[c-nsp] Automating BGP

Andrew Fort afort at choqolat.org
Mon May 9 20:49:35 EDT 2005 

Alexandra Alvarado wrote:
> Hello,
> In the place where I work we have configured BGP in many cisco devices, but
> now the management is too difficult in a manual way, because of that we are
> going to develop a perl script to make easier it process. First of all we
> are going to do some consult modules, one important thing for the NOC is to
> have a web interface where they can see all our networks by c class and what
> is the main and backup provider of each one (we have 4 providers), I want to
> do it using SNMP but I didn't find that information making SNMP consults.
> If somebody gives me some advice to how develop my program I would
> appreciate it.
> 
> Thanks
> Alexandra Alvarado

Many people do this using a tool to turn a routing policy into a set of 
device-specific configuration files that they then upload to the devices 
using their usual automated method (SNMP triggered file transfer via a 
tool like 'pancho'[??], router agent (e.g. Cisco CNS Agent, this is 
probably the best way but will set you back some cash to get the agent 
server/software from Cisco) or expect (see RANCID[1], 'cisco-load.exp' 
in the /util/ directory).  Alternatively, if you feel like punishment, 
you can reinvent the wheel using Net::Telnet::Cisco or similar...

The most common policy language is RPSL (see RFC2622, RFC2650 (though 
2650 is lacking in any real meat, it is a reasonable introduction), and 
the most common tool to turn your aut-num and associated objects into 
device specific language is RtConfig, part of the IRRToolSet (now 
maintained by ISC) [2].

RtConfig doesn't encapsulate all of RPSL - for example, it doesn't deal 
with (last time I checked) router objects and so on, but does most of 
what you need; i.e., aut-num object export/import handling, and 
referencing AS-SET and ROUTE and RS objects.

Alternatively, if you want to statically manage your policy 
configuration using some pre-defined templates, and you just want to 
update your filters dynamically, based on the contents of a whois 
server, you may like to take a look at bgpq [3].  This is a neat little 
tool and works very well - it just won't build your policy/route-maps 
for you (it'll just build your {access,prefix}-lists)).  It'll even 
aggregate the lists and so on.

[1] http://www.shrubbery.net/rancid/
[2] http://www.isc.org/index.pl?/sw/IRRToolSet/
[??] what happened to this tool?  it was once available through 
http://pancho.lunarmedia.net/, but now I can't find it anywhere.
[3] ftp://ftp.lexa.ru/pub/domestic/snar/

-andrew

More information about the cisco-nsp mailing list