general‐purpose‐scripts - leofurtadonyc/Network-Automation GitHub Wiki
These scripts serve various purposes in working with computer networks. They handle simple tasks and are not fancy, but they can be useful for experimenting with Python in network automation. Enjoy!
generate-routingpolicy-prefixes.py: Generate network configurations from AS-SET and ASN details.get-as-rank.py: It looks up ASN details using AS Rank API.get-as-set.py: The script, when provided with an Autonomous System Number, will generate a report based on the data of that ASN as observed in PeeringDB and CAIDA's AS Rank API.get-bgpview.py: Retrieve useful ASN-related data, including prefixes, upstream, downstream, and others by using BGPView API.get-customer-prefixes.py: Given an Autonomous System Number, the script will display AS, AS-SET and IRR Route Object information.get-devices-neighbors.py: It collects and displays information about neighboring devices based on various data structures, such as routing protocols, LLDP, and ARP tables.get-runningconfigs.py: It retrieves running configurations from network devices, as specified in a YAML file, and stores them in separate files.get-whois.py: It fetches WHOIS data for a given ASN and AS-SET.mac-finder.py: It is a MAC Address vendor finder.port-scanner.py: It is a port scanner, supporting both IPv4 and IPv6, and some UDP port guessing as well.lab-devices.yaml: A sample of network devices so some of these scripts can work with.get-aggregates.py: Generate an IPv4 or IPv6 prefix aggregation planning report.
What does get-as-rank.py do?
It will check CAIDA's AS Rank API and return its data to the user:
python get-as-rank.py -h
____ _ _ ____ ____ _
/ ___| ___| |_ / \ / ___| | _ \ __ _ _ __ | | __
| | _ / _ \ __| / _ \ \___ \ | |_) / _` | '_ \| |/ /
| |_| | __/ |_ / ___ \ ___) | | _ < (_| | | | | <
\____|\___|\__| /_/ \_\____/ |_| \_\__,_|_| |_|_|\_\
https://github.com/leofurtadonyc/Network-Automation
usage: get-as-rank.py [-h] asn
Look up ASN details using AS Rank API.
positional arguments:
asn ASN we are looking up
options:
-h, --help show this help message and exit
What does get-as-set.py do?
Once provided with an Autonomous System Number (ASN), this script works in such a way that it initiates displaying a basic report based on the data corresponding to the given ASN. The data is sourced from a highly credible and widely recognized database - the PeeringDB.
PeeringDB is a freely available, user-maintained database of networks, and its peering policies facilitate peering coordinators in finding potential networks to peer with. This simple report can be an interesting tool for network engineers and peering coordinators in decision-making.
This script can be adapted to work alongside other scripts to extract relevant data from ASNs in PeeringDB. This allows us to parse particular data from specific fields, making other important tasks for your project or deployment easier. For instance, we can read the IRR as-set/route-set field and process it, so another function in a different script can use it for its intended purposes.
How to use it?
It is pretty simple: you invoke it and inform the Autonomous System Number of your interest.
python get-as-set.py -h
usage: get-as-set.py [-h] asn
Query ASN details on PeeringDB.
positional arguments:
asn Autonomous System Number (ASN).
options:
-h, --help show this help message and exit
For example:
python get-as-set.py 16509
Details of ASN in PeeringDB:
----------------------------
Organization: Amazon.com, Inc.
Company Website: https://www.amazon.com
ASN: AS16509
IRR as-set/route-set: AS16509:AS-AMAZON
Route Server URL:
Looking Glass URL:
Network Type: Enterprise
IPv4 Prefixes: 12000
IPv6 Prefixes: 6000
Geographic Scope: Global
Protocols Supported: IPv6 & IPv4
Last Updated: 2024-03-26T22:02:30Z
bgpview.py
This tool queries BGPView's API to return useful data about ASN, including its prefixes, downstreams, upstreams, and more. To get the returned data in JSON format, combine each flag with --json.
python get-bgpview.py -h
____ ____ ______ _____ _______ __ ____ _ ___
| __ ) / ___| _ \ \ / /_ _| ____\ \ / / / ___| | |_ _|
| _ \| | _| |_) \ \ / / | || _| \ \ /\ / / | | | | | |
| |_) | |_| | __/ \ V / | || |___ \ V V / | |___| |___ | |
|____/ \____|_| \_/ |___|_____| \_/\_/ \____|_____|___|
https://github.com/leofurtadonyc/Network-Automation
usage: get-bgpview.py [-h] [--search SEARCH] [--ip-details IP_DETAILS] [--ix IX] [--prefix PREFIX PREFIX] [--asn-downstreams ASN_DOWNSTREAMS] [--asn-upstreams ASN_UPSTREAMS]
[--asn-peers ASN_PEERS] [--asn-prefixes ASN_PREFIXES] [--asn-details ASN_DETAILS] [--json]
BGPView CLI Tool
options:
-h, --help show this help message and exit
--search SEARCH Search resources by ASN, IP, prefix, name, or description
--ip-details IP_DETAILS
Fetch details for a specific IP address
--ix IX Fetch details for a specific IX ID
--prefix PREFIX PREFIX
Fetch details for a specific prefix
--asn-downstreams ASN_DOWNSTREAMS
Fetch downstreams for a specific ASN
--asn-upstreams ASN_UPSTREAMS
Fetch upstreams for a specific ASN
--asn-peers ASN_PEERS
Fetch peers for a specific ASN
--asn-prefixes ASN_PREFIXES
Fetch prefixes for a specific ASN
--asn-details ASN_DETAILS
Fetch details for a specific ASN
--json Display raw JSON output
There is also an alternative option with streamlit_bgpview.py, an attempt to make this bgpview code compatible with Streamlit. It's not entirely complete yet, but you might want to test it and see for yourself. It requires Streamlit.
streamlit run streamlit_bgpview.py
You can now view your Streamlit app in your browser.
Local URL: http://localhost:8501
Network URL: http://192.168.0.38:8501
For better performance, install the Watchdog module:
$ xcode-select --install
$ pip install watchdog
What does get-devices-neighbors do?
This script is designed to capture and display structured data from various network devices. It is a combination of NAPALM operations and explicit commands executed on network devices.
It includes capturing and displaying information from LLDP (Link Layer Discovery Protocol) neighbors, which reveals the network devices that are directly connected; also displaying OSPF (Open Shortest Path First) adjacencies, crucial for determining the network's routing path, BGP (Border Gateway Protocol) sessions that inform core routing decisions, and ARP (Address Resolution Protocol) tables, which map IP addresses to physical addresses on the local network. Next, the script will display that structured report on the screen.
This report is somewhat versatile in the sense that it can serve various purposes. Some users may utilize it to capture essential information about LLDP, OSPF, BGP, and ARP from network devices. Others might parse the report and feed it into other scripts and tasks to achieve different objectives.
Overall, this is a quite basic script that performs a very simple task. However, it provides an interesting opportunity to learn and experiment with Python and NAPALM. You may want to adjust it to meet your needs or explore other possibilities using NAPALM or other tools.
How to use it?
The devices the script will connect to and from which it will retrieve data are specified in the code. If you prefer, you can modify the script to use a YAML or JSON file instead. This is a straightforward process. If you want to use the script as it is, simply change the device names and IP addresses in the following block:
devices = [
{'name': 'ISP-2', 'host': '172.31.255.201', 'type': 'ios'},
{'name': 'ISP-1', 'host': '172.31.255.202', 'type': 'ios'},
{'name': 'Junos', 'host': '172.31.255.203', 'type': 'junos'},
{'name': 'PE-ASR9K', 'host': '172.31.255.204', 'type': 'iosxr'},
]
Examples
Ensure to change the information about the network devices in the corresponding block as shown above, then run it:
python get-devices-neighbors.py
************************************
* NETWORK ROUTING NEIGHBORS REPORT *
************************************
***************************
* LLDP neighbors to ISP-2 *
***************************
Interface: Ethernet0/2, Neighbor: 2C:6B:F5:62:CA:C0, Interface: 529
Interface: Ethernet0/0, Neighbor: ISP-2.lab, Interface: Et0/0
**********************
* ARP table to ISP-2 *
**********************
Interface: Ethernet0/0, MAC address: AA:BB:CC:00:A0:00, IP address: 172.31.255.1
Interface: Ethernet0/0, MAC address: AA:BB:CC:00:B0:00, IP address: 172.31.255.2
Interface: Ethernet0/2, MAC address: AA:BB:CC:00:A0:20, IP address: 172.31.255.5
Interface: Ethernet0/2, MAC address: 50:00:00:04:00:04, IP address: 172.31.255.6
Interface: Ethernet0/3, MAC address: 6A:4A:4E:96:43:A2, IP address: 192.168.255.1
Interface: Ethernet0/3, MAC address: AA:BB:CC:00:A0:30, IP address: 192.168.255.10
*****************************
* OSPF adjacencies to ISP-2 *
*****************************
Neighbor ID Pri State Dead Time Address Interface
172.31.255.203 0 FULL/ - 00:00:34 172.31.255.6 Ethernet0/2
172.31.255.202 0 FULL/ - 00:00:36 172.31.255.2 Ethernet0/0
**************************
* BGP neighbors to ISP-2 *
**************************
Neighbor: 172.31.255.202 | Uptime: 795 | Received prefixes: N/A
Neighbor: 172.31.255.203 | Uptime: 121 | Received prefixes: N/A
Neighbor: 172.31.255.204 | Uptime: 256 | Received prefixes: N/A
***************************
* LLDP neighbors to ISP-1 *
***************************
Interface: Ethernet0/0, Neighbor: ISP-1.lab, Interface: Et0/0
Interface: Ethernet0/2, Neighbor: PE-ASR9K.lab, Interface: Gi0/0/0/2
**********************
* ARP table to ISP-1 *
**********************
Interface: Ethernet0/0, MAC address: AA:BB:CC:00:A0:00, IP address: 172.31.255.1
Interface: Ethernet0/0, MAC address: AA:BB:CC:00:B0:00, IP address: 172.31.255.2
Interface: Ethernet0/2, MAC address: AA:BB:CC:00:B0:20, IP address: 172.31.255.9
Interface: Ethernet0/2, MAC address: 50:00:00:02:00:03, IP address: 172.31.255.10
*****************************
* OSPF adjacencies to ISP-1 *
*****************************
Neighbor ID Pri State Dead Time Address Interface
172.31.255.204 0 FULL/ - 00:00:32 172.31.255.10 Ethernet0/2
172.31.255.201 0 FULL/ - 00:00:35 172.31.255.1 Ethernet0/0
**************************
* BGP neighbors to ISP-1 *
**************************
Neighbor: 172.31.255.201 | Uptime: 798 | Received prefixes: N/A
Neighbor: 172.31.255.203 | Uptime: 109 | Received prefixes: N/A
Neighbor: 172.31.255.204 | Uptime: 257 | Received prefixes: N/A
***************************
* LLDP neighbors to Junos *
***************************
Interface: ge-0/0/0, Neighbor: PE-ASR9K.lab, Interface: Gi0/0/0/0
Interface: ge-0/0/2, Neighbor: ISP-1.lab, Interface: Et0/2
**********************
* ARP table to Junos *
**********************
Interface: em1.0, MAC address: 50:00:00:04:00:01, IP address: 128.0.0.16
Interface: ge-0/0/2.0, MAC address: AA:BB:CC:00:A0:20, IP address: 172.31.255.5
Interface: ge-0/0/0.0, MAC address: 50:00:00:02:00:01, IP address: 172.31.255.14
*****************************
* OSPF adjacencies to Junos *
*****************************
Address Interface State ID Pri Dead
172.31.255.14 ge-0/0/0.0 Full 172.31.255.204 1 39
172.31.255.5 ge-0/0/2.0 Full 172.31.255.201 1 38
**************************
* BGP neighbors to Junos *
**************************
Neighbor: 172.31.255.201 | Uptime: 132 | Received prefixes: N/A
Neighbor: 172.31.255.202 | Uptime: 117 | Received prefixes: N/A
Neighbor: 172.31.255.204 | Uptime: 126 | Received prefixes: N/A
******************************
* LLDP neighbors to PE-ASR9K *
******************************
Interface: Gi0/0/0/0, Neighbor: [DISABLED], Interface: 527
*************************
* ARP table to PE-ASR9K *
*************************
Interface: GigabitEthernet0/0/0/2, MAC address: AA:BB:CC:00:B0:20, IP address: 172.31.255.9
Interface: GigabitEthernet0/0/0/2, MAC address: 50:00:00:02:00:03, IP address: 172.31.255.10
Interface: GigabitEthernet0/0/0/0, MAC address: 50:00:00:04:00:02, IP address: 172.31.255.13
Interface: GigabitEthernet0/0/0/0, MAC address: 50:00:00:02:00:01, IP address: 172.31.255.14
********************************
* OSPF adjacencies to PE-ASR9K *
********************************
* Indicates MADJ interface
# Indicates Neighbor awaiting BFD session up
Neighbors for OSPF LAB
Neighbor ID Pri State Dead Time Address Interface
172.31.255.203 128 FULL/ - 00:00:33 172.31.255.13 GigabitEthernet0/0/0/0
Neighbor is up for 00:02:25
172.31.255.202 1 FULL/ - 00:00:33 172.31.255.9 GigabitEthernet0/0/0/2
Neighbor is up for 00:04:41
Total neighbor count: 2
*****************************
* BGP neighbors to PE-ASR9K *
*****************************
Neighbor: 172.31.255.201 | Uptime: 275 | Received prefixes: N/A
Neighbor: 172.31.255.202 | Uptime: 273 | Received prefixes: N/A
Neighbor: 172.31.255.203 | Uptime: 135 | Received prefixes: N/A
Formatted outputs from TextFSM:
**************
* ARP Tables *
**************
**********************
* ARP Table to ISP-2 *
**********************
interface mac ip
----------- ----------------- --------------
Ethernet0/0 AA:BB:CC:00:A0:00 172.31.255.1
Ethernet0/0 AA:BB:CC:00:B0:00 172.31.255.2
Ethernet0/2 AA:BB:CC:00:A0:20 172.31.255.5
Ethernet0/2 50:00:00:04:00:04 172.31.255.6
Ethernet0/3 6A:4A:4E:96:43:A2 192.168.255.1
Ethernet0/3 AA:BB:CC:00:A0:30 192.168.255.10
**********************
* ARP Table to ISP-1 *
**********************
interface mac ip
----------- ----------------- -------------
Ethernet0/0 AA:BB:CC:00:A0:00 172.31.255.1
Ethernet0/0 AA:BB:CC:00:B0:00 172.31.255.2
Ethernet0/2 AA:BB:CC:00:B0:20 172.31.255.9
Ethernet0/2 50:00:00:02:00:03 172.31.255.10
**********************
* ARP Table to Junos *
**********************
interface mac ip
----------- ----------------- -------------
em1.0 50:00:00:04:00:01 128.0.0.16
ge-0/0/2.0 AA:BB:CC:00:A0:20 172.31.255.5
ge-0/0/0.0 50:00:00:02:00:01 172.31.255.14
*************************
* ARP Table to PE-ASR9K *
*************************
interface mac ip
---------------------- ----------------- -------------
GigabitEthernet0/0/0/2 AA:BB:CC:00:B0:20 172.31.255.9
GigabitEthernet0/0/0/2 50:00:00:02:00:03 172.31.255.10
GigabitEthernet0/0/0/0 50:00:00:04:00:02 172.31.255.13
GigabitEthernet0/0/0/0 50:00:00:02:00:01 172.31.255.14
************************************
* Graphical View of LLDP Neighbors *
************************************
┌───────────────────┐ ┌────────────────┐ ┌───────────────────┐ ┌───────────────────┐ ┌────────────────────┐ ┌───────────────────┐ ┌────────────────┐
│ISP-1 (Ethernet0/2)│ │Junos (ge-0/0/2)│ │ISP-1 (Ethernet0/0)│ │ISP-2 (Ethernet0/0)│ │PE-ASR9K (Gi0/0/0/0)│ │ISP-2 (Ethernet0/2)│ │Junos (ge-0/0/0)│
└────────────┬──────┘ └─────────────┬──┘ └──────────────┬────┘ └────────────┬──────┘ └──────────┬─────────┘ └─────────┬─────────┘ └──────────────┬─┘
│ │ │ │ │ │ │
v v v v v v v
┌────────────────────────┐ ┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐ ┌────────────────┐ ┌───────────────────────┐ ┌────────────────────────┐
│PE-ASR9K.lab (Gi0/0/0/2)│ │ISP-1.lab (Et0/2)│ │ISP-1.lab (Et0/0)│ │ISP-2.lab (Et0/0)│ │[DISABLED] (527)│ │2C:6B:F5:62:CA:C0 (529)│ │PE-ASR9K.lab (Gi0/0/0/0)│
└────────────────────────┘ └─────────────────┘ └─────────────────┘ └─────────────────┘ └────────────────┘ └───────────────────────┘ └────────────────────────┘
*********************
* Execution Details *
*********************
Operator: root
Execution Date and Time: 2024-04-19 13:03:09
Total Time of Execution: 21.85 seconds
What does get-running-configs do?
The primary function of this script is to connect to network devices, retrieve their running configurations, and store them in individual device-named folders with timestamps. It serves solely as a backup tool; nothing more than that. It does not modify the network devices, their configurations, or the saved files after they're stored in their respective folders. The names, types, and IP addresses of devices are kept in a separate YAML file.
How does it work?
In essence, you only need to modify the YAML file to match your requirements or create a new one with your chosen name. Then, provide the name of that YAML file as an argument.
The contents of the YAML file:
devices:
- ip_address: 10.2.0.1
device_type: 'cisco_xe'
hostname: 'cisco-router-1'
- ip_address: 10.2.0.2
device_type: 'cisco_xe'
hostname: 'cisco-router-2'
- ip_address: 10.2.0.3
device_type: 'cisco_xe'
hostname: 'cisco-router-3'
- ip_address: 10.2.0.4
device_type: 'huawei_vrp'
hostname: 'huawei-switch-1'
- ip_address: 10.2.0.5
device_type: 'huawei_vrp'
hostname: 'huawei-switch-2'
- ip_address: 10.2.0.6
device_type: 'huawei_vrp'
hostname: 'huawei-switch-3'
- ip_address: 10.2.0.7
device_type: 'cisco_xr'
hostname: 'cisco-iosxr-1'
- ip_address: 10.2.0.8
device_type: 'cisco_xr'
hostname: 'cisco-iosxr-2'
- ip_address: 10.2.0.9
device_type: 'juniper_junos'
hostname: 'juniper-junos-1'
You might need to modify the retrieve_config function to add support for your specific device type. Currently, it supports operations for Cisco IOS, Cisco IOS XE, Cisco IOS XR, Juniper Junos, and Huawei VRP, such as adjusting the terminal length and obtaining the running configurations.
Also, thanks to getpass, this script will prompt you for a username and password, which are the same ones used to connect to your network devices, either in-band or out-of-band. It does NOT store these credentials anywhere.
The retrieved configurations will be saved in the get-runningconfigs/configs folder. If it doesn't exist, this script will create one.
The script in action:
python get-runningconfigs.py network-devices.yaml
Enter username: leofurtado
Enter password:
Accessing and collecting running configurations from device list, please wait...
Accessing and collecting running configurations from device list, please wait...
Accessing and collecting running configurations from device list, please wait...
Accessing and collecting running configurations from device list, please wait...
Accessing and collecting running configurations from device list, please wait...
Accessing and collecting running configurations from device list, please wait...
Accessing and collecting running configurations from device list, please wait...
Accessing and collecting running configurations from device list, please wait...
Accessing and collecting running configurations from device list, please wait...
Accessing and collecting running configurations from device list, please wait...
Accessing and collecting running configurations from device list, please wait...
Accessing and collecting running configurations from device list, please wait...
Accessing and collecting running configurations from device list, please wait...
Accessing and collecting running configurations from device list, please wait...
Accessing and collecting running configurations from device list, please wait...
Accessing and collecting running configurations from device list, please wait...
Accessing and collecting running configurations from device list, please wait...
Accessing and collecting running configurations from device list, please wait...
Accessing and collecting running configurations from device list, please wait...
Accessing and collecting running configurations from device list, please wait...
Accessing and collecting running configurations from device list, please wait...
Accessing and collecting running configurations from device list, please wait...
Accessing and collecting running configurations from device list, please wait...
Accessing and collecting running configurations from device list, please wait...
Accessing and collecting running configurations from device list, please wait...
Accessing and collecting running configurations from device list, please wait...
Accessing and collecting running configurations from device list, please wait...
--- Execution Report ---
Execution time: 66.5942587852478 seconds
Successful Devices:
- a_rtr_rjo_0103
- a_rtr_rjo_0201
- a_rtr_rjo_0501
- a_rtr_rjo_0109
- a_rtr_rjo_0801
- a_rtr_rjo_0401
- a_rtr_rjo_0701
- a_rtr_rjo_0301
- a_rtr_rjo_1001
- a_rtr_rjo_0901
- a_rtr_rjo_1101
- a_rtr_rjo_1201
- a_rtr_cas_0101
- a_sw_cdp_0101
- a_rtr_lim_0101
- a_sw_bre_out
- a_sw_cas_0201
- a_sw_poa_0101
- a_sw_poa_0201
- a_sw_lra_out
- a_sw_bre_top
- b_bng_bre_02
- b_bng_poa_01
- c-rtr_rjo_01
- b_bng_rjo02
- c-rtr_poa_01
- c-rtr_bre_junos
Failed Devices:
What does get-customer-prefixes do?
This script extends the functionality of the get-as-set.py script. Its main purpose is to fetch registry details from two data sources: PeeringDB and RADB. The output from both sources is displayed upon execution.
Starting with the PeeringDB component, we're particularly interested in the IRR as-set/route-set field. The get_peeringdb_data function retrieves all data related to the provided ASN. The main function then captures the corresponding IRR field value into the irr_as_set, while the as_set variable stores this information.
The check_as_set_existence function verifies that the IRR as-set returned by PeeringDB actually exists, using the Whois tool for this check.
Next, the script uses the bgpq3 utility to extract all IPv4 and IPv6 prefixes from that AS-SET. It does this recursively until it captures every known route object from that cone.
Finally, the script displays the results on the screen.
This script is versatile and can be modified to feed its output into other functions in different scripts. This allows the automation of several tasks, especially those related to generating routing policies and prefix lists for routing security in Autonomous Systems. It's quite useful!
How does it work?
It's fairly simple:
python3 get-customer-prefixes.py -h
usage: get-customer-prefixes.py [-h] asn
This script uses PeeringDB and whois (RADB) data sources, along with bgpq3, to obtain customer IPv4 and IPv6 prefix information.
positional arguments:
asn ASN number without the "AS" prefix.
options:
-h, --help show this help message and exit
Example:
python3 get-customer-prefixes.py 27720
Details of ASN in PeeringDB:
Organization: Citta Telecom
Company Website: http://www.cittatelecom.com.br/
ASN: AS27720
IRR as-set/route-set: AS-CITTA-ALL
Route Server URL: http://bgpview.cittatelecom.com.br:3000/
Looking Glass URL: http://lg.cittatelecom.com.br
Network Type: NSP
IPv4 Prefixes: True
IPv6 Prefixes: True
Geographic Scope: South America
Protocols Supported: IPv6 & IPv4
Last Updated: 2022-07-27T05:33:55Z
Whois data for AS-CITTA-ALL:
as-set: AS-CITTA-ALL
descr: CITTA TELECOM main as-set
members: AS-CITTA # Citta own networks
members: AS-CITTA-CUSTOMERS # Citta customer cone
admin-c: Paulo Junior
tech-c: Alexander Victorino
remarks: *****************************************************
This as-set binds two other as-sets on RADB:
Our customers (AS-CITTA-CUSTOMERS).
Our own networks (AS-CITTA).
*****************************************************
mnt-by: MAINT-AS27720
changed: [email protected] 20200921 #02:39:54Z
source: RADB
last-modified: 2024-04-09T01:00:05Z
IPv4 prefixes derived from AS-SET:
45.171.172.0/22
45.171.175.0/24
45.186.176.0/23
45.186.176.0/24
45.186.177.0/24
(...output suppressed for brevity...)
IPv6 prefixes derived from the AS-SET:
2801:80:8b0::/48
2801:80:1370::/48
2804:3e0::/32
(...output suppressed for brevity...)
What does generate-routingpolicy-prefixes do?
This script is quite handy for the automation process of creating AS-Path lists and route filter lists or prefix lists in various syntaxes. Its usefulness is primarily evident when dealing with tasks that require the enforcement of routing security practices. These practices are typically covered by the Mutually Agreed Norms for Routing Security (MANRS) and other related Best Current Practices (BCPs). Organizations operating Autonomous Systems can use this script to ensure a more secure and efficient routing security environment. This not only aids in maintaining the AS's integrity but also contributes to a smoother operation within the organization.
This script requires the BGPq3 in order to generate the configurations.
When executing, the operator must provide three arguments: ASN, AS-SET, and CUSTOMERNAME. Given this information, the script expands the AS-SET argument to extract all IPv4 and IPv6 prefixes from the identified AS-SET members in the cone. It then generates the corresponding configuration files locally in the generated_prefixes folder.
The meaningful file names can be invoked by other scripts to apply their content to network devices. This can assist in achieving automation objectives. You might consider modifying the script to include more precise logic that generates files specifically for a certain device type, like Juniper Junos. The possibilities are endless.
How does it work?
You must pass three arguments to the script: the ASN, the AS-SET, the CUSTOMERNAME.
python generate-routingpolicy-prefixes.py -h
usage: generate-routingpolicy-prefixes.py [-h] asn as_set customer_name
Generate network configurations from AS-SET and ASN details. This script is designed to help network engineers quickly and easily generate IPv4 and IPv6 prefix-lists, prefix-sets, route-filter-sets, and IP AS-Path access-lists in multivendor environments. It supports the syntax of Cisco IOS, Cisco IOS XE, Cisco IOS XR, Huawei (including XPL), and Nokia SR but it can be easily extended to support other syntaxes as well. It requires bgpq3 in order to produce both the IPv4/6 prefix lists and AS-Path access-lists.
positional arguments:
asn Autonomous System Number (ASN).
as_set AS-SET to use for expanding IP prefixes.
customer_name Customer name for file and prefix naming.
options:
-h, --help show this help message and exit
Example usage: python generate-routingpolicy-prefixes.py 16509 AS16509:AS-AMAZON AMAZON
The script in action:
network-automation-env ~/Documents/code/pyscripts/sandbox/Network-Automation/generate-routingpolicy-prefixes git:(main)±1
python generate-routingpolicy-prefixes.py 28260 AS-ALTAREDE ALTAREDE
IPv4 commands for cisco_xe written to generated_prefixes/AS28260:ALTAREDE_cisco_xe_ipv4.txt
IPv6 commands for cisco_xe written to generated_prefixes/AS28260:ALTAREDE_cisco_xe_ipv6.txt
IPv4 commands for cisco_xr written to generated_prefixes/AS28260:ALTAREDE_cisco_xr_ipv4.txt
IPv6 commands for cisco_xr written to generated_prefixes/AS28260:ALTAREDE_cisco_xr_ipv6.txt
IPv4 commands for juniper_junos written to generated_prefixes/AS28260:ALTAREDE_juniper_junos_ipv4.txt
IPv6 commands for juniper_junos written to generated_prefixes/AS28260:ALTAREDE_juniper_junos_ipv6.txt
IPv4 commands for huawei_vrp written to generated_prefixes/AS28260:ALTAREDE_huawei_vrp_ipv4.txt
IPv6 commands for huawei_vrp written to generated_prefixes/AS28260:ALTAREDE_huawei_vrp_ipv6.txt
IPv4 commands for huawei_vrp_xpl written to generated_prefixes/AS28260:ALTAREDE_huawei_vrp_xpl_ipv4.txt
IPv6 commands for huawei_vrp_xpl written to generated_prefixes/AS28260:ALTAREDE_huawei_vrp_xpl_ipv6.txt
IPv4 commands for nokia_sros written to generated_prefixes/AS28260:ALTAREDE_nokia_sros_ipv4.txt
IPv6 commands for nokia_sros written to generated_prefixes/AS28260:ALTAREDE_nokia_sros_ipv6.txt
cisco_xe AS-path commands written to generated_prefixes/AS28260:ALTAREDE_cisco_xe_aspath.txt
cisco_xr AS-path commands written to generated_prefixes/AS28260:ALTAREDE_cisco_xr_aspath.txt
juniper_junos AS-path commands written to generated_prefixes/AS28260:ALTAREDE_juniper_junos_aspath.txt
huawei_vrp AS-path commands written to generated_prefixes/AS28260:ALTAREDE_huawei_vrp_aspath.txt
nokia_sros AS-path commands written to generated_prefixes/AS28260:ALTAREDE_nokia_sros_aspath.txt
network-automation-env ~/Documents/code/pyscripts/sandbox/Network-Automation/generate-routingpolicy-prefixes git:(main)±2
tree
.
├── generate-routingpolicy-prefixes.py
└── generated_prefixes
├── AS28260:ALTAREDE_cisco_xe_aspath.txt
├── AS28260:ALTAREDE_cisco_xe_ipv4.txt
├── AS28260:ALTAREDE_cisco_xe_ipv6.txt
├── AS28260:ALTAREDE_cisco_xr_aspath.txt
├── AS28260:ALTAREDE_cisco_xr_ipv4.txt
├── AS28260:ALTAREDE_cisco_xr_ipv6.txt
├── AS28260:ALTAREDE_huawei_vrp_aspath.txt
├── AS28260:ALTAREDE_huawei_vrp_ipv4.txt
├── AS28260:ALTAREDE_huawei_vrp_ipv6.txt
├── AS28260:ALTAREDE_huawei_vrp_xpl_ipv4.txt
├── AS28260:ALTAREDE_huawei_vrp_xpl_ipv6.txt
├── AS28260:ALTAREDE_juniper_junos_aspath.txt
├── AS28260:ALTAREDE_juniper_junos_ipv4.txt
├── AS28260:ALTAREDE_juniper_junos_ipv6.txt
├── AS28260:ALTAREDE_nokia_sros_aspath.txt
├── AS28260:ALTAREDE_nokia_sros_ipv4.txt
└── AS28260:ALTAREDE_nokia_sros_ipv6.txt
2 directories, 18 files
mac-finder
Simply provide the target MAC address, and it will be checked against Wireshark's Manufacturer's database.
python mac-finder.py -h
__ __ _ ____ _____ ___ _ _ ____ _____ ____
| \/ | / \ / ___| | ___|_ _| \ | | _ \| ____| _ \
| |\/| | / _ \| | | |_ | || \| | | | | _| | |_) |
| | | |/ ___ \ |___ | _| | || |\ | |_| | |___| _ <
|_| |_/_/ \_\____| |_| |___|_| \_|____/|_____|_| \_\
usage: mac-finder.py [-h] mac
MAC Address Vendor Finder
positional arguments:
mac MAC address to find the vendor for
options:
-h, --help show this help message and exit
python mac-finder.py 10b3.d606.1f4f
__ __ _ ____ _____ ___ _ _ ____ _____ ____
| \/ | / \ / ___| | ___|_ _| \ | | _ \| ____| _ \
| |\/| | / _ \| | | |_ | || \| | | | | _| | |_) |
| | | |/ ___ \ |___ | _| | || |\ | |_| | |___| _ <
|_| |_/_/ \_\____| |_| |___|_| \_|____/|_____|_| \_\
--------------------------------------------------
Querying MAC address vendor for: 10:b3:d6:06:1f:4f from Source: 192.168.0.38 by user: root
Query started at: 2024-05-27 22:05:41.889851
--------------------------------------------------
MAC Address: 10:b3:d6:06:1f:4f Vendor: Cisco
--------------------------------------------------
Query completed in: 0:00:01.761978
--------------------------------------------------
port-scanner
Simply provide the target IPv4 or IPv6 address and the program will return the open ports, displaying related services when known. Using the --check-iana option enables a check for the service on IANA's website, potentially reducing the number of “unknown” returns. Including the --udp option allows for UDP port scanning, though its effectiveness may be limited.
python port-scanner.py -h
____ ___ ____ _____ ____ ____ _ _ _ _ _ _____ ____
| _ \ / _ \| _ \_ _| / ___| / ___| / \ | \ | | \ | | ____| _ \
| |_) | | | | |_) || | \___ \| | / _ \ | \| | \| | _| | |_) |
| __/| |_| | _ < | | ___) | |___ / ___ \| |\ | |\ | |___| _ <
|_| \___/|_| \_\|_| |____/ \____/_/ \_\_| \_|_| \_|_____|_| \_\
usage: port-scanner.py [-h] [--udp] [--check-iana] target
Port Scanner
positional arguments:
target Target IP address or hostname
options:
-h, --help show this help message and exit
--udp Include UDP ports in the service discovery
--check-iana Check IANA for service names and port numbers
python port-scanner.py 192.168.0.1 --udp --check-iana
____ ___ ____ _____ ____ ____ _ _ _ _ _ _____ ____
| _ \ / _ \| _ \_ _| / ___| / ___| / \ | \ | | \ | | ____| _ \
| |_) | | | | |_) || | \___ \| | / _ \ | \| | \| | _| | |_) |
| __/| |_| | _ < | | ___) | |___ / ___ \| |\ | |\ | |___| _ <
|_| \___/|_| \_\|_| |____/ \____/_/ \_\_| \_|_| \_|_____|_| \_\
--------------------------------------------------
Scanning Target: 192.168.0.1 from Source: 192.168.0.38 by user: test
Scanning started at: 2024-05-27 22:06:22.904842
--------------------------------------------------
Port 80/tcp is open (http)
Port 53/tcp is open (domain)
Port 5422/tcp is open (salient-mux)
Port 49152/tcp is open (Unknown)
--------------------------------------------------
Scanning completed in: 0:00:11.336321
--------------------------------------------------
What does generate-routingpolicy-prefixes do?
python3 get-aggregates.py --h
ok | at 21:14:17
usage: get-aggregates.py [-h] --input INPUT [--output OUTPUT] (--4 | --6) [--agg AGG]
Parse BGP neighbor output and summarize advertised prefixes.
options:
-h, --help show this help message and exit
--input INPUT Input file containing the BGP output (any extension)
--output OUTPUT Optional output file to write the results
--4 Process IPv4 prefixes
--6 Process IPv6 prefixes
--agg AGG Optional custom aggregation prefix length. For example, --agg 24 will aggregate into /24s. If not provided, for IPv4 the defaults are /8, /16, and /19.