Automate Bulk Routers Configuration

This post basically explains about automating configuration of multiple routers which are in  management. 

There are many ways to login to the routers to perform the auto-configuration, using libraries  like netmiko, paramiko etc…However do check if the platform that you’re using for config automation has the libraries supported for performing such operations.

In my Unix server,  I have the support of telnetlib and Paramiko libraries only, to do Telnet and SSH to the routers.
I have kept separate programs for telnet and SSH to internet routers and IPVPN routers respectively.
However, its possible to make a single program which would be able to perform both but haven’t felt the necessity yet.

+++++++++++++++++
Program 1 :-  I’m going to explain the program in thumbnail step by step.
+++++++++++++++++

Step1:-  These are libraries which serves like function and gives necessary output based on the input we provide in the function.

import telnetlib         << — helps in performing various task to perform in routers like read, write, delay of commands etc.
import getpass          << — helps in holding passwords and take care of its storage.

import sys
import time

Step2:- Used general input command to hold the username of router that you login and getpass library to hold the password.

user = raw_input(“Enter your telnet username:- “)
password = getpass.getpass()

Step3:-  Sys read command will take all the routers IP and place in list. X array hold the IP’s in list.

x = []
IP = sys.stdin.read()
x.extend(IP.strip().split(‘\n’))

Step4:-  Sys read command will take all the config’s line by line and hold in list. Y array hold the config lines.

y = []
Config = sys.stdin.read()
y.extend(Config.strip().split(‘\n’))

Step5:-  There is a Nested ‘FOR’ logic, the 1st ‘FOR’ logic will telnet each IP in the list and 2nd ‘FOR’ will loop to take each line of config and put inside the router until all the lines in the list are done, also it won’t go to the next IP.

for data in x:
          for a in y:

Step6:-  ‘data’ will take each IP and will print as telnet to that IP to show us in which router it is working.
While the prompt for username and prompt is reached, the values will be called to enter for each IP.

print “Telnet to IP Addrecss :- “+ data
try:
t = telnetlib.Telnet(data,23,20)    <<— Its function calling IP in data with port number and timeout delay.
t.read_until(“Username:”)            <<— This read will wait for banner to complete and wait for username prompt.
t.write(user + “\n”)     
if password:
      t.read_until(“Password:”)
      t.write(password + “\n”)

Step7:-  There could be multiple possibilities for not to login, for all such errors you will see this default message as problem to login.

except:
      print “Some issue with login please check “
      pass

Step8:-  Below ‘FOR‘ is nested inside the 1st ‘FOR’ for login to the IP.  This will write through all the lines stored in ‘Y ‘array inside the router.

for a in y:
    t.write(str(a) + ‘\n’)

Step9:-  After write command its good practice to keep a 1 sec delay before exit from router, and read operation will give all the logs in the terminal.

time.sleep(1)
t.write(“exit\n”)
print t.read_all()

Step10 OUTPUT:-  If you see I have placed a inaccessible device IP 8.8.8.8, but still the program by-passes with message and progress till end.
Note:- You have to be careful with the config lines if in case of improper lines would cause issues to all device, hence its advisable to check the operations in 2 routers for testing and perform the same for all.
Note:- I have tested for around 200 devices in one go so far, in putting a common snmp config.

++++++++++++++++++++++
PROGRAM 2:- FOR SSH TO MULTIPLE DEVICES BY USING PARAMIKO LIBRARY
++++++++++++++++++++++

Note:- Uptill step 4 the logic and command lines are same for fetching the input, username and password storage.

The ‘FOR’ Logic makes the difference in here, I will explain through in 3 steps.

Step1:-  The 1st ‘FOR’ logic will take each IP and print will display to which router is logged in to perform configuration.
SSH will form a encrypted line to login, so there is various command/functions to hold the key storage or username.
Timeout of 20sec if not reachable for any reason.

for data in x:
print “SSH to IP Addrecss :- “+ data
try:
remote_conn_pre=paramiko.SSHClient()
remote_conn_pre.set_missing_host_key_policy(paramiko.AutoAddPolicy())
remote_conn_pre.connect(data, port=22, username=user, password=password, timeout – 20, look_for_keys=False, allow_agent=False)

Step2:-  During the login process, if any of the IP is not reachable for any reason then will give this default error comment and progress further.

except:
print “Some issue with login please check “
continue

Step3:-  The 2nd ‘FOR’ Logic is used for putting the configs inside the router in a secure channel.
Interactive SSH session will establish by invoking shell function, ready to receive logs with terminal length 65535.
str a‘ will send each line in the array followed by enter ‘\n’ which is crucial in paramiko and printing the output. Kept some delay between each lines based on bandwidth it varies, followed by command ‘end’ when all lines are executed. Once all lines are done, it will come of this ‘FOR’ loop and move to the 1st ‘FOR’ to fetch 2nd IP and so on.

remote_conn = remote_conn_pre.invoke_shell() remote_conn
output =  remote_conn.recv(65535)
print output 

for a in y:
remote_conn.send(“\n” + str(a) )
time.sleep(.5)
output = remote_conn.recv(65535)
print output
remote_conn.send(“end\n”)
time.sleep(.5)
output = remote_conn.recv(65535)

PROGRAM:-

PROGRAM OUTPUT:- Config handling in paramiko is so tough, I often make a lot of work around to save it.

selvara@nms4:/home/ip-python$ python SSH_BulkChange.py

++++++++++++++++++++++++++++++++++++++++++++++++++++++
Enter your SSH username:- rselvaraj
Password:
Enter the IP’s below and press Ctrl+d
192.168.73.100
192.168.195.15
8.8.8.8
192.168.64.115
^D
Enter the Router Configs below and press Ctrl+d
!
config t
no access-list 20
access-list 20 permit 62.23.19.235
!
Snmp-server view custview mib-2.* included
Snmp-server view custview ciscoEnvMonMIB included
Snmp-server view custview ciscoMgmt.13 included
Snmp-server enable traps envmon
Snmp-server enable traps snmp
!
snmp-server community Ip@Cs!123 view custview RO 20
snmp-server host 62.23.19.235 Ip@Cs!123 envmon snmp
exit
^D
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
SSH to IP Addrecss :- 192.168.73.100
SCO000600#
SCO000600# terminal length 0
SCO000600#
SCO000600#!
SCO000600#config t
Enter configuration commands, one per line. End with CNTL/Z.
SCO000600(config)#no access-list 20
SCO000600(config)#access-list 20 permit 62.23.19.235
SCO000600(config)#!
SCO000600(config)#Snmp-server view custview mib-2.* included
SCO000600(config)#Snmp-server view custview ciscoEnvMonMIB included
SCO000600(config)#Snmp-server view custview ciscoMgmt.13 included
SCO000600(config)#Snmp-server enable traps envmon
SCO000600(config)#Snmp-server enable traps snmp
SCO000600(config)#!
SCO000600(config)#snmp-server community Ip@Cs!123 view custview RO 20
SCO000600(config)#snmp-server host 62.23.19.235 Ip@Cs!123 envmon snmp
SCO000600(config)#exit
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
SSH to IP Addrecss :- 192.168.195.15
BER000965#
BER000965# terminal length 0
BER000965#
BER000965#!
BER000965#config t
Enter configuration commands, one per line. End with CNTL/Z.
BER000965(config)#no access-list 20
BER000965(config)#access-list 20 permit 62.23.19.235
BER000965(config)#!
BER000965(config)#Snmp-server view custview mib-2.* included
BER000965(config)#Snmp-server view custview ciscoEnvMonMIB included
%Bad OID
BER000965(config)#Snmp-server view custview ciscoMgmt.13 included
BER000965(config)#Snmp-server enable traps envmon
^
% Invalid input detected at ‘^’ marker.
BER000965(config)#Snmp-server enable traps snmp
BER000965(config)#!
BER000965(config)#snmp-server community Ip@Cs!123 view custview RO 20
BER000965(config)#snmp-server host 62.23.19.235 Ip@Cs!123 envmon snmp
^
% Invalid input detected at ‘^’ marker.
BER000965(config)#exit
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
SSH to IP Addrecss :- 8.8.8.8
Some issue with login please check
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
SSH to IP Addrecss :- 192.168.64.115
TRN008836#
TRN008836# terminal length 0
TRN008836#
TRN008836#!
TRN008836#config t
Enter configuration commands, one per line. End with CNTL/Z.
TRN008836(config)#no access-list 20
TRN008836(config)#access-list 20 permit 62.23.19.235
TRN008836(config)#!
TRN008836(config)#Snmp-server view custview mib-2.* included
TRN008836(config)#Snmp-server view custview ciscoEnvMonMIB included
TRN008836(config)#Snmp-server view custview ciscoMgmt.13 included
TRN008836(config)#Snmp-server enable traps envmon
TRN008836(config)#Snmp-server enable traps snmp
TRN008836(config)#!
TRN008836(config)#snmp-server community Ip@Cs!123 view custview RO 20
TRN008836(config)#snmp-server host 62.23.19.235 Ip@Cs!123 envmon snmp

++++++++++++++++++++++
PROGRAM 3:-  What if each router need different commands to update and fetch output.
++++++++++++++++++++++

Note:- In programs 1 and 2 the configs were common to all devices, however if you want separate config for each IP then it will be very complex to store each config in separate arrays and call it. However you can use file handling method, like storing the files in notepad and calling it for each devices.

In this program I would share one specific example which is possible, for every device IP there can be one command pasted in relevance to that device, its like one to one pairing of commands executed one by one. however there is a challenge in using 2 commands in relevance of that device, which I may soon come up.

Example:- If you want to find the interface name of each IP which you got, hence its just a show command to be given on each router to fetch the output.


Program:- Its similar to program 2 however there is a array calling with incremental indexing Logic.

Program Output:-  As you see here the interface is all loopback0. And sequence of 1st IP with 1st Command pairing is executed.
                  

You can develop one such program for telnet function, I shall try to make one program which can able to perform both telnet and SSH based on whichever is permitted in router.

Note:- You can develop more to such program and formulate the results in notepad, excel, word as  you wish in the output. I would explain such file handling method in coming post.

Hope you had a good learning on how the automation of configuration is carried in router. Even you can perform the logic from base machine if its accessible to managed devices.

Thank you for the read this far, wish you good luck!!

1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 5.00 out of 5)

Loading…

Author: Ramesh

1 thought on “Automate Bulk Routers Configuration

  1. Amazing content, really helpful and easy to understand.

    Special Thank you !!!

Comments are closed.