How I can build IOS-XE SDWAN configuration auditor tool with Python RegEx & Netmiko
Hi everyone today in this blog I’ll talking about how I build my simple IOS-XE SDWAN configuration auditor tool with Python Regular Expression (RegEx) & Netmiko.
First of all why I start to building this tool ?
With powered of Cisco SDWAN we can on-boarding the WAN Edge router (eg. ISR 1K, 4K or Catalyst 8K series) with ZTP (Zero Touch Provisioning) you just plugged sdwan router to an internet and then the device will register with Cisco Plug & Play (PnP) portal and start on-boarding process automatically.
But in some scenario if we cannot do a ZTP we have another option to configure a device manually through CLI and I just want to ensure that my configuration is ready for device on-boarding.
This blog will focusing on how to use Python RegEx to capture and verify the running-configuration.
Let’s starting with import a python library to our script.
from netmiko import ConnectHandler, ssh_exception
import re
import getpass
import signal
import sysTake a look into more details of these library:
netmiko: using for ssh connection handler.
re: using for regular expression
getpass: using for hidden the ssh password.
signal, sys: using for keyboard interruption handler (eg: control + c).
Create a dictionary which is contain a device detail for netmiko.
device = {
"host" : input("Enter Device IP Address: "),
"username" : input("Username: "),
"password" : getpass.getpass("Password: "),
"device_type" : "cisco_ios",
"fast_cli" : True
}Create a function called “device_audit” for all of the auditing task and start the ssh connection with “device_connect” variable.
Next I send the show command to get the existing configuration of the device, In this example I would like to check whether “Interface Tunnel0” exist on the running configuration or not with this syntax: “device_connect.send_command(“sh run | incl interface Tunnel”)”
If the configuration exist this command will return a result and store it into “tunnel_config” variable. If the configuration not exist it return nothing.
def device_audit():try:with ConnectHandler(**device) as device_connect:print("Auditing configuration..\n")device_connect.enable()# checking sdwan tunnel interface configrationtunnel_config = device_connect.send_command("sh run | incl interface Tunnel")
Now I already got the existing configuration then I need to match this configure with RegEx I used a “Search” function to match the string as below code.
match_reg_tunnel_intf = re.search(r"interface\sTunnel\d", tunnel_config)Let me explain more about what happened inside?
“re.search” use to match the string with this pattern “interface\sTunnel\d”
The “\s” return a match where the string contain a whitespace and “\d” return a match where the string contain a digit. The actual configure on the device is “interface Tunnel0” as you can see this string contain a whitespace between “interface” and “Tunnel” by the end of the string also contain a “0” which is a digit.
I used a very simple condition to match the string and return the result.
if match_reg_tunnel_intf:
print("Tunnel interface check passed\n")
else:
print("Tunnel interface configuration not found\n")This is just for the example I have also uploaded a full code of this script on Github you can find the link to view a full version by the end of this blog.
Let’s take a look into the full result:
IOS-XE SD-WAN Onbording Configuration Auditor ToolEnter Device IP Address: 192.168.8.140Username: adminPassword:Auditing configuration..Tunnel interface configuration checking...Tunnel interface check passed
SD-WAN Tunnel interface configuration checking..SD-WAN Tunnel interface check passed
Default route configuration checking..No default route configured
DNS configuration checking..DNS check passed
System ip checking..System ip check passed
vBond configuration checking..vBond check passed
SP-Organization name configuration checking..SP-Organization-name check passed
Organization name configuration checking..Organization-name check passed
Site-id configuration checking..Site-id configuration check passed
Configuration Audit Succeeded
All done for today I hope this blog will give you some idea about how to leverage Python for network automation task.
Here is a full python code on my Github:
https://github.com/jirapat193/IOS-XE-SDWAN-Config-Auditor-tool
Thank you for reading.
See you next time.
Jirapat Srimarut
