search

networktocode / ntc-templates

TextFSM templates for parsing show commands of network devices
https://ntc-templates.readthedocs.io/
Other
1.11k stars 729 forks source link

cisco_asa_show_interface does not support Virtual Tunnel Interfaces #910

Closed AJatCDW closed 4 months ago

AJatCDW commented 3 years ago
ISSUE TYPE
TEMPLATE USING

cisco_asa_show_interface.textfsm

Value Required INTERFACE (\S+)
Value INTERFACE_ZONE (.+?)
Value LINK_STATUS (.+?)
Value PROTOCOL_STATUS (.*)
Value HARDWARE_TYPE ([\w ]+)
Value BANDWIDTH (\d+\s+\w+)
Value DELAY (\d+\s+\w+)
Value DUPLEX (\w+\-\w+)
Value SPEED (\d+\w+\s\w+)
Value DESCRIPTION (.*)
Value ADDRESS ([a-zA-Z0-9]+.[a-zA-Z0-9]+.[a-zA-Z0-9]+)
Value MTU (\d+)
Value IP_ADDRESS (\d+\.\d+\.\d+\.\d+)
Value NET_MASK (\d+\.\d+\.\d+\.\d+)
Value ONEMIN_IN_PPS (\d+)
Value ONEMIN_IN_RATE (\d+)
Value ONEMIN_OUT_PPS (\d+)
Value ONEMIN_OUT_RATE (\d+)
Value ONEMIN_DROP_RATE (\d+)
Value FIVEMIN_IN_PPS (\d+)
Value FIVEMIN_IN_RATE (\d+)
Value FIVEMIN_OUT_PPS (\d+)
Value FIVEMIN_OUT_RATE (\d+)
Value FIVEMIN_DROP_RATE (\d+)

Start
  ^.*Interface\s+ -> Continue.Record
  ^.*Interface\s+${INTERFACE}\s+"${INTERFACE_ZONE}",\s+is\s+${LINK_STATUS},.*protocol\s+is\s+${PROTOCOL_STATUS}
  ^.*Interface\s+${INTERFACE}.*is\s+${LINK_STATUS},.*protocol\s+is\s+${PROTOCOL_STATUS}
  ^\s+Hardware\s+is\s+${HARDWARE_TYPE} -> Continue
  ^.*BW\s+${BANDWIDTH},\s+DLY\s+${DELAY}
  ^.*\(${DUPLEX}\),\s+Auto-Speed\(${SPEED}\)
  ^.*\(${DUPLEX}\),\s+\d+\s+Mbps\(${SPEED}\)
  ^.*Duplex,\s+Auto-Speed
  ^.*Description:\s+${DESCRIPTION}
  ^.*MAC\s+address\s+${ADDRESS},\s+MTU\s+${MTU}
  ^.*MAC\s+address\s+${ADDRESS},\s+MTU\s+not\s+set
  ^.*IP\s+address\s+${IP_ADDRESS},\s+subnet\s+mask\s+${NET_MASK}
  ^.*1\s+minute\s+input\s+rate\s+${ONEMIN_IN_PPS}\s+pkts/sec,\s+${ONEMIN_IN_RATE}\s+bytes/sec
  ^.*1\s+minute\s+output\s+rate\s+${ONEMIN_OUT_PPS}\s+pkts/sec,\s+${ONEMIN_OUT_RATE}\s+bytes/sec
  ^.*1\s+minute\s+drop\s+rate,\s+${ONEMIN_DROP_RATE}
  ^.*5\s+minute\s+input\s+rate\s+${FIVEMIN_IN_PPS}\s+pkts/sec,\s+${FIVEMIN_IN_RATE}\s+bytes/sec
  ^.*5\s+minute\s+output\s+rate\s+${FIVEMIN_OUT_PPS}\s+pkts/sec,\s+${FIVEMIN_OUT_RATE}\s+bytes/sec
  ^.*5\s+minute\s+drop\s+rate,\s+${FIVEMIN_DROP_RATE}
  ^.*Input\s+flow\s+control\s+is\s+unsupported,\s+output\s+flow\s+control\s+is\s+off
  ^.*\d+\s+packets\s+input,\s+\d+\s+bytes,\s+\d+\s+no\s+buffer
  ^.*Received\s+\d+\s+broadcasts,\s+\d+\s+runts,\s+\d+\s+giants
  ^.*\d+\s+input\s+errors,\s+\d+\s+CRC,\s+\d+\s+frame,\s+\d+\s+overrun,\s+\d+\s+ignored,\s+\d+\s+abort
  ^.*\d+\s+pause\s+input,\s+\d+\s+resume\s+input
  ^.*\d+\s+L2\s+decode\s+drops
  ^.*\d+\s+packets\s+output,\s+\d+\s+bytes,\s+\d+\s+underruns
  ^.*\d+\s+pause\s+output,\s+\d+\s+resume\s+output
  ^.*\d+\s+output\s+errors,\s+\d+\s+collisions,\s+\d+\s+interface\s+resets
  ^.*\d+\s+late\s+collisions,\s+\d+\s+deferred
  ^.*\d+\s+input\s+reset\s+drops,\s+\d+\s+output\s+reset\s+drops
  ^.*input\s+queue\s+\(blocks\s+free\s+curr\/low\):\s+hardware\s+\(\d+\/\d+\)
  ^.*output\s+queue\s+\(blocks\s+free\s+curr\/low\):\s+hardware\s+\(\d+\/\d+\)
  ^.*Traffic\s+Statistics\s+for\s+".+?":
  ^.*\d+\s+packets\s+input,\s+\d+\s+bytes
  ^.*\d+\s+packets\s+output,\s+\d+\s+bytes
  ^.*\d+\s+packets\s+dropped
  ^.*Management-only\sinterface\.\s+Blocked\s+\d+\s+through-the-device\s+packets
  ^.*Input\s+flow\s+control\s+is\s+unsupported,\s+output\s+flow\s+control\s+is\s+unsupported
  ^.*Available\s+but\s+not\s+configured\s+via\s+nameif
  ^.*IP\s+address\s+unassigned
  ^\s*$$
  ^. -> Error
SAMPLE COMMAND OUTPUT
Interface Tunnel10 "VPN-HQ", is up, line protocol is up
  Hardware is Virtual Tunnel    MAC address N/A, MTU 1400
        IP address X.X.X.X, subnet mask 255.255.255.0
  Tunnel Interface Information:
        Source interface: Outside       IP address: X.X.X.X
        Destination IP address: X.X.X.X
        Mode: ipsec ipv4        IPsec profile: VPN-HQ-PROFILE
SUMMARY

I am trying to grab the interface information from a Cisco 5515 ASA. The physical interfaces (Gigabit and Management) seem to work as expected, however this ASA has Virtual Tunnel Interfaces (VTI) configured and the output is quite different from output of a physical interface.

STEPS TO REPRODUCE
#!/usr/bin/env python3

from pprint import pprint
import textfsm

asa_shoint = """
Interface Tunnel10 "VPN-HQ", is up, line protocol is up
  Hardware is Virtual Tunnel    MAC address N/A, MTU 1400
        IP address X.X.X.X, subnet mask 255.255.255.0
  Tunnel Interface Information:
        Source interface: Outside       IP address: X.X.X.X
        Destination IP address: X.X.X.X
        Mode: ipsec ipv4        IPsec profile: VPN-HQ-PROFILE
"""

with open('../templates/cisco_asa_show_interface.textfsm') as template:
    fsm = textfsm.TextFSM(template)
    result = fsm.ParseText(asa_shoint)

print(fsm.header)
pprint(result)
EXPECTED RESULTS

Expect the template to not error out when having to deal with VTIs, but given the fact that they are so different from physical interfaces I don't see how this template would work for those virtual interfaces.

ACTUAL RESULTS
textfsm.parser.TextFSMError: State Error raised. Rule Line: 67. Input Line:   Hardware is Virtual Tunnel    MAC address N/A, MTU 1400
kgrahamjr commented 3 years ago

Another bug in "cisco_asa_show_interface.textfsm" is that it is missing support for sub-interfaces and the VLAN tag specifically.

TextFSM error message:

raise TextFSMError('State Error raised. Rule Line: %s. Input Line: %s'
textfsm.parser.TextFSMError: State Error raised. Rule Line: 66. Input Line:     VLAN identifier 11

EXAMPLE OUTPUT:

Interface GigabitEthernet0/3 "TRUNK", is up, line protocol is up
  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
        Auto-Duplex(Full-duplex), Auto-Speed(1000 Mbps)
        Input flow control is unsupported, output flow control is off
        Description: Guest Trunk ports
        MAC address 0000.0c03.0303, MTU 1500
        IP address unassigned
        859305307 packets input, 212023201961 bytes, 0 no buffer
        Received 207223704 broadcasts, 0 runts, 0 giants
        73 input errors, 0 CRC, 0 frame, 73 overrun, 0 ignored, 0 abort
        0 pause input, 0 resume input
        203976621 L2 decode drops
        1037190579 packets output, 1146314835358 bytes, 0 underruns
        0 pause output, 0 resume output
        0 output errors, 0 collisions, 1 interface resets
        0 late collisions, 0 deferred
        0 input reset drops, 0 output reset drops, 0 tx hangs
        input queue (blocks free curr/low): hardware (255/230)
        output queue (blocks free curr/low): hardware (255/94)
  Traffic Statistics for "TRUNK":
        12145268 packets input, 2221423308 bytes
        0 packets output, 0 bytes
        10926568 packets dropped
      1 minute input rate 0 pkts/sec,  59 bytes/sec
      1 minute output rate 0 pkts/sec,  0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec,  272 bytes/sec
      5 minute output rate 0 pkts/sec,  0 bytes/sec
      5 minute drop rate, 0 pkts/sec
Interface GigabitEthernet0/3.11 "CLIENT", is up, line protocol is up
  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
        VLAN identifier 11
        MAC address 0000.0c03.0303, MTU 1500
        IP address 192.168.11.1, subnet mask 255.255.255.0
  Traffic Statistics for "CLIENT":
        33715 packets input, 2971793 bytes
        35457 packets output, 2398566 bytes
        4953 packets dropped
Interface GigabitEthernet0/3.33 "IoT", is up, line protocol is up
  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
        VLAN identifier 33
        MAC address 0000.0c03.0303, MTU 1500
        IP address 192.168.33.1, subnet mask 255.255.255.0
  Traffic Statistics for "IoT":
        3566101 packets input, 760125916 bytes
        4135549 packets output, 530683622 bytes
        1719033 packets dropped
Interface GigabitEthernet0/3.99 "Guest", is up, line protocol is up
  Hardware is i82546GB rev03, BW 1000 Mbps, DLY 10 usec
        VLAN identifier 99
        MAC address 0000.0c03.0303, MTU 1500
        IP address 192.168.0.1, subnet mask 255.255.255.0
  Traffic Statistics for "Guest":
        3566101 packets input, 760125916 bytes
        4135549 packets output, 530683622 bytes
        1719033 packets dropped
mjbear commented 4 months ago

cisco_asa_show_interface.textfsm

@AJatCDW VTI support added via PR #1288

@kgrahamjr VLAN support added via PR #1002 (If there is still a bug with VLAN support, please open an issue and include current raw output [so I'm working off the latest]. I'm a volunteer, but with that output I can work up a PR with fixes.)