Friday, October 18, 2019

get_l3_facts.py - when you can't 100% trust IPAM, get your layer 3 facts straight from the source

Retooling some firewall policies, I needed a 100% accurate list of all addresses/networks in use.

Our IPAM has come a long way from Excel, but after finding a few discrepancies, decided it's not yet reliable enough.

Next idea: NPM (solarwinds). The SQL-like syntax makes queries super easy, but its data is limited to managed interfaces. Which they all should be, but as with IPAM, that's not 100% reliable (yet).

In the end, the only 100% accurate source available to me: the devices themselves.

At first I thought about trying out ansible, a great chance to kick the tires, right? But for some reason, my brain refuses to wrap itself around that approach. I have it built up in my head as this monster of a learning curve, fraught with unnecessary complexity and overhead--which I'm sure it's not--but, I don't have the time to sort that out for this project. So I reached for what I know and love: python.

Reflexes said "netmiko," but realized the NAPALM library does most of the heavy lifting already. Combining the output of `get_interfaces()` and `get_interfaces_ip()` into my preferred data structure proved the most difficult part, and there's plenty of room for improvement (maybe pandas?), but the results work well for my needs.

I can now query an arbitrary list of devices, getting 100% reliable L3 facts, and save the results as CSV!

https://github.com/austind/get_l3_facts



No comments:

Post a Comment