Re: Excessive Netflix DNS Traffic?

2016-10-13 Thread Josh Reynolds 
Same here :)

On Oct 13, 2016 1:09 PM, "Ryan, Spencer"  wrote:

> I was going to point you to the reddit thread about it, but it looks to be
> your thread :)
>
>
> Spencer Ryan | Senior Systems Administrator | sr...@arbor.net sr...@arbor.net>
> Arbor Networks
> +1.734.794.5033 (d) | +1.734.846.2053 (m)
> www.arbornetworks.com
>
>
> 
> From: NANOG  on behalf of Eamon Bauman <
> ea...@eamonbauman.com>
> Sent: Thursday, October 13, 2016 10:26:57 AM
> To: nanog@nanog.org
> Subject: Excessive Netflix DNS Traffic?
>
> Hi all,
>
> Is anyone seeing excessive DNS traffic from game consoles (Xbox One, PS4)
> running Netflix? Starting 9/29 we have been seeing significant volume of
> DNS traffic from game consoles on our campus to our caching recursive
> boxes. Logs show repeated requests for api-global.netflix.com and
> nrdp.nccp.netflix.com.
>
> Anyone else experiencing this?
>
> Eamon
>

RE: Anyone from Facebook here?

2016-10-13 Thread Doug Porter 
> You may want to follow up on this email thread.
> IPv6 vs IPv4 performance to m.facebook.com.

Mark:

Thanks.  We saw this on bind-users and are tracking in t13843732.

-- 
dsp

Re: Two BGP peering sessions on single Comcast Fiber Connection?

2016-10-13 Thread Ryan, Spencer 
Run your IPv4 peer to one router and IPv6 to another. Boom, redundancy!


Spencer Ryan | Senior Systems Administrator | 
sr...@arbor.net
Arbor Networks
+1.734.794.5033 (d) | +1.734.846.2053 (m)
www.arbornetworks.com



From: NANOG  on behalf of Jörg Kost 
Sent: Thursday, October 13, 2016 3:59:29 PM
To: rar
Cc: nanog@nanog.org
Subject: Re: Two BGP peering sessions on single Comcast Fiber Connection?


On 13 Oct 2016, at 19:48, rar wrote:

> Comcast said they could not support two separate BGP peering sessions
> on the same circuit.  Does anyone have any counter examples?  We used
> to have this setup with Comcast 5+ years ago, but now they say they
> can't support it.
>

So how do they connect ip6 sessions? ;-)

Jörg

Re: Two BGP peering sessions on single Comcast Fiber Connection?

2016-10-13 Thread Jörg Kost 


On 13 Oct 2016, at 19:48, rar wrote:

Comcast said they could not support two separate BGP peering sessions 
on the same circuit.  Does anyone have any counter examples?  We used 
to have this setup with Comcast 5+ years ago, but now they say they 
can't support it.




So how do they connect ip6 sessions? ;-)

Jörg

Re: Two BGP peering sessions on single Comcast Fiber Connection?

2016-10-13 Thread Dovid Bender 
Whenever we set up a bgp peer we do that to minimize downtime when doing
maint. It's hit or miss. HE required a second physicall connection NTT was
more than accommodating.

On Oct 13, 2016 15:06, "Mike Poublon"  wrote:

> I started a thread around the same topic back on 10/16 of 2014. A Comcast
> engineer (who ultimately spoke to the national product manager) came back
> after discussing and said the same thing "We don't support that". I got a
> slightly longer explanation of:
>
> 
>
> In a nutshell, when we design a product we do it to accommodate the most
> typical customer cases.
> Given that the design includes a single fiber path and thus the fiber path
> and device that terminates on either end each are a single point of
> failure, adding extra BGP sessions doesn’t seem to add value in the typical
> failure scenarios.  In order to achieve the simplest and most scalable
> solution to address the market, we rely on narrowing the possible
> combinations of parameters.
>
> 
>
> I explained to them that their interpretation prevents me from being able
> to do concurrent maintenance on my side (single router reboot/upgrade,
> etc). Never got anywhere with it though.
>
> I'm still interested in having this set up, but have given up on it ever
> really coming to reality. Luckily ALL of my other providers were more than
> happy to set up an extra session.
>
> If anyone from Comcast is listening, there is customer demand for this.
> It's not about making it better for Comcast, it's about allowing customers
> to have more flexibility.
>
> Mike Poublon
>
> /Senior Datacenter Network Engineer/
>
> *Secant Technologies*
>
> 6395 Technology Ave. Suite A
>
> Kalamazoo, MI 49009
>
> On 10/13/2016 1:48 PM, rar wrote:
>
>> After a many month wait, we were ready to turn up our BGP peering
>> sessions on a new Comcast fiber connection.
>>
>> With our other providers (Level 3 and Verizon) we have edge routers that
>> directly connect between the provider's on premise connection and our
>> primary and a backup core routers.  Each core router has a multihop BGP
>> session with the provider's BGP router.  The goal is to keep the single BGP
>> router from being a single point of failure.
>>
>> Comcast said they could not support two separate BGP peering sessions on
>> the same circuit.  Does anyone have any counter examples?  We used to have
>> this setup with Comcast 5+ years ago, but now they say they can't support
>> it.
>>
>>
>> Bob Roswell
>> brosw...@syssrc.com
>> 410-771-5544 ext 4336
>>
>> Computer Museum Highlights
>>
>>
>

Re: Two BGP peering sessions on single Comcast Fiber Connection?

2016-10-13 Thread Mike Poublon 
I started a thread around the same topic back on 10/16 of 2014. A 
Comcast engineer (who ultimately spoke to the national product manager) 
came back after discussing and said the same thing "We don't support 
that". I got a slightly longer explanation of:




In a nutshell, when we design a product we do it to accommodate the most 
typical customer cases.
Given that the design includes a single fiber path and thus the fiber 
path and device that terminates on either end each are a single point of 
failure, adding extra BGP sessions doesn’t seem to add value in the 
typical failure scenarios.  In order to achieve the simplest and most 
scalable solution to address the market, we rely on narrowing the 
possible combinations of parameters.




I explained to them that their interpretation prevents me from being 
able to do concurrent maintenance on my side (single router 
reboot/upgrade, etc). Never got anywhere with it though.


I'm still interested in having this set up, but have given up on it ever 
really coming to reality. Luckily ALL of my other providers were more 
than happy to set up an extra session.


If anyone from Comcast is listening, there is customer demand for this. 
It's not about making it better for Comcast, it's about allowing 
customers to have more flexibility.


Mike Poublon

/Senior Datacenter Network Engineer/

*Secant Technologies*

6395 Technology Ave. Suite A

Kalamazoo, MI 49009

On 10/13/2016 1:48 PM, rar wrote:

After a many month wait, we were ready to turn up our BGP peering sessions on a 
new Comcast fiber connection.

With our other providers (Level 3 and Verizon) we have edge routers that 
directly connect between the provider's on premise connection and our primary 
and a backup core routers.  Each core router has a multihop BGP session with 
the provider's BGP router.  The goal is to keep the single BGP router from 
being a single point of failure.

Comcast said they could not support two separate BGP peering sessions on the 
same circuit.  Does anyone have any counter examples?  We used to have this 
setup with Comcast 5+ years ago, but now they say they can't support it.


Bob Roswell
brosw...@syssrc.com
410-771-5544 ext 4336

Computer Museum Highlights

Re: Excessive Netflix DNS Traffic?

2016-10-13 Thread Ryan, Spencer 
I was going to point you to the reddit thread about it, but it looks to be your 
thread :)


Spencer Ryan | Senior Systems Administrator | 
sr...@arbor.net
Arbor Networks
+1.734.794.5033 (d) | +1.734.846.2053 (m)
www.arbornetworks.com



From: NANOG  on behalf of Eamon Bauman 

Sent: Thursday, October 13, 2016 10:26:57 AM
To: nanog@nanog.org
Subject: Excessive Netflix DNS Traffic?

Hi all,

Is anyone seeing excessive DNS traffic from game consoles (Xbox One, PS4)
running Netflix? Starting 9/29 we have been seeing significant volume of
DNS traffic from game consoles on our campus to our caching recursive
boxes. Logs show repeated requests for api-global.netflix.com and
nrdp.nccp.netflix.com.

Anyone else experiencing this?

Eamon

Two BGP peering sessions on single Comcast Fiber Connection?

2016-10-13 Thread rar 
After a many month wait, we were ready to turn up our BGP peering sessions on a 
new Comcast fiber connection.

With our other providers (Level 3 and Verizon) we have edge routers that 
directly connect between the provider's on premise connection and our primary 
and a backup core routers.  Each core router has a multihop BGP session with 
the provider's BGP router.  The goal is to keep the single BGP router from 
being a single point of failure.

Comcast said they could not support two separate BGP peering sessions on the 
same circuit.  Does anyone have any counter examples?  We used to have this 
setup with Comcast 5+ years ago, but now they say they can't support it.


Bob Roswell
brosw...@syssrc.com
410-771-5544 ext 4336

Computer Museum Highlights

Excessive Netflix DNS Traffic?

2016-10-13 Thread Eamon Bauman 
Hi all,

Is anyone seeing excessive DNS traffic from game consoles (Xbox One, PS4)
running Netflix? Starting 9/29 we have been seeing significant volume of
DNS traffic from game consoles on our campus to our caching recursive
boxes. Logs show repeated requests for api-global.netflix.com and
nrdp.nccp.netflix.com.

Anyone else experiencing this?

Eamon

Re: A perl script to convert Cisco IOS/Nexus/ASA configurations to HTML for easier comprehension

2016-10-13 Thread Jesse McGraw 

Lee,

  FWIW, the script will work under straight Windows and I use it there 
frequently.


I think Strawberry perl comes with cpanm (cpanminus) pre-installed so 
you can do:


"cpanm Carton"

and then cd to wherever you've got the script saved and do:

"carton install"

to install the dependencies


Or, if you've got a set of configs with nothing sensitive/private left 
in them, try the simple web version I set up:


https://hidden-waters-8218.herokuapp.com/



If I had a Windows VM setup I'd come up with a setup.bat

On 10/13/2016 12:38 PM, Lee wrote:

On 10/13/16, Jesse McGraw  wrote:

Lee,

Check out the setup.sh script, hopefully it does everything necessary
to get the script working on a Debian-derived Linux system

I'm using Windows + Cygwin; maybe it's just that I don't have them
installed, but there is no sudo or apt so setup.sh isn't going to work
for me.  So while I was interested in seeing what this bit looked like

If you run it against multiple configuration files at once it will also attempt 
to link
between them when applicable (e.g. BGP neighbors, route next hops, interfaces
on the same subnet etc).

I'm not willing to take any more time on this.

I appreciate all the people who've tried to help but at least for now, I'm done.

Thanks,
Lee



I've attempted to make the only globally-installed dependencies be cpanm
and carton.  Once those are installed it uses carton to install the
dependencies locally


On 10/12/2016 07:59 PM, Lee wrote:

On 10/12/16, Jason Hellenthal  wrote:

Give these a shot. https://github.com/jlmcgraw/networkUtilities

I know J could use a little feedback on those as well but all in all
they
are pretty solid.

Where does one get Modern/Perl.pm ?

Can't locate Modern/Perl.pm in @INC (you may need to install the
Modern::Perl module) (@INC contains: /tmp/local/lib/perl5
/usr/lib/perl5/site_perl/5.22/i686-cygwin-threads-64int
/usr/lib/perl5/site_perl/5.22
/usr/lib/perl5/vendor_perl/5.22/i686-cygwin-threads-64int
/usr/lib/perl5/vendor_perl/5.22
/usr/lib/perl5/5.22/i686-cygwin-threads-64int /usr/lib/perl5/5.22 .)
at /tmp/iosToHtml.pl line 87.
BEGIN failed--compilation aborted at /tmp/iosToHtml.pl line 87.

Lee




On Oct 11, 2016, at 08:48, Lee  wrote:

On 10/10/16, Jay Hennigan  wrote:

On 10/6/16 1:26 PM, Jesse McGraw wrote:

Nanog,

 (This is me scratching an itch of my own and hoping that sharing
it
might be useful to others on this list.  Apologies if it isn't)

   When I'm trying to comprehend a new or complicated Cisco router,
switch or firewall configuration an old pet-peeve of mine is how
needlessly difficult it is to follow deeply nested logic in
route-maps,
ACLs, QoS policy-maps etc etc

To make this a bit simpler I’ve been working on a perl script to
convert
these text-based configuration files into HTML with links between the
different elements (e.g. To an access-list from the interface where
it’s
applied, from policy-maps to class-maps etc), hopefully making it
easier
to to follow the chain of logic via clicking links and using the
forward
and back buttons in your browser to go back and forth between command
and referenced list.

Way cool. Now to hook it into RANCID

It looks like what I did in 2.3.8 should still work - control_rancid
puts the diff output into $TMP.diff so add this bit:
grep "^Index: " $TMP.diff | awk '/^Index: configs/{
if ( ! got1 ) { printf("/usr/local/bin/myscript.sh "); got1=1; }
printf("%s ", $2)
}
END{ printf("\n") }
' >$TMP.doit
/bin/sh $TMP.doit >$TMP.out
if [ -s $TMP.out ] ; then
.. send mail / whatever
rm $TMP.doit $TMP.out
fi

Regards,
Lee

--
   Jason Hellenthal
   JJH48-ARIN

.

Re: A perl script to convert Cisco IOS/Nexus/ASA configurations to HTML for easier comprehension

2016-10-13 Thread Hank Nussbacher 
On 13/10/2016 19:38, Lee wrote:
> On 10/13/16, Jesse McGraw  wrote:
>> Lee,
>>
>>Check out the setup.sh script, hopefully it does everything necessary
>> to get the script working on a Debian-derived Linux system
> I'm using Windows + Cygwin; maybe it's just that I don't have them
> installed, but there is no sudo or apt so setup.sh isn't going to work
> for me.  So while I was interested in seeing what this bit looked like
Have you tried Bash on Windows 10:
http://www.howtogeek.com/249966/how-to-install-and-use-the-linux-bash-shell-on-windows-10/
http://www.pcworld.com/article/3106463/windows/how-to-get-bash-on-windows-10-with-the-anniversary-update.html

-Hank
>> If you run it against multiple configuration files at once it will also 
>> attempt to link
>> between them when applicable (e.g. BGP neighbors, route next hops, interfaces
>> on the same subnet etc).
> I'm not willing to take any more time on this.
>
> I appreciate all the people who've tried to help but at least for now, I'm 
> done.
>
> Thanks,
> Lee
>

Re: Level 3 voice outage

2016-10-13 Thread voytek 
Can anyone who was affected by last week's outage confirm that 911
services were impacted (I assume they were)?

Anyone know if the current outage is in any way related to this one from
last week?
http://downdetector.com/status/level3/map/



On 10/05/2016 01:24 PM, Mel Beckman wrote:
> It’s good to see them acknowledging this.
>
>  -mel
>
> On Oct 5, 2016, at 10:10 AM, Gareth Tupper 
> mailto:gareth.tup...@warnerpacific.com>> 
> wrote:
>
> Looks like a fat finger event...
>
> From Level 3:
> "On October 4, our voice network experienced a service disruption affecting 
> some of our customers in North America due to a configuration error. We know 
> how important these services are to our customers. As an organization, we're 
> putting processes in place to prevent issues like this from recurring in the 
> future. We were able to restore all services by 9:31am Mountain time."
>
>
> http://www.theregister.co.uk/2016/10/05/level3_voip_blackout_cause/
>
>
>
> -Original Message-
> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Mel Beckman
> Sent: Tuesday, October 4, 2016 1:09 PM
> To: Marco Teixeira mailto:ad...@marcoteixeira.com>>
> Cc: Shawn Ritchie mailto:shawnritc...@gmail.com>>; 
> NANOG list mailto:nanog@nanog.org>>
> Subject: Re: Level 3 voice outage
>
> Possibly somebody YANGed when they should have yinged :)
>
> -mel beckman
>
> On Oct 4, 2016, at 1:06 PM, Marco Teixeira 
> mailto:ad...@marcoteixeira.com>>
>  wrote:
>
> Yeap, i know, it was what i understood, as it is my opinion that a zero day 
> would fit better... in the pure speculation world :) At the end of the day... 
> maybe some undocumented fault int some obscure functionality that was 
> activated/deployed a long time ago, and just revealed it self now... There 
> are so many things that can go wrong on complex networks even with all the 
> controls imposed on changes...
>
>
>
>
> On Tue, Oct 4, 2016 at 8:54 PM, Shawn Ritchie 
> mailto:shawnritc...@gmail.com>>
>  wrote:
> Well, Level3 has by no means said that this was the result of a DDoS, that's 
> just speculation on behalf of folks who do not work at Level3 so far.
>
> On Tue, Oct 4, 2016 at 2:49 PM Marco Teixeira 
> mailto:ad...@marcoteixeira.com>>
>  wrote:
> I won't believe a company like Level3 would not deploy backplane 
> protection/policing on routers. Also, 1Tb/s aggregated DDoS towards OVH 
> network didn't pause or rebooted routers. And i guess both companies have had 
> their share of (D)DoS in the past, so they had the time to get up to the 
> challenge. Now... there where times where one malformed IP packet would cause 
> a memory leak leading to a router reboot... :)?
>
>
>
>
> On Tue, Oct 4, 2016 at 8:23 PM, Mel Beckman 
> mailto:m...@beckman.org>> wrote:
>
> 765 Gbps per second directed at a router's interface IP might give the
> router pause, so to speak :)
>
> -mel
>
> On Oct 4, 2016, at 12:10 PM, Marco Teixeira
> mailto:ad...@marcoteixeira.com>>
> wrote:
>
> Multiple reboots across several markets... Does not seem something
> that full pipes would trigger. Had it been an approved chance it would
> have been rolled back i guess... On the other hand, a zero day could apply...
>
> Em 04/10/2016 19:54, "Mel Beckman" 
> mailto:m...@beckman.org>> escreveu:
>
> Sure. The recent release of the IoT DDoS attack code in the wild.
>
> -mel
>
> On Oct 4, 2016, at 11:42 AM, 
> valdis.kletni...@vt.edu
>  wrote:
>
> On Tue, 04 Oct 2016 18:14:54 -, Mel Beckman said:
>
> This could be DoS attack.
>
> Or a missing comma in a code update.
>
> Or a fumble-fingered NOC monkey.
>
> Or
>
> You have any reason to suspect a DoS attack rather than all the
> other possibilities?
>
>
>
> --
>
> --
> Shawn
>
>
>
> This electronic mail transmission contains information from Warner Pacific 
> Insurance Services that may be confidential or privileged. Such information 
> is solely for the intended recipient, and use by any other party is not 
> authorized. If you are not the intended recipient, be aware that any 
> disclosure, copying, distribution or use of this message, its contents or any 
> attachments is prohibited. Any wrongful interception of this message is 
> punishable as a Federal Crime. If you have received this message in error, 
> please notify the sender immediately by telephone (800) 801-2300 or by 
> electronic mail at 
> postmas...@warnerpacific.com.
>

Re: A perl script to convert Cisco IOS/Nexus/ASA configurations to HTML for easier comprehension

2016-10-13 Thread Lee 
On 10/13/16, Jesse McGraw  wrote:
> Lee,
>
>Check out the setup.sh script, hopefully it does everything necessary
> to get the script working on a Debian-derived Linux system

I'm using Windows + Cygwin; maybe it's just that I don't have them
installed, but there is no sudo or apt so setup.sh isn't going to work
for me.  So while I was interested in seeing what this bit looked like
> If you run it against multiple configuration files at once it will also 
> attempt to link
> between them when applicable (e.g. BGP neighbors, route next hops, interfaces
> on the same subnet etc).
I'm not willing to take any more time on this.

I appreciate all the people who've tried to help but at least for now, I'm done.

Thanks,
Lee


>
> I've attempted to make the only globally-installed dependencies be cpanm
> and carton.  Once those are installed it uses carton to install the
> dependencies locally
>
>
> On 10/12/2016 07:59 PM, Lee wrote:
>> On 10/12/16, Jason Hellenthal  wrote:
>>> Give these a shot. https://github.com/jlmcgraw/networkUtilities
>>>
>>> I know J could use a little feedback on those as well but all in all
>>> they
>>> are pretty solid.
>> Where does one get Modern/Perl.pm ?
>>
>> Can't locate Modern/Perl.pm in @INC (you may need to install the
>> Modern::Perl module) (@INC contains: /tmp/local/lib/perl5
>> /usr/lib/perl5/site_perl/5.22/i686-cygwin-threads-64int
>> /usr/lib/perl5/site_perl/5.22
>> /usr/lib/perl5/vendor_perl/5.22/i686-cygwin-threads-64int
>> /usr/lib/perl5/vendor_perl/5.22
>> /usr/lib/perl5/5.22/i686-cygwin-threads-64int /usr/lib/perl5/5.22 .)
>> at /tmp/iosToHtml.pl line 87.
>> BEGIN failed--compilation aborted at /tmp/iosToHtml.pl line 87.
>>
>> Lee
>>
>>
>>
 On Oct 11, 2016, at 08:48, Lee  wrote:

 On 10/10/16, Jay Hennigan  wrote:
> On 10/6/16 1:26 PM, Jesse McGraw wrote:
>> Nanog,
>>
>> (This is me scratching an itch of my own and hoping that sharing
>> it
>> might be useful to others on this list.  Apologies if it isn't)
>>
>>   When I'm trying to comprehend a new or complicated Cisco router,
>> switch or firewall configuration an old pet-peeve of mine is how
>> needlessly difficult it is to follow deeply nested logic in
>> route-maps,
>> ACLs, QoS policy-maps etc etc
>>
>> To make this a bit simpler I’ve been working on a perl script to
>> convert
>> these text-based configuration files into HTML with links between the
>> different elements (e.g. To an access-list from the interface where
>> it’s
>> applied, from policy-maps to class-maps etc), hopefully making it
>> easier
>> to to follow the chain of logic via clicking links and using the
>> forward
>> and back buttons in your browser to go back and forth between command
>> and referenced list.
> Way cool. Now to hook it into RANCID
 It looks like what I did in 2.3.8 should still work - control_rancid
 puts the diff output into $TMP.diff so add this bit:
 grep "^Index: " $TMP.diff | awk '/^Index: configs/{
 if ( ! got1 ) { printf("/usr/local/bin/myscript.sh "); got1=1; }
 printf("%s ", $2)
 }
 END{ printf("\n") }
 ' >$TMP.doit
 /bin/sh $TMP.doit >$TMP.out
 if [ -s $TMP.out ] ; then
.. send mail / whatever
 rm $TMP.doit $TMP.out
 fi

 Regards,
 Lee
>>>
>>> --
>>>   Jason Hellenthal
>>>   JJH48-ARIN
>> .
>>
>
>

DEC-IX Summit New York livestream

2016-10-13 Thread Joly MacFie 
https://livestream.com/internetsociety/de-cix

-- 
---
Joly MacFie  218 565 9365 Skype:punkcast
--
-

Re: A perl script to convert Cisco IOS/Nexus/ASA configurations to HTML for easier comprehension

2016-10-13 Thread Jason Hellenthal 
Thanks for chiming in Jesse.

> On Oct 13, 2016, at 08:08, Jesse McGraw  wrote:
> 
> Lee,
> 
>  Check out the setup.sh script, hopefully it does everything necessary to get 
> the script working on a Debian-derived Linux system
> 
> I've attempted to make the only globally-installed dependencies be cpanm and 
> carton.  Once those are installed it uses carton to install the dependencies 
> locally
> 
> 
> On 10/12/2016 07:59 PM, Lee wrote:
>> On 10/12/16, Jason Hellenthal  wrote:
>>> Give these a shot. https://github.com/jlmcgraw/networkUtilities
>>> 
>>> I know J could use a little feedback on those as well but all in all they
>>> are pretty solid.
>> Where does one get Modern/Perl.pm ?
>> 
>> Can't locate Modern/Perl.pm in @INC (you may need to install the
>> Modern::Perl module) (@INC contains: /tmp/local/lib/perl5
>> /usr/lib/perl5/site_perl/5.22/i686-cygwin-threads-64int
>> /usr/lib/perl5/site_perl/5.22
>> /usr/lib/perl5/vendor_perl/5.22/i686-cygwin-threads-64int
>> /usr/lib/perl5/vendor_perl/5.22
>> /usr/lib/perl5/5.22/i686-cygwin-threads-64int /usr/lib/perl5/5.22 .)
>> at /tmp/iosToHtml.pl line 87.
>> BEGIN failed--compilation aborted at /tmp/iosToHtml.pl line 87.
>> 
>> Lee
>> 
>> 
>> 
 On Oct 11, 2016, at 08:48, Lee  wrote:
 
 On 10/10/16, Jay Hennigan  wrote:
> On 10/6/16 1:26 PM, Jesse McGraw wrote:
>> Nanog,
>> 
>>(This is me scratching an itch of my own and hoping that sharing it
>> might be useful to others on this list.  Apologies if it isn't)
>> 
>>  When I'm trying to comprehend a new or complicated Cisco router,
>> switch or firewall configuration an old pet-peeve of mine is how
>> needlessly difficult it is to follow deeply nested logic in route-maps,
>> ACLs, QoS policy-maps etc etc
>> 
>> To make this a bit simpler I’ve been working on a perl script to
>> convert
>> these text-based configuration files into HTML with links between the
>> different elements (e.g. To an access-list from the interface where
>> it’s
>> applied, from policy-maps to class-maps etc), hopefully making it
>> easier
>> to to follow the chain of logic via clicking links and using the
>> forward
>> and back buttons in your browser to go back and forth between command
>> and referenced list.
> Way cool. Now to hook it into RANCID
 It looks like what I did in 2.3.8 should still work - control_rancid
 puts the diff output into $TMP.diff so add this bit:
 grep "^Index: " $TMP.diff | awk '/^Index: configs/{
 if ( ! got1 ) { printf("/usr/local/bin/myscript.sh "); got1=1; }
 printf("%s ", $2)
 }
 END{ printf("\n") }
 ' >$TMP.doit
 /bin/sh $TMP.doit >$TMP.out
 if [ -s $TMP.out ] ; then
   .. send mail / whatever
 rm $TMP.doit $TMP.out
 fi
 
 Regards,
 Lee
>>> 
>>> --
>>>  Jason Hellenthal
>>>  JJH48-ARIN
>> .
>> 
> 


-- 
 Jason Hellenthal
 JJH48-ARIN

Re: A perl script to convert Cisco IOS/Nexus/ASA configurations to HTML for easier comprehension

2016-10-13 Thread Jesse McGraw 

Lee,

  Check out the setup.sh script, hopefully it does everything necessary 
to get the script working on a Debian-derived Linux system


I've attempted to make the only globally-installed dependencies be cpanm 
and carton.  Once those are installed it uses carton to install the 
dependencies locally



On 10/12/2016 07:59 PM, Lee wrote:

On 10/12/16, Jason Hellenthal  wrote:

Give these a shot. https://github.com/jlmcgraw/networkUtilities

I know J could use a little feedback on those as well but all in all they
are pretty solid.

Where does one get Modern/Perl.pm ?

Can't locate Modern/Perl.pm in @INC (you may need to install the
Modern::Perl module) (@INC contains: /tmp/local/lib/perl5
/usr/lib/perl5/site_perl/5.22/i686-cygwin-threads-64int
/usr/lib/perl5/site_perl/5.22
/usr/lib/perl5/vendor_perl/5.22/i686-cygwin-threads-64int
/usr/lib/perl5/vendor_perl/5.22
/usr/lib/perl5/5.22/i686-cygwin-threads-64int /usr/lib/perl5/5.22 .)
at /tmp/iosToHtml.pl line 87.
BEGIN failed--compilation aborted at /tmp/iosToHtml.pl line 87.

Lee




On Oct 11, 2016, at 08:48, Lee  wrote:

On 10/10/16, Jay Hennigan  wrote:

On 10/6/16 1:26 PM, Jesse McGraw wrote:

Nanog,

(This is me scratching an itch of my own and hoping that sharing it
might be useful to others on this list.  Apologies if it isn't)

  When I'm trying to comprehend a new or complicated Cisco router,
switch or firewall configuration an old pet-peeve of mine is how
needlessly difficult it is to follow deeply nested logic in route-maps,
ACLs, QoS policy-maps etc etc

To make this a bit simpler I’ve been working on a perl script to
convert
these text-based configuration files into HTML with links between the
different elements (e.g. To an access-list from the interface where
it’s
applied, from policy-maps to class-maps etc), hopefully making it
easier
to to follow the chain of logic via clicking links and using the
forward
and back buttons in your browser to go back and forth between command
and referenced list.

Way cool. Now to hook it into RANCID

It looks like what I did in 2.3.8 should still work - control_rancid
puts the diff output into $TMP.diff so add this bit:
grep "^Index: " $TMP.diff | awk '/^Index: configs/{
if ( ! got1 ) { printf("/usr/local/bin/myscript.sh "); got1=1; }
printf("%s ", $2)
}
END{ printf("\n") }
' >$TMP.doit
/bin/sh $TMP.doit >$TMP.out
if [ -s $TMP.out ] ; then
   .. send mail / whatever
rm $TMP.doit $TMP.out
fi

Regards,
Lee


--
  Jason Hellenthal
  JJH48-ARIN

.