Basics of running Python scripts from bash shell

Download a nice free open software called ATOM, create a file called text.py

from __future__ import absolute_import, division, print_function

print (‘hello’)

Navigate to the directory that you just created and try to python script:

[delanajero@DELAN Documents]$ python text.py

hello

If you want to run just the script without typing python before the file perform the following:

[delanajero@DELAN Documents]$ chmod +x text.py

  • make sure that the file is executable by adding execute to the file than just read and write.

to verify:

[delanajero@DELAN Documents]$ ls -l

total 4

-rwxrwxr-x. 1 delanajero delanajero 82 Jul 22 21:40 text.py

Include the following command so python would know where to locate the command as a python script:

[delanajero@DELAN Documents]$ PATH=”$(pwd):$PATH”

Add the following to your python script:

#!/usr/bin/env python

Verify:

[delanajero@DELAN Documents]$ text.py

hello

Advertisements

Releasing ports in use in Linux

Have you ever experienced exiting out of an application and you can’t come back to it because the port is already in use. For example doing an iperf and accidentally pressing ctrl+C for some reason which takes you back to the command prompt.

Issuing the iperf -s command would give you an error message saying port is already in use.

Solution is to release the port with the use of lsof.

type: lsof -n -i

This will list down all your active ports and once you’ve found the port you’re after. Kill it with fuser so the format would be:

fuser -k /

Check the screenshot below.

Cisco RV134W Initial Review

We’ll take a look at Cisco’s router line for SMB particularly the RV134V router. First time I heard about the RV line was when I went to a partner select training for Cisco. There seems to be a push on these product line specially for the NBN service, National Broadband Network (NBN) is basically Australia’s fibre national roll-out replacing copper.

Cisco is claiming that this small device is capable of supporting up to NBN’s 100/40 service. That would be amazing considering the features this packs in including wireless, VPN througput of 20Mbps, VDSL2, 4 port-switching, Gigabit-ethernet facing WAN just to name a few. Personally I am just after testing this bad boy if it lives up to its promise of supporting a 100/40 up/down service. As of this writing, I haven’t seen anything on the internet or known anybody who is was able to run this device on their NBN service.

I found out that NBN 100/40 in my area and my company was kind enough to get me an upgrade and I volunteered as the guinea pig to use the RV134V as my home/office router once my NBN is up and running.

While you wait with me getting my NBN provisioned, I will get into unboxing the device.

Thinking it was a mini-proper cisco device, I have connected to it using the console cable and got this. Nothing really helpful in the manual about using the console cable though they did advise to use the wizard. This wasn’t looking promising on the get go…

ssh enable – will enable local lan ssh connection

ssh wan enable – will enable remote ssh connection via WAN connection

ssh show – to verify which ssh options where enabled

Configuring LAN Interface

lan config –ipaddr br0 primary

verify by pinging from a different device on the same lan segment

To know the details dhcp configs on the router

dhcpserver show vlan1

Isn’t really useful or the use of ? when you want to fumble your way to the command.

Thinking it looks like its running on linux that it would accept linux commands like ‘man’ for manual, didn’t like it either.

Disabling DHCP function

lan config –dhcpserver br0 disable

to verify:

dhcpserver show vlan1 and you should see that the dhcpserver function is disabled.

lan show is the equivalnt of show int vlan1 in cisco

WAN

show wan – will show you all the available WAN interfaces on the router

show wan interface – its like show ip interface br for the WAN of some sort.

Connecting to a Cisco device with Netmiko

UPDATE:

If you are installing netmiko on ubuntu, I would recommend to install pip first then install netmiko.

$sudo apt install python-pip

Then once this is done, you can execute:

pip install netmiko

Now lets continue with exploring Netmiko. I don’t intend to write long blogs and will try to keep each one as short as possible. On this blog I will show you how to connect to a cisco device using netmiko, run show commands and execute a command.

The first thing we need to establish is you have to make sure that you can simply reach the device you’re after. A simple icmp test would suffice.

[delanajero@DELAN ~]$ ping 192.168.123.2
PING 192.168.123.2 (192.168.123.2) 56(84) bytes of data.
64 bytes from 192.168.123.2: icmp_seq=1 ttl=255 time=2.52 ms
64 bytes from 192.168.123.2: icmp_seq=2 ttl=255 time=1.73 ms
64 bytes from 192.168.123.2: icmp_seq=3 ttl=255 time=1.75 ms
64 bytes from 192.168.123.2: icmp_seq=5 ttl=255 time=1.75 ms
^C
— 192.168.123.2 ping statistics —
5 packets transmitted, 4 received, 20% packet loss, time 4005ms
rtt min/avg/max/mdev = 1.738/1.942/2.526/0.339 ms
[delanajero@DELAN ~]$

Another test is you should be able to putty into your device using SSH. I will not go into the details as how to setup your device with SSH access.

Once you’ve verified you have reachability and can ssh into it using putty, it is time to access it using netmiko. Run python and make sure you got netmiko’s connecthandler running without issues.

>>> from netmiko import ConnectHandler

Next we’ll provide the details of my device:

>>> platform = ‘cisco_ios’ # this is optional you don’t need to include the platform
>>> host = ‘192.168.123.2’
>>> username = ‘admin’
>>> password = ‘secretpassword’
>>> device = ConnectHandler(device_type=platform, ip=host, username=username, password=password)

From other documentation I have seen, python would display that connection has been established but in my case nothing came up so you might experience the same thing. I take it as long as no error message showed up, you are fine.

Now the fun starts. Let us execute some show commands.

>>> output = device.send_command(‘show version’)
>>> print output

Cisco IOS Software, C800 Software (C800-UNIVERSALK9-M), Version 15.3(3)M5, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Wed 04-Feb-15 11:24 by prod_rel_team

ROM: System Bootstrap, Version 15.4(1r)T1, RELEASE SOFTWARE (fc1)

DELAN_HOME_ROUTER uptime is 19 weeks, 10 hours, 7 minutes
System returned to ROM by power-on
System restarted at 06:53:46 aest Sat Mar 4 2017
System image file is “flash:c800-universalk9-mz.SPA.153-3.M5.bin”
Last reload type: Normal Reload
Last reload reason: power-on

 

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco C887VA-K9 (revision 1.0) with 488524K/35763K bytes of memory.
Processor board ID FGL191XXXXMD
1 DSL controller
1 Ethernet interface
4 FastEthernet interfaces
1 ATM interface
1 Virtual Private Network (VPN) Module
DRAM configuration is 32 bits wide
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash (Read/Write)

 

License Info:

License UDI:

————————————————-
Device# PID SN
————————————————-
*0 C887VA-K9 FGL191XXXXMD

License Information for ‘c800’
License Level: advipservices Type: Default. No valid license found.
Next reboot license Level: advipservices

Configuration register is 0x2102

You simply get the point, basically any command you run inside the single quotes in device.send_command(‘<command here>’) would be executed. This gets passed on to the container named output and with the print command, outputs the results.

>>> device.config_mode()
u’config term\r\nEnter configuration commands, one per line. End with CNTL/Z.\r\nDELAN_HOME_ROUTER(config)#’

>>>
>>> device.config_mode()
u”
>>> device.send_command(‘interface Loopback100’)
u”
>>> device.send_command(‘ip address 1.1.1.1 255.255.255.255′)
u”
>>> device.exit_config_mode()
u’end\r\nDELAN_HOME_ROUTER#’
>>>

Note:

I when using show command I can do short cut commands but when i did the same for going into an interface it gave me an error message:

>>> device.send_command(‘int lo100’)

Traceback (most recent call last):
File “<stdin>”, line 1, in <module>
File “/usr/lib/python2.7/site-packages/netmiko/base_connection.py”, line 811, in send_command
search_pattern))
IOError: Search pattern never detected in send_command_expect: DELAN\_HOME\_ROUTER\(config\)\#

Now let us verify if that went through:

>>> output = device.send_command(‘show run interface lo100’)>>> print output
Building configuration…

Current configuration : 65 bytes
!
interface Loopback100
ip address 1.1.1.1 255.255.255.255
end

>>>

Viola! Pretty simple isn’t it. Ok now, just remember you are still connected to the device. Once you are done testing out some commands, disconnect netmiko from your device with

>>> device.disconnect()

 

Revisiting Python and Netmiko

This weekend I am revisiting python and netmiko. Netmiko is basically a phython library that uses ssh connecting to devices to screen scrape, run show and execute commands (in my case) on Cisco routers and switches. I made a blog about writing a simple 881 config template using Python.

Back then I was using a virtualized ubuntu desktop machine, this time I have managed to score myself a dedicated laptop with fedora installed. Let me remind you I am a beginner-half-ass novice linux user so be forgiving if I might have the wrong way to doing things. You can always comment below and give your thoughts.

The install:

As mentioned I am using a HP ProBook 4560s installed with Fedora 21. Before anything else I had to run an update on it.

from the root:

yum update

from usermode:

pip install update –user

You can then go ahead and install python if it is not yet available on your linux box.

yum install python

To find out the version, just type python. Not only will run phython but one of the first things you’ll see would be the version. On my machine, I am using python 2.7.8. Yes, I am aware of version 3 but I guess I am more comfortable with this one for now.

Now its time to install netmiko.

root:

yum install netmiko

usermode:

pip install netmiko –user

You would know if your netmiko is properly installed if you run python and you issue the command:

Python 2.7.8 (default, Nov 10 2014, 08:19:18)
[GCC 4.9.2 20141101 (Red Hat 4.9.2-1)] on linux2
Type “help”, “copyright”, “credits” or “license” for more information.
>>> from netmiko import ConnectHandler
>>>

and it doesn’t bark back at you with an error message.

 

Cisco ACI Migration training

I am back in Cisco’s headquarter in Sydney for another ACI training. What makes this training different from the previous ones I have attended (so far) in Cisco live Mel and here in Sydney is it a deep dive into the technology and not just being thrown a bunch of marketing jargons and hardware specs. This training is more focused on migrating a customer’s current datacentre infrustruture to ACI or showed I say a brownfield getting into ACI. I could get a lot from this as my company needs to prepare to move its current DC and UCS platform into ACI. One of the things I am after is the multi-site capability which was mentioned in Cisco Live which they promised back then would be released 3rd quarter of 2017.

Training was given by a Cisco partner Nil. Provided us with 336paged manual, which dwafts all the previous training materials I received from previous training and this does not include the lab material itself. Before I get into the meeting of what I’ve learned here are some news about the latest ACI revision they launched at Cisco Live Vegas. ACI 2.3, is not able to support 400 nodes, multi-pod capability rtt over pod-pod link relaxed to 50ms from 10ms but still distance of 500miles. This is probably the main reason why I would wait it out for the multi-site feature that is expected to be released with v 3.0. It is unclear if Cisco will jumped from 2.3 to 3.0, I expect it would be a huge revision specially with the official release of 3.0.

The idea of cloud pod floated, this is the concept where you can deploy leaves of your pod in the cloud like AWS, Azure or some other cloud provider. Participants brought up the question then of virtualizing ACI in gns3 but the trainer clarified that this would not be possible. There is a very expensive simulator that is available but it would not interface with your actual infrustructure. He did hinted though with proper linux know how it can be done.

Cisco will also be integrating more security features into ACI such as basic secuity, security groups and multi-tenancy security. Not really clear if firepower capabilities will be inserted into the leaves I guess we would just have to wait until they make that official announcement.

Another revision in terms of design is you don’t need a full mesh topology wherein in order for ACI to function, each leaf would need a link to a spine, though not really sure what will it be its benefits.

Day 1: Overview of ACI, standard in any training. It was made clear that this course is not for the beginner and you should have atleast professional level understanding of routing and switching and some DC experience/ideas or else anybody will just get lost. This is also suited for participants that have atleast have a previous overview class or have read about ACI because there are a number of new jargons to learn and I myself got so confused when I first encountered them.

What makes this training unique from the previous trainings I have attended is that we were presented with a case study of an actual customer and detailed steps on how they transitioned their company from being a legacy network centric into an application centric datacentre. From learning every detail of the company’s network, building out what it will look like once it is migrated to ACI and the migration and cutover itself.

I brought up the question, since ACI runs the same concept of multi-tenancy, VRFs, BDs and eventually the capability of multi-site, this pretty much behaves like an MPLS network. Is ACI capable of acting as a transit network which will eventually replace MPLS? The instructor’s answer was for now no though there is project GOLF.

As far as ACI multi-site is concern, looks like the plan is a spine or a couple of spines will still be running on nxos, have this spines have an IP transit, in our case through our mpls network. The RTT would not matter anymore however the APIC controller would need to have a point to point separate link between each other. However it is still unclear if this will be a dedicated link that will not go through the fabric.

eBGP peering with a Fortigate 100D

The other day I get to configure a Fortigate 100D via CLI to peer via a Cisco device. Now the requirements are on certain LAN interfaces on the Forti, they are not making full use of the /24 instead they broke it up to /28.

So 3 interfaces on the LAN that would need to advertise 155.1.20-40.0/24 as /24 subnets but are only assigning /28s on the interface itself. Doing this on a Fortigate is not a simple of going into the GUI and clicking your way through it. You’d need to gain CLI access to the device either via its portal or ssh.

From the CLI I would have to aggregate the prefixes into /24 and enable summary only to not advertise the more specific routes.

 

config router bgp
set as 12345
set router-id 155.1.10.2
config aggregate-address
edit 1
set prefix 155.1.20.0 255.255.255.0
set summary-only enable
next
edit 2
set prefix 155.1.30.0 255.255.255.0
set summary-only enable
next
edit 3
set prefix 155.1.40.0 255.255.255.0
set summary-only enable
next
end
config neighbor
edit “155.1.10.2”
set remote-as 12346
set send-community6 disable
next
end