A perl script to convert Cisco IOS/Nexus/ASA configurations to HTML for easier comprehension

Nanog,

     (This is me scratching an itch of my own and hoping that sharing it might be useful to others on this list. Apologies if it isn't)

   When I'm trying to comprehend a new or complicated Cisco router, switch or firewall configuration an old pet-peeve of mine is how needlessly difficult it is to follow deeply nested logic in route-maps, ACLs, QoS policy-maps etc etc

To make this a bit simpler I’ve been working on a perl script to convert these text-based configuration files into HTML with links between the different elements (e.g. To an access-list from the interface where it’s applied, from policy-maps to class-maps etc), hopefully making it easier to to follow the chain of logic via clicking links and using the forward and back buttons in your browser to go back and forth between command and referenced list.

I've put the script itself up here <https://github.com/jlmcgraw/network_configuration_navigator>:
https://github.com/jlmcgraw/network_configuration_navigator

See here <ttp://htmlpreview.github.com/?https://github.com/jlmcgraw/network_configuration_navigator/blob/master/examples/html_test_case_1.cfg.html> for output examples
http://htmlpreview.github.com/?https://github.com/jlmcgraw/network_configuration_navigator/blob/master/examples/html_test_case_1.cfg.html

Here's a quick web demo <https://hidden-waters-8218.herokuapp.com/> on Heroku
https://hidden-waters-8218.herokuapp.com/
     (This is just a simple web front-end to the script. I'm not a web-savvy guy so I'm sure it's poorly coded and terribly insecure.
     Please don't upload anything sensitive to this, it's just for testing!)

I know there is a lot of stuff that could be done better so let me know if you think of anything new or notice something I’ve done wrong.

One unexpected thing that has come out of this script is the ability to catch items that are defined but never actually used, whether it's due to a fat-finger or just being leftover cruft. This has proven very valuable in catching mistakes that are otherwise hard to spot. Unfortunately the script can't currently catch the inverse (things that are called but never defined) due to the way the regexes are constructed

Surely this has all been done before but I couldn't find anything in a few brief moments of searching so here we are.

-Jesse

Notes:
     See the box on the right for a key and links to jump to the first line of the various types of sections or unused items

     There are some command-line options for reformatting (make some numbers that are hard to read into more human-readable ones, add colors to permits/denies, scrub sensitive info etc, remove some redundancy). Try and see what you like.

     If you run it against multiple configuration files at once it will also attempt to link between them when applicable (e.g. BGP neighbors, route next hops, interfaces on the same subnet etc). I regularly use it on a ~900 configuration files set with no problems

     Developed under Ubuntu Linux, somewhat tested on Windows but not at all on OS

     Based on configs that I work with so it doesn't cover all possible commands. Send patches!

dunno about creating web pages, but
https://www.nanog.org/meetings/abstract?id=785
has a section on showing filters that are defined but not referenced &
referenced but not defined

Regards,
Lee

Neat!

dunno about creating web pages, but
https://www.nanog.org/meetings/abstract?id=785
has a section on showing filters that are defined but not referenced &
referenced but not defined

In IOS-XR it is one command "sho rpl unused ?"
RP/0/RSP0/CPU0:petach-tikva-gp#show rpl unused ?
  as-path-set Display as-path-set objects
  community-set Display community-set objects
  extcommunity-set Display extended community objects
  prefix-set Display prefix-set objects
  rd-set Display rd-set objects
  route-policy Display route-policy objects
  tag-set Display tag-set objects

RP/0/RSP0/CPU0:petach-tikva-gp#show rpl unused prefix
Fri Oct 7 08:24:53.237 IDT

ACTIVE -- Referenced by at least one policy which is attached
INACTIVE -- Only referenced by policies which are not attached
UNUSED -- Not attached (directly or indirectly) and not referenced

-Hank

I'm actually starting to miss being out of the game. I'm retired, so
don't have access to anything running IOS-XR. Just out of curiosity,
how does the output of 'show rpl unused prefix' compare to the output
of the script at http://pastebin.com/pem7tHAJ

Thanks,
Lee

Samples:

RP/0/RSP0/CPU0:petach-tikva-gp#sho rpl unused as-path
Sat Oct 8 20:03:22.975 IDT

ACTIVE -- Referenced by at least one policy which is attached
INACTIVE -- Only referenced by policies which are not attached
UNUSED -- Not attached (directly or indirectly) and not referenced

The following as-path-sets are UNUSED

Way cool. Now to hook it into RANCID....

dunno about creating web pages, but
https://www.nanog.org/meetings/abstract?id=785
has a section on showing filters that are defined but not referenced &
referenced but not defined

In IOS-XR it is one command "sho rpl unused ?"
RP/0/RSP0/CPU0:petach-tikva-gp#show rpl unused ?
  as-path-set Display as-path-set objects
  community-set Display community-set objects
  extcommunity-set Display extended community objects
  prefix-set Display prefix-set objects
  rd-set Display rd-set objects
  route-policy Display route-policy objects
  tag-set Display tag-set objects

RP/0/RSP0/CPU0:petach-tikva-gp#show rpl unused prefix
Fri Oct 7 08:24:53.237 IDT

ACTIVE -- Referenced by at least one policy which is attached
INACTIVE -- Only referenced by policies which are not attached
UNUSED -- Not attached (directly or indirectly) and not referenced

I'm actually starting to miss being out of the game. I'm retired, so
don't have access to anything running IOS-XR. Just out of curiosity,
how does the output of 'show rpl unused prefix' compare to the output
of the script at http://pastebin.com/pem7tHAJ

Thanks,
Lee

Samples:

   <.. snip samples ..>
  interesting.. thanks!

Note the sloppy code - sometimes they state UNUSED and sometimes
(UNUSED). Or "the following policies are"... rather than "the following
routing policies are". Just plain sloppy Cisco coding and poor QA. And
once you delete these unreferenced objects, "show rpl unused" will still
show them since there is a bug in Cisco code (CSCuy07932/CSCug9153). See:
http://www.gossamer-threads.com/lists/cisco/nsp/192481
for details.

Which is why I like having the source code -- there's the possibility
of fixing whatever myself instead of having to wait for the vendor to
fix it :slight_smile:

Thanks,
Lee

It looks like what I did in 2.3.8 should still work - control_rancid
puts the diff output into $TMP.diff so add this bit:
grep "^Index: " $TMP.diff | awk '/^Index: configs/{
if ( ! got1 ) { printf("/usr/local/bin/myscript.sh "); got1=1; }
printf("%s ", $2)
}
END{ printf("\n") }
' >$TMP.doit
/bin/sh $TMP.doit >$TMP.out
if [ -s $TMP.out ] ; then
   .. send mail / whatever
rm $TMP.doit $TMP.out
fi

Regards,
Lee

Give these a shot. https://github.com/jlmcgraw/networkUtilities

I know J could use a little feedback on those as well but all in all they are pretty solid.

Give these a shot. https://github.com/jlmcgraw/networkUtilities

I know J could use a little feedback on those as well but all in all they
are pretty solid.

Where does one get Modern/Perl.pm ?

Can't locate Modern/Perl.pm in @INC (you may need to install the
Modern::Perl module) (@INC contains: /tmp/local/lib/perl5
/usr/lib/perl5/site_perl/5.22/i686-cygwin-threads-64int
/usr/lib/perl5/site_perl/5.22
/usr/lib/perl5/vendor_perl/5.22/i686-cygwin-threads-64int
/usr/lib/perl5/vendor_perl/5.22
/usr/lib/perl5/5.22/i686-cygwin-threads-64int /usr/lib/perl5/5.22 .)
at /tmp/iosToHtml.pl line 87.
BEGIN failed--compilation aborted at /tmp/iosToHtml.pl line 87.

Lee

Cpan? Cpan minus? Or just download [1] and there's probably a Make::Maker
or similar Build.PL to build a makefile or just install it for you -
there's a #perl channel on freenode if you need more and Google doesn't get
you set.

1.
http://search.cpan.org/~chromatic/Modern-Perl-1.20161005/lib/Modern/Perl.pm

Lee,

   Check out the setup.sh script, hopefully it does everything necessary to get the script working on a Debian-derived Linux system

I've attempted to make the only globally-installed dependencies be cpanm and carton. Once those are installed it uses carton to install the dependencies locally

Thanks for chiming in Jesse.

Lee,

   Check out the setup.sh script, hopefully it does everything necessary
to get the script working on a Debian-derived Linux system

I'm using Windows + Cygwin; maybe it's just that I don't have them
installed, but there is no sudo or apt so setup.sh isn't going to work
for me. So while I was interested in seeing what this bit looked like

If you run it against multiple configuration files at once it will also attempt to link
between them when applicable (e.g. BGP neighbors, route next hops, interfaces
on the same subnet etc).

I'm not willing to take any more time on this.

I appreciate all the people who've tried to help but at least for now, I'm done.

Thanks,
Lee

Lee,

   Check out the setup.sh script, hopefully it does everything necessary
to get the script working on a Debian-derived Linux system

I'm using Windows + Cygwin; maybe it's just that I don't have them
installed, but there is no sudo or apt so setup.sh isn't going to work
for me. So while I was interested in seeing what this bit looked like

Have you tried Bash on Windows 10:
http://www.howtogeek.com/249966/how-to-install-and-use-the-linux-bash-shell-on-windows-10/
http://www.pcworld.com/article/3106463/windows/how-to-get-bash-on-windows-10-with-the-anniversary-update.html

-Hank

Lee,

   FWIW, the script will work under straight Windows and I use it there frequently.

I think Strawberry perl comes with cpanm (cpanminus) pre-installed so you can do:

     "cpanm Carton"

and then cd to wherever you've got the script saved and do:

     "carton install"

to install the dependencies

Or, if you've got a set of configs with nothing sensitive/private left in them, try the simple web version I set up:

https://hidden-waters-8218.herokuapp.com/

If I had a Windows VM setup I'd come up with a setup.bat