Retooling some firewall policies, I needed a 100% accurate list of all addresses/networks in use.
Our IPAM has come a long way from Excel, but after finding a few discrepancies, decided it's not yet reliable enough.
Next idea: NPM (solarwinds). The SQL-like syntax makes queries super easy, but its data is limited to managed interfaces. Which they all should be, but as with IPAM, that's not 100% reliable (yet).
In the end, the only 100% accurate source available to me: the devices themselves.
At first I thought about trying out ansible, a great chance to kick the tires, right? But for some reason, my brain refuses to wrap itself around that approach. I have it built up in my head as this monster of a learning curve, fraught with unnecessary complexity and overhead--which I'm sure it's not--but, I don't have the time to sort that out for this project. So I reached for what I know and love: python.
Reflexes said "netmiko," but realized the NAPALM library does most of the heavy lifting already. Combining the output of `get_interfaces()` and `get_interfaces_ip()` into my preferred data structure proved the most difficult part, and there's plenty of room for improvement (maybe pandas?), but the results work well for my needs.
I can now query an arbitrary list of devices, getting 100% reliable L3 facts, and save the results as CSV!
No comments:
Post a Comment