[191989] in North American Network Operators' Group
Re: A perl script to convert Cisco IOS/Nexus/ASA configurations to
daemon@ATHENA.MIT.EDU (Mike Hale)
Thu Oct 6 17:37:15 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <878c4ccb-4d1b-dbb4-097f-a879e241ac01@gmail.com>
From: Mike Hale <eyeronic.design@gmail.com>
Date: Thu, 6 Oct 2016 14:37:11 -0700
To: Jesse McGraw <jlmcgraw@gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Neat!
On Thu, Oct 6, 2016 at 1:26 PM, Jesse McGraw <jlmcgraw@gmail.com> wrote:
> Nanog,
>
> (This is me scratching an itch of my own and hoping that sharing it
> might be useful to others on this list. Apologies if it isn't)
>
> When I'm trying to comprehend a new or complicated Cisco router, switch=
or
> firewall configuration an old pet-peeve of mine is how needlessly difficu=
lt
> it is to follow deeply nested logic in route-maps, ACLs, QoS policy-maps =
etc
> etc
>
> To make this a bit simpler I=E2=80=99ve been working on a perl script to =
convert
> these text-based configuration files into HTML with links between the
> different elements (e.g. To an access-list from the interface where it=E2=
=80=99s
> applied, from policy-maps to class-maps etc), hopefully making it easier =
to
> to follow the chain of logic via clicking links and using the forward and
> back buttons in your browser to go back and forth between command and
> referenced list.
>
>
> I've put the script itself up here
> <https://github.com/jlmcgraw/network_configuration_navigator>:
> https://github.com/jlmcgraw/network_configuration_navigator
>
> See here
> <ttp://htmlpreview.github.com/?https://github.com/jlmcgraw/network_config=
uration_navigator/blob/master/examples/html_test_case_1.cfg.html>
> for output examples
> http://htmlpreview.github.com/?https://github.com/jlmcgraw/network_config=
uration_navigator/blob/master/examples/html_test_case_1.cfg.html
>
> Here's a quick web demo <https://hidden-waters-8218.herokuapp.com/> on
> Heroku
> https://hidden-waters-8218.herokuapp.com/
> (This is just a simple web front-end to the script. I'm not a web-sa=
vvy
> guy so I'm sure it's poorly coded and terribly insecure.
> Please don't upload anything sensitive to this, it's just for testing=
!)
>
> I know there is a lot of stuff that could be done better so let me know i=
f
> you think of anything new or notice something I=E2=80=99ve done wrong.
>
> One unexpected thing that has come out of this script is the ability to
> catch items that are defined but never actually used, whether it's due to=
a
> fat-finger or just being leftover cruft. This has proven very valuable in
> catching mistakes that are otherwise hard to spot. Unfortunately the scr=
ipt
> can't currently catch the inverse (things that are called but never defin=
ed)
> due to the way the regexes are constructed
>
> Surely this has all been done before but I couldn't find anything in a fe=
w
> brief moments of searching so here we are.
>
> -Jesse
>
>
>
> Notes:
> See the box on the right for a key and links to jump to the first lin=
e
> of the various types of sections or unused items
>
> There are some command-line options for reformatting (make some numbe=
rs
> that are hard to read into more human-readable ones, add colors to
> permits/denies, scrub sensitive info etc, remove some redundancy). Try a=
nd
> see what you like.
>
> If you run it against multiple configuration files at once it will al=
so
> attempt to link between them when applicable (e.g. BGP neighbors, route n=
ext
> hops, interfaces on the same subnet etc). I regularly use it on a ~900
> configuration files set with no problems
>
> Developed under Ubuntu Linux, somewhat tested on Windows but not at a=
ll
> on OS
>
> Based on configs that I work with so it doesn't cover all possible
> commands. Send patches!
--=20
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
