2014                                                             #  
#  Author/Contributor  :Ercin TORUN                                                            #
#                                                                                              #
#  Description         :Script checks if any of the linecards reaches its MAC capacity         #
#                       and creates a syslog message.                                          #
#                                                                                              #
#  Requirements        :                                                                       #
#                                                                                              #                   
#                                                                                              #
#                       Example: event manager environment l2vpnmac_threshold_percent 85       #   
#                                event manager environment l2maccheck 0 * * * *                #
#                                                                                              #
#  Cisco Products tested : ASR9010-9006                                                        #   
#                                                                                              #
#  Cisco IOS-XR Version tested : 4.2.3                                                         #  
#                                                                                              #
################################################################################################
##########################################################
#####################SET VARIABLES########################
##########################################################
# errorInfo gets set by namespace if any of the auto_path directories do not
# contain a valid tclIndex file. It is not an error just left over stuff.
# so we set the errorInfo value to null so that we don't have left
# over errors in it.
#
set errorInfo ""
set USEDMAC_LINECARD0_INGRESS "0"
set TOTALMAC_LINECARD0_INGRESS "0"
set USEDMAC_LINECARD1_INGRESS "0"
set TOTALMAC_LINECARD1_INGRESS "0"
set USEDMAC_LINECARD2_INGRESS "0"
set TOTALMAC_LINECARD2_INGRESS "0"
set USEDMAC_LINECARD3_INGRESS "0"
set TOTALMAC_LINECARD3_INGRESS "0"
set USEDMAC_LINECARD4_INGRESS "0"
set TOTALMAC_LINECARD4_INGRESS "0"
set USEDMAC_LINECARD5_INGRESS "0"
set TOTALMAC_LINECARD5_INGRESS "0"
set USEDMAC_LINECARD7_INGRESS "0"
set TOTALMAC_LINECARD7_INGRESS "0"
set USEDMAC_LINECARD7_INGRESS "0"
set TOTALMAC_LINECARD7_INGRESS "0"
set card0check "0"
set card1check "0"
set card2check "0"
set card3check "0"
set card4check "0"
set card5check "0"
set card6check "0"
set card7check "0"
##########################################################
#Check required environment variable(s) has been defined##
##########################################################
if {![info exists l2vpnmac_threshold_percent]} {
    set result "EEM Policy Error: variable l2vpnmac_threshold_percent has not been set"
    error $result $errorInfo
}
if {![info exists l2maccheck]} {
    set result "EEM Policy Error: variable l2maccheck has not been set"
    error $result $errorInfo
}
##############LINECARD-EXIST-CHECK####################
#------------------- "cli open"-------------------
if [catch {cli_open} result] {
    error $result $errorInfo
} else {
    array set cli $result
}
if [catch {cli_exec $cli(fd) "show platform | i IOS XR RUN "} result] {
    error $result $errorInfo
} else { 
 set line_card_exist_check $result
 regexp {0/0/CPU0} $line_card_exist_check card0check
 regexp {0/1/CPU0} $line_card_exist_check card1check
 regexp {0/2/CPU0} $line_card_exist_check card2check
 regexp {0/3/CPU0} $line_card_exist_check card3check
 regexp {0/4/CPU0} $line_card_exist_check card4check
 regexp {0/5/CPU0} $line_card_exist_check card5check
 regexp {0/6/CPU0} $line_card_exist_check card6check
 regexp {0/7/CPU0} $line_card_exist_check card7check 
 }
##########################################################
############MAC LINECARD0 INGRESS#########################
##########################################################
if { [ string length $card0check ] > 2 } {
if [catch {cli_open} result] {
    error $result $errorInfo
} else {
    array set cli $result
}
if [catch {cli_exec $cli(fd) "show l2vpn forwarding resource hardware ingress detail location 0/0/CPU0 | include TOTAL MAC"} result] { 
    error $result $errorInfo
} else { 
 set linecard0_output $result
 regsub -all { TOTAL MAC } $linecard0_output "USEDMAC" linecard0_output
 regsub -all { -/- } $linecard0_output "" linecard0_output
 regsub -all "\\s" $linecard0_output "" linecard0_output
 regsub -all "/" $linecard0_output "TOTALMAC" linecard0_output
 regexp {USEDMAC([0-9]*)TOTALMAC([0-9]*)} $linecard0_output linecard0_output
 regexp {USEDMAC([0-9]*)} $linecard0_output USEDMAC_LINECARD0_INGRESS
 regexp {TOTALMAC([0-9]*)} $linecard0_output TOTALMAC_LINECARD0_INGRESS
 regsub -all {[A-Z]} $USEDMAC_LINECARD0_INGRESS "" USEDMAC_LINECARD0_INGRESS
 regsub -all {[A-Z]} $TOTALMAC_LINECARD0_INGRESS "" TOTALMAC_LINECARD0_INGRESS
}
 if {$TOTALMAC_LINECARD0_INGRESS > 63999} {
 set linecard0_ingress_percent [ expr ($USEDMAC_LINECARD0_INGRESS*100.0)/($TOTALMAC_LINECARD0_INGRESS)]
}
 if { $linecard0_ingress_percent > $l2vpnmac_threshold_percent } {
    action_syslog msg "LINECARD0 Mac Adress usage is $USEDMAC_LINECARD0_INGRESS and exceeded the threshold % $l2vpnmac_threshold_percent ! If mac address usage on LINECARD0 reaches up to $TOTALMAC_LINECARD0_INGRESS , traffic might get flooded or dropped depending on the l2vpn configuration of the router"
}
if [catch {cli_close $cli(fd) $cli(tty_id)} result] {
    error $result $errorInfo
}
}
##########################################################
############MAC LINECARD1 INGRESS#########################
##########################################################
if { [ string length $card1check ] > 2 } {
if [catch {cli_open} result] {
    error $result $errorInfo
} else {
    array set cli $result
}
if [catch {cli_exec $cli(fd) "show l2vpn forwarding resource hardware ingress detail location 0/1/CPU0 | include TOTAL MAC"} result] { 
    error $result $errorInfo
} else { 
 set linecard1_output $result
 regsub -all { TOTAL MAC } $linecard1_output "USEDMAC" linecard1_output
 regsub -all { -/- } $linecard1_output "" linecard1_output
 regsub -all "\\s" $linecard1_output "" linecard1_output
 regsub -all "/" $linecard1_output "TOTALMAC" linecard1_output
 regexp {USEDMAC([0-9]*)TOTALMAC([0-9]*)} $linecard1_output linecard1_output
 regexp {USEDMAC([0-9]*)} $linecard1_output USEDMAC_LINECARD1_INGRESS
 regexp {TOTALMAC([0-9]*)} $linecard1_output TOTALMAC_LINECARD1_INGRESS
 regsub -all {[A-Z]} $USEDMAC_LINECARD1_INGRESS "" USEDMAC_LINECARD1_INGRESS
 regsub -all {[A-Z]} $TOTALMAC_LINECARD1_INGRESS "" TOTALMAC_LINECARD1_INGRESS
}
 if {$TOTALMAC_LINECARD1_INGRESS > 63999} {
 set linecard1_ingress_percent [ expr ($USEDMAC_LINECARD1_INGRESS*100.0)/($TOTALMAC_LINECARD1_INGRESS)]
}
 if { $linecard1_ingress_percent > $l2vpnmac_threshold_percent } {
    action_syslog msg "LINECARD1 Mac Adress usage is $USEDMAC_LINECARD1_INGRESS and exceeded the threshold % $l2vpnmac_threshold_percent ! If mac address usage on LINECARD1 reaches up to $TOTALMAC_LINECARD1_INGRESS , traffic might get flooded or dropped depending on the l2vpn configuration of the router"
}
if [catch {cli_close $cli(fd) $cli(tty_id)} result] {
    error $result $errorInfo
}
}
##########################################################
############MAC LINECARD2 INGRESS#########################
##########################################################
if { [ string length $card2check ] > 2 } {
if [catch {cli_open} result] {
    error $result $errorInfo
} else {
    array set cli $result
}
if [catch {cli_exec $cli(fd) "show l2vpn forwarding resource hardware ingress detail location 0/2/CPU0 | include TOTAL MAC"} result] { 
    error $result $errorInfo
} else { 
 set linecard2_output $result
 regsub -all { TOTAL MAC } $linecard2_output "USEDMAC" linecard2_output
 regsub -all { -/- } $linecard2_output "" linecard2_output
 regsub -all "\\s" $linecard2_output "" linecard2_output
 regsub -all "/" $linecard2_output "TOTALMAC" linecard2_output
 regexp {USEDMAC([0-9]*)TOTALMAC([0-9]*)} $linecard2_output linecard2_output
 regexp {USEDMAC([0-9]*)} $linecard2_output USEDMAC_LINECARD2_INGRESS
 regexp {TOTALMAC([0-9]*)} $linecard2_output TOTALMAC_LINECARD2_INGRESS
 regsub -all {[A-Z]} $USEDMAC_LINECARD2_INGRESS "" USEDMAC_LINECARD2_INGRESS
 regsub -all {[A-Z]} $TOTALMAC_LINECARD2_INGRESS "" TOTALMAC_LINECARD2_INGRESS
}
 if {$TOTALMAC_LINECARD2_INGRESS > 63999} {
 set linecard2_ingress_percent [ expr ($USEDMAC_LINECARD2_INGRESS*100.0)/($TOTALMAC_LINECARD2_INGRESS)]
}
 if { $linecard2_ingress_percent > $l2vpnmac_threshold_percent } {
    action_syslog msg "LINECARD2 Mac Adress usage is $USEDMAC_LINECARD2_INGRESS and exceeded the threshold % $l2vpnmac_threshold_percent ! If mac address usage on LINECARD2 reaches up to $TOTALMAC_LINECARD2_INGRESS , traffic might get flooded or dropped depending on the l2vpn configuration of the router"
}
if [catch {cli_close $cli(fd) $cli(tty_id)} result] {
    error $result $errorInfo
}
}
##########################################################
############MAC LINECARD3 INGRESS#########################
##########################################################
if { [ string length $card3check ] > 2 } {
if [catch {cli_open} result] {
    error $result $errorInfo
} else {
    array set cli $result
}
if [catch {cli_exec $cli(fd) "show l2vpn forwarding resource hardware ingress detail location 0/3/CPU0 | include TOTAL MAC"} result] { 
    error $result $errorInfo
} else { 
 set linecard3_output $result
 regsub -all { TOTAL MAC } $linecard3_output "USEDMAC" linecard3_output
 regsub -all { -/- } $linecard3_output "" linecard3_output
 regsub -all "\\s" $linecard3_output "" linecard3_output
 regsub -all "/" $linecard3_output "TOTALMAC" linecard3_output
 regexp {USEDMAC([0-9]*)TOTALMAC([0-9]*)} $linecard3_output linecard3_output
 regexp {USEDMAC([0-9]*)} $linecard3_output USEDMAC_LINECARD3_INGRESS
 regexp {TOTALMAC([0-9]*)} $linecard3_output TOTALMAC_LINECARD3_INGRESS
 regsub -all {[A-Z]} $USEDMAC_LINECARD3_INGRESS "" USEDMAC_LINECARD3_INGRESS
 regsub -all {[A-Z]} $TOTALMAC_LINECARD3_INGRESS "" TOTALMAC_LINECARD3_INGRESS
}
 if {$TOTALMAC_LINECARD3_INGRESS > 63999} {
 set linecard3_ingress_percent [ expr ($USEDMAC_LINECARD3_INGRESS*100.0)/($TOTALMAC_LINECARD3_INGRESS)]
}
 if { $linecard3_ingress_percent > $l2vpnmac_threshold_percent } {
    action_syslog msg "LINECARD3 Mac Adress usage is $USEDMAC_LINECARD3_INGRESS and exceeded the threshold % $l2vpnmac_threshold_percent ! If mac address usage on LINECARD3 reaches up to $TOTALMAC_LINECARD3_INGRESS , traffic might get flooded or dropped depending on the l2vpn configuration of the router"
}
if [catch {cli_close $cli(fd) $cli(tty_id)} result] {
    error $result $errorInfo
}
}
##########################################################
############MAC LINECARD4 INGRESS#########################
##########################################################
if { [ string length $card4check ] > 2 } {
if [catch {cli_open} result] {
    error $result $errorInfo
} else {
    array set cli $result
}
if [catch {cli_exec $cli(fd) "show l2vpn forwarding resource hardware ingress detail location 0/4/CPU0 | include TOTAL MAC"} result] { 
    error $result $errorInfo
} else { 
 set linecard4_output $result
 regsub -all { TOTAL MAC } $linecard4_output "USEDMAC" linecard4_output
 regsub -all { -/- } $linecard4_output "" linecard4_output
 regsub -all "\\s" $linecard4_output "" linecard4_output
 regsub -all "/" $linecard4_output "TOTALMAC" linecard4_output
 regexp {USEDMAC([0-9]*)TOTALMAC([0-9]*)} $linecard4_output linecard4_output
 regexp {USEDMAC([0-9]*)} $linecard4_output USEDMAC_LINECARD4_INGRESS
 regexp {TOTALMAC([0-9]*)} $linecard4_output TOTALMAC_LINECARD4_INGRESS
 regsub -all {[A-Z]} $USEDMAC_LINECARD4_INGRESS "" USEDMAC_LINECARD4_INGRESS
 regsub -all {[A-Z]} $TOTALMAC_LINECARD4_INGRESS "" TOTALMAC_LINECARD4_INGRESS
}
 if {$TOTALMAC_LINECARD4_INGRESS > 63999} {
 set linecard4_ingress_percent [ expr ($USEDMAC_LINECARD4_INGRESS*100.0)/($TOTALMAC_LINECARD4_INGRESS)]
}
 if { $linecard4_ingress_percent > $l2vpnmac_threshold_percent } {
    action_syslog msg "LINECARD4 Mac Adress usage is $USEDMAC_LINECARD4_INGRESS and exceeded the threshold % $l2vpnmac_threshold_percent ! If mac address usage on LINECARD4 reaches up to $TOTALMAC_LINECARD4_INGRESS , traffic might get flooded or dropped depending on the l2vpn configuration of the router"
}
if [catch {cli_close $cli(fd) $cli(tty_id)} result] {
    error $result $errorInfo
}
}
##########################################################
############MAC LINECARD5 INGRESS#########################
##########################################################
if { [ string length $card5check ] > 2 } {
if [catch {cli_open} result] {
    error $result $errorInfo
} else {
    array set cli $result
}
if [catch {cli_exec $cli(fd) "show l2vpn forwarding resource hardware ingress detail location 0/5/CPU0 | include TOTAL MAC"} result] { 
    error $result $errorInfo
} else { 
 set linecard5_output $result
 regsub -all { TOTAL MAC } $linecard5_output "USEDMAC" linecard5_output
 regsub -all { -/- } $linecard5_output "" linecard5_output
 regsub -all "\\s" $linecard5_output "" linecard5_output
 regsub -all "/" $linecard5_output "TOTALMAC" linecard5_output
 regexp {USEDMAC([0-9]*)TOTALMAC([0-9]*)} $linecard5_output linecard5_output
 regexp {USEDMAC([0-9]*)} $linecard5_output USEDMAC_LINECARD5_INGRESS
 regexp {TOTALMAC([0-9]*)} $linecard5_output TOTALMAC_LINECARD5_INGRESS
 regsub -all {[A-Z]} $USEDMAC_LINECARD5_INGRESS "" USEDMAC_LINECARD5_INGRESS
 regsub -all {[A-Z]} $TOTALMAC_LINECARD5_INGRESS "" TOTALMAC_LINECARD5_INGRESS
}
 if {$TOTALMAC_LINECARD0_INGRESS > 63999} {
 set linecard5_ingress_percent [ expr ($USEDMAC_LINECARD5_INGRESS*100.0)/($TOTALMAC_LINECARD5_INGRESS)]
}
 if { $linecard5_ingress_percent > $l2vpnmac_threshold_percent } {
    action_syslog msg "LINECARD5 Mac Adress usage is $USEDMAC_LINECARD5_INGRESS and exceeded the threshold % $l2vpnmac_threshold_percent ! If mac address usage on LINECARD5 reaches up to $TOTALMAC_LINECARD5_INGRESS , traffic might get flooded or dropped depending on the l2vpn configuration of the router"
}
if [catch {cli_close $cli(fd) $cli(tty_id)} result] {
    error $result $errorInfo
}
}
##########################################################
############MAC LINECARD6 INGRESS#########################
##########################################################
if { [ string length $card6check ] > 2 } {
if [catch {cli_open} result] {
    error $result $errorInfo
} else {
    array set cli $result
}
if [catch {cli_exec $cli(fd) "show l2vpn forwarding resource hardware ingress detail location 0/6/CPU0 | include TOTAL MAC"} result] { 
    error $result $errorInfo
} else { 
 set linecard6_output $result
 regsub -all { TOTAL MAC } $linecard6_output "USEDMAC" linecard6_output
 regsub -all { -/- } $linecard6_output "" linecard6_output
 regsub -all "\\s" $linecard6_output "" linecard6_output
 regsub -all "/" $linecard6_output "TOTALMAC" linecard6_output
 regexp {USEDMAC([0-9]*)TOTALMAC([0-9]*)} $linecard6_output linecard6_output
 regexp {USEDMAC([0-9]*)} $linecard6_output USEDMAC_LINECARD6_INGRESS
 regexp {TOTALMAC([0-9]*)} $linecard6_output TOTALMAC_LINECARD6_INGRESS
 regsub -all {[A-Z]} $USEDMAC_LINECARD6_INGRESS "" USEDMAC_LINECARD6_INGRESS
 regsub -all {[A-Z]} $TOTALMAC_LINECARD6_INGRESS "" TOTALMAC_LINECARD6_INGRESS
}
 if {$TOTALMAC_LINECARD6_INGRESS > 63999} {
 set linecard6_ingress_percent [ expr ($USEDMAC_LINECARD6_INGRESS*100.0)/($TOTALMAC_LINECARD6_INGRESS)]
}
 if { $linecard6_ingress_percent > $l2vpnmac_threshold_percent } {
    action_syslog msg "LINECARD6 Mac Adress usage is $USEDMAC_LINECARD6_INGRESS and exceeded the threshold % $l2vpnmac_threshold_percent ! If mac address usage on LINECARD6 reaches up to $TOTALMAC_LINECARD6_INGRESS , traffic might get flooded or dropped depending on the l2vpn configuration of the router"
}
if [catch {cli_close $cli(fd) $cli(tty_id)} result] {
    error $result $errorInfo
}
}
##########################################################
############MAC LINECARD7 INGRESS#########################
##########################################################
if { [ string length $card7check ] > 2 } {
if [catch {cli_open} result] {
    error $result $errorInfo
} else {
    array set cli $result
}
if [catch {cli_exec $cli(fd) "show l2vpn forwarding resource hardware ingress detail location 0/7/CPU0 | include TOTAL MAC"} result] { 
    error $result $errorInfo
} else { 
 set linecard7_output $result
 regsub -all { TOTAL MAC } $linecard7_output "USEDMAC" linecard7_output
 regsub -all { -/- } $linecard7_output "" linecard7_output
 regsub -all "\\s" $linecard7_output "" linecard7_output
 regsub -all "/" $linecard7_output "TOTALMAC" linecard7_output
 regexp {USEDMAC([0-9]*)TOTALMAC([0-9]*)} $linecard7_output linecard7_output
 regexp {USEDMAC([0-9]*)} $linecard7_output USEDMAC_LINECARD7_INGRESS
 regexp {TOTALMAC([0-9]*)} $linecard7_output TOTALMAC_LINECARD7_INGRESS
 regsub -all {[A-Z]} $USEDMAC_LINECARD7_INGRESS "" USEDMAC_LINECARD7_INGRESS
 regsub -all {[A-Z]} $TOTALMAC_LINECARD7_INGRESS "" TOTALMAC_LINECARD7_INGRESS
}
 if {$TOTALMAC_LINECARD7_INGRESS > 63999} {
 set linecard7_ingress_percent [ expr ($USEDMAC_LINECARD7_INGRESS*100.0)/($TOTALMAC_LINECARD7_INGRESS)]
}
 if { $linecard7_ingress_percent > $l2vpnmac_threshold_percent } {
    action_syslog msg "LINECARD7 Mac Adress usage is $USEDMAC_LINECARD7_INGRESS and exceeded the threshold % $l2vpnmac_threshold_percent ! If mac address usage on LINECARD7 reaches up to $TOTALMAC_LINECARD7_INGRESS , traffic might get flooded or dropped depending on the l2vpn configuration of the router"
}
if [catch {cli_close $cli(fd) $cli(tty_id)} result] {
    error $result $errorInfo
}
}
############CLOSE#########################

Activating the Script

After copying the script to a folder, you must define the environment variables  For this script, you must define the warning thresold and a cron entry for repetitive tasks.

(config)# event manager environment l2vpnmac_threshold_percent 85   
(config)# event manager environment l2maccheck 0 * * * * 
(config)# event manager policy  asr9010_l2vpn_mac_check username eem type user

NOTE: make a Google search if you are not familiar with cron entries.  Some examples:

0 * * * *            ------->  0. Minute of every hour
15 * * * *          ------->  15. Minute of every hour
*/10 * * * *    ------->  e very 10 minutes

Multicast RTP Stream Analysis, Using Wireshark or Tshark

Wireshark is one of the best tools that networkers use to analyze captured packets/streams. Using wireshark it is possible to analyse a IP multicast RTP stream. I did use this technique to analyse if there were any problem in network layer that affect IPTV experience. 

  

WIRESHARK MANUAL

• Wireshark and a video player that is capable of receiving multicast should be installed on your PC. I prefer VLC player for such purposes

http://www.wireshark.org/download.html 

http://www.videolan.org/vlc/ 

• If more than one network adapter is installed on your PC, disable  all of them expect the one you need to reach the network. Otherwise there is a chance that your igmp request may not be sent to the right interface 

• Join a multicast channel:

• If  vlc and adapter configurations are right, then video stream should display in vlc like below: 
  

• Keep vlc open and start wireshark. In wireshark select the right network adapter and then start capturing the files coming to that network adapter.

• You should see so many UDP packet during the capture process. Stop capturing whenever you think is enough to analyze.

•  Filter the UDP packets.

• For RTP analysis, right-click on a UDP packet and select “Decode as”. 

• Then select RTP

• If the multicast stream is encapsulated as RTP, you should see details of packets (like mpeg ts, timestamps etc.). Just click on a packet, from Telephony menu, select Stream analysis inside RTP tab. 

• Finally, if everything is right, you shall see a detailed analysis of the RTP stream which includes jitter, delay, sequence errors, duration and else. 

TSHARK

It is also possible to use tshark in Linux environments for the same purpose, and you may use scripts to extract that data and store it in a database. You may build your own multicast network analyzer.  Here is the tshark code: 

“tshark -i eth1 -a duration:600 -q -p -o rtp.heuristic_rtp:TRUE -z rtp,streams -f udp  > /root/output$(date +%Y%m%d_%H%M%S)” 

Generating Bulk Router Configurations Using Python

As a network engineer, sometimes i need to generate bulk configurations, especially for testing purposes. Imagine you are trying to create 300 interfaces with different ip address, it will be a burden if you are writing it down by hand. Below are sample scripts that you could use as a sample to create bulk configurations.

Creating Bulk Interface Configuration with  Sequantial IP Addresses

#!/usr/local/bin/python2.7
a=0
while a<10:
    a=a+1
    #reassign value b to zero thus keep last octet between 1-255
    b=0             
    while b<255: #loop for last octet 
        b=b+4    #in every loop increase ip address by four, which corresponds to /30
        print "interface Port-channel %s" % a
        print "ip address 100.100.100.%s" % b

As seen in the script, there are two while loops. In the first loop the criteria is to keep a variable smaller than 10, which corresponds to port-channel number.

In the second loop (which is inside the first loop), the criteria is to keep b variable smaller than 255, which is the last octet value of the IP address. 

Creating Bulk Policy Configurations For Different Bandwidth Limits

a=0
x=1000000
while a<10:
  a=a+1
  cir=a*x
  bc=cir/40
  print "policy-map %sM-internet" % a
  print "  class class-default"
  print "     police cir %s bc %s conform-action transmit exceed-action drop" %(cir, bc)
  print "  set dscp default"

In python, while loops are generally not suggested if you are not really intending to do something non-lasting, instead you should use for-loops. Here is an example to create bulk configurations using for loops.

Generating Bulk BGP Configurations for IOS-XR

#!/usr/local/bin/python2.7
for x in range ( 1,20 ):
    print "!"
    print ("router bgp 65100")
    print "vrf customer-%d" %x
    print "rd 65100:%d" %(x)
    print "address-family ipv4 unicast"
    print "redistribute connected"
    print "redistribute static"
    print "neighbor 192.66.%d.2" %x
    print "remote-as 10"
    print "address-family ipv4 unicast"
    print "route-policy accept-all in"
    print " route-policy accept-all out"
    print "soft-reconfiguration inbound always"
    print "!"
    print "interface GigabitEthernet0/1/0/0.%d" %(x+10)

You may compile these scripts and see the result either in your pc, or may be on a website like http://www.compileonline.com/execute_python_online.php .

Python, The Right Language for (non)-Programmer Networkers, Where to Start ?

Network management is changing, nowadays in every network event, the hot topics  are SDN,  Virtualization of network services, Open platforms, efforts on seperating hardware from software etc. Whatever the widespread method will be, there will be more innovation in network management and there will be need for networkers with some programming skills. Thus so many networkers have some motivation to learn some programming language, as i am. 

I think that the right language to start with, for non-programmer networkers, is Python It is efficient, fast & easy and now is the most popular introductory language at American colleges, a recent Association for Computing Machinery study reports. 

I have searched through the internet for right sources, and tried some of them, as a result, here are the sources i think that a non-programmer networker should follow to learn Python:

• Learn Python the Hard Way is an excellent beginner programmer’s guide to Python. It covers “hello world” from the console to the web.

Once you start and getting through stages of the book, may be you will also do not like how “learn python the hard way” explains class-object logic. If you are then you should also visit Jeff Knupp’s pages: 

• http://www.jeffknupp.com/blog/2014/06/18/improve-your-python-python-classes-and-object-oriented-programming/

On my following blogs, i will keep posting about python hints (like which telnet or python library you may use for automation…) that networkers might benefit.