Skip to content

Instantly share code, notes, and snippets.

@Tachashi

Tachashi/Extract node properties and validate NTP server configuration by Batfish.ipynb

Created December 1, 2018 15:01
Show Gist options
  • Save Tachashi/c4089d27af0249c507d2a3b21c7ce089 to your computer and use it in GitHub Desktop.
Save Tachashi/c4089d27af0249c507d2a3b21c7ce089 to your computer and use it in GitHub Desktop.
Download ZIP
Display the source blob
Display the rendered blob
Raw
Extract node properties and validate NTP server configuration by Batfish.ipynb
{
"cells": [
{
"cell_type": "code",
"execution_count": 1,
"metadata": {},
"outputs": [],
"source": [
"# Pybatfishをインポート\n",
"from pybatfish.client.commands import *\n",
"from pybatfish.question.question import load_questions, list_questions\n",
"from pybatfish.question import bfq\n",
"\n",
"import pprint"
]
},
{
"cell_type": "code",
"execution_count": 2,
"metadata": {},
"outputs": [
{
"name": "stderr",
"output_type": "stream",
"text": [
"Successfully loaded 42 questions from remote\n"
]
}
],
"source": [
"# questionテンプレートをBatfishサービスからPybatfishへロード\n",
"load_questions()"
]
},
{
"cell_type": "code",
"execution_count": 3,
"metadata": {},
"outputs": [
{
"name": "stderr",
"output_type": "stream",
"text": [
"status: TRYINGTOASSIGN\n",
".... no task information\n",
"status: TERMINATEDNORMALLY\n",
".... Sat Dec 1 14:18:43 2018 UTC Deserializing objects of type 'org.batfish.datamodel.Configuration' from files 7 / 7\n",
"Default snapshot is now set to ss_9e06ace5-efbd-4563-b2fd-4c7135f82975\n"
]
},
{
"data": {
"text/plain": [
"'ss_9e06ace5-efbd-4563-b2fd-4c7135f82975'"
]
},
"execution_count": 3,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"# config等のスナップショットを保管したパスを指定し、読み込みを実施\n",
"SNAPSHOT_PATH = \"networks/branch\"\n",
"bf_init_snapshot(SNAPSHOT_PATH)"
]
},
{
"cell_type": "code",
"execution_count": 4,
"metadata": {},
"outputs": [
{
"name": "stderr",
"output_type": "stream",
"text": [
"status: TRYINGTOASSIGN\n",
".... no task information\n",
"status: CHECKINGSTATUS\n",
".... Sat Dec 1 14:18:48 2018 UTC Begin job\n",
"status: TERMINATEDNORMALLY\n",
".... Sat Dec 1 14:18:48 2018 UTC Begin job\n"
]
},
{
"name": "stdout",
"output_type": "stream",
"text": [
"[{'AS_Path_Access_Lists': [],\n",
" 'Authentication_Key_Chains': [],\n",
" 'Canonical_IP': '1.1.1.1',\n",
" 'Community_Lists': [],\n",
" 'Configuration_Format': 'CISCO_IOS',\n",
" 'DNS_Servers': [],\n",
" 'DNS_Source_Interface': None,\n",
" 'Default_Cross_Zone_Action': 'PERMIT',\n",
" 'Default_Inbound_Action': 'PERMIT',\n",
" 'Device_Type': 'ROUTER',\n",
" 'Domain_Name': 'hqborder2',\n",
" 'Hostname': 'hqborder2',\n",
" 'IKE_Gateways': [],\n",
" 'IKE_Policies': [],\n",
" 'IP6_Access_Lists': [],\n",
" 'IPSec_Policies': [],\n",
" 'IPSec_Proposals': [],\n",
" 'IPSec_Vpns': [],\n",
" 'IP_Access_Lists': ['100', '101'],\n",
" 'IP_Spaces': [],\n",
" 'Interfaces': ['Vlan1',\n",
" 'FastEthernet0',\n",
" 'FastEthernet1',\n",
" 'FastEthernet2',\n",
" 'BRI0',\n",
" 'FastEthernet7',\n",
" 'FastEthernet8',\n",
" 'FastEthernet9',\n",
" 'FastEthernet3',\n",
" 'FastEthernet4',\n",
" 'Loopback0',\n",
" 'Tunnel1',\n",
" 'FastEthernet5',\n",
" 'Vlan203',\n",
" 'FastEthernet6'],\n",
" 'Logging_Servers': ['192.168.100.107'],\n",
" 'Logging_Source_Interface': None,\n",
" 'NTP_Servers': ['192.168.100.44'],\n",
" 'NTP_Source_Interface': None,\n",
" 'Node': {'id': 'node-hqborder2', 'name': 'hqborder2'},\n",
" 'Route6_Filter_Lists': [],\n",
" 'Route_Filter_Lists': [],\n",
" 'Routing_Policies': ['~EIGRP_EXPORT_POLICY:default:1~'],\n",
" 'SNMP_Source_Interface': None,\n",
" 'SNMP_Trap_Servers': ['192.168.100.107'],\n",
" 'TACACS_Servers': [],\n",
" 'TACACS_Source_Interface': None,\n",
" 'VRFs': ['default'],\n",
" 'Vendor_Family': 'CISCO',\n",
" 'Zones': []}]\n"
]
}
],
"source": [
"# ノード\"hqborder2\"のプロパティ情報を抽出&出力\n",
"node_properties = bfq.nodeProperties(nodes=\"hqborder2\").answer()\n",
"pprint.pprint(node_properties.rows)"
]
},
{
"cell_type": "code",
"execution_count": 5,
"metadata": {},
"outputs": [
{
"name": "stderr",
"output_type": "stream",
"text": [
"status: TRYINGTOASSIGN\n",
".... no task information\n",
"status: TERMINATEDNORMALLY\n",
".... Sat Dec 1 14:18:52 2018 UTC Begin job\n"
]
},
{
"data": {
"text/html": [
"<div>\n",
"<style scoped>\n",
" .dataframe tbody tr th:only-of-type {\n",
" vertical-align: middle;\n",
" }\n",
"\n",
" .dataframe tbody tr th {\n",
" vertical-align: top;\n",
" }\n",
"\n",
" .dataframe thead th {\n",
" text-align: right;\n",
" }\n",
"</style>\n",
"<table border=\"1\" class=\"dataframe\">\n",
" <thead>\n",
" <tr style=\"text-align: right;\">\n",
" <th></th>\n",
" <th>Node</th>\n",
" <th>NTP_Servers</th>\n",
" </tr>\n",
" </thead>\n",
" <tbody>\n",
" <tr>\n",
" <th>0</th>\n",
" <td>hqdist1</td>\n",
" <td>['192.168.100.44']</td>\n",
" </tr>\n",
" <tr>\n",
" <th>1</th>\n",
" <td>brborder1</td>\n",
" <td>['10.10.1.4']</td>\n",
" </tr>\n",
" <tr>\n",
" <th>2</th>\n",
" <td>hqaccess1</td>\n",
" <td>['192.168.100.44']</td>\n",
" </tr>\n",
" <tr>\n",
" <th>3</th>\n",
" <td>brborder2</td>\n",
" <td>['10.10.1.44']</td>\n",
" </tr>\n",
" <tr>\n",
" <th>4</th>\n",
" <td>hqborder1</td>\n",
" <td>['192.168.100.44']</td>\n",
" </tr>\n",
" <tr>\n",
" <th>5</th>\n",
" <td>hqborder2</td>\n",
" <td>['192.168.100.44']</td>\n",
" </tr>\n",
" <tr>\n",
" <th>6</th>\n",
" <td>hqdist2</td>\n",
" <td>['192.168.100.44']</td>\n",
" </tr>\n",
" </tbody>\n",
"</table>\n",
"</div>"
],
"text/plain": [
" Node NTP_Servers\n",
"0 hqdist1 ['192.168.100.44']\n",
"1 brborder1 ['10.10.1.4']\n",
"2 hqaccess1 ['192.168.100.44']\n",
"3 brborder2 ['10.10.1.44']\n",
"4 hqborder1 ['192.168.100.44']\n",
"5 hqborder2 ['192.168.100.44']\n",
"6 hqdist2 ['192.168.100.44']"
]
},
"execution_count": 5,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"# 全ノードのNTPサーバに関するプロパティ情報を抽出&出力\n",
"node_props = bfq.nodeProperties(nodes=\".*\", properties=\"NTP_Servers\").answer().frame()\n",
"node_props"
]
},
{
"cell_type": "code",
"execution_count": 6,
"metadata": {},
"outputs": [
{
"data": {
"text/html": [
"<div>\n",
"<style scoped>\n",
" .dataframe tbody tr th:only-of-type {\n",
" vertical-align: middle;\n",
" }\n",
"\n",
" .dataframe tbody tr th {\n",
" vertical-align: top;\n",
" }\n",
"\n",
" .dataframe thead th {\n",
" text-align: right;\n",
" }\n",
"</style>\n",
"<table border=\"1\" class=\"dataframe\">\n",
" <thead>\n",
" <tr style=\"text-align: right;\">\n",
" <th></th>\n",
" <th>Node</th>\n",
" <th>NTP_Servers</th>\n",
" </tr>\n",
" </thead>\n",
" <tbody>\n",
" <tr>\n",
" <th>1</th>\n",
" <td>brborder1</td>\n",
" <td>['10.10.1.4']</td>\n",
" </tr>\n",
" </tbody>\n",
"</table>\n",
"</div>"
],
"text/plain": [
" Node NTP_Servers\n",
"1 brborder1 ['10.10.1.4']"
]
},
"execution_count": 6,
"metadata": {},
"output_type": "execute_result"
}
],
"source": [
"# NTPサーバ設定のチェック。今回は、指定したNTPサーバの内、少なくとも一つが設定されているかチェック。\n",
"# 指定のNTPサーバを定義。\n",
"ref_ntp_servers = set([\"192.168.100.44\",\"10.10.1.44\"])\n",
"\n",
"# 指定のNTPサーバが設定されていないノードを検出\n",
"ns_violators = node_props[node_props[\"NTP_Servers\"].apply(\n",
" lambda x: len(ref_ntp_servers.intersection(set(x))) == 0)]\n",
"ns_violators"
]
}
],
"metadata": {
"kernelspec": {
"display_name": "Python 3",
"language": "python",
"name": "python3"
},
"language_info": {
"codemirror_mode": {
"name": "ipython",
"version": 3
},
"file_extension": ".py",
"mimetype": "text/x-python",
"name": "python",
"nbconvert_exporter": "python",
"pygments_lexer": "ipython3",
"version": "3.5.2"
}
},
"nbformat": 4,
"nbformat_minor": 2
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment