[f-nsp] scripting

Nick Morrison nick at nick.on.net
Fri Jul 10 05:38:49 EDT 2009 

Hey all,

I'm slowly working up a bunch of scripts that do useful network-adminy
things for Foundry switches - mostly perl scripts that run from a unix
management host.  There's a lot you can get using the
SNMP::Info::Layer3::Foundry library
(http://search.cpan.org/~maxb/SNMP-Info-2.01/Info/Layer3/Foundry.pm)
and its ilk, but there ain't a MIB for everything, sadly.  For
example, I'd like to get a full mac address table out.. but it appears
the only mac-related OIDs are to get the *static* mac table.

First: I could be wrong!  Has anyone else done much mucking with
perl+snmp+foundry who could comment?

Second: for the times that it's just not possible, it would be *super*
useful to be able to use ssh in the old rsh style of running a command
against a switch without logging into it (eg using a passphrase-less
rsa key) and without having to navigate the prompt.

With Cisco devices running IOS (or unix hosts running sshd), you can
do things like this:

unixhost:~ > ssh user at router show ver
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-D-L), Version 12.0(18b), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Mon 11-Feb-02 02:32 by kellythw
Image text-base: 0x03038A80, data-base: 0x00001000

ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c),
RELEASE SOFTWARE (fc1)

antares uptime is 11 minutes
System restarted by reload
System image file is "flash:c2500-d-l.120-18b.bin"

cisco 2500 (68030) processor (revision L) with 14336K/2048K bytes of memory.
Processor board ID 07092223, with hardware revision 00000000
Bridging software.
X.25 software, Version 3.0.0.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read ONLY)

Configuration register is 0x2102
unixhost:~ >

... to another unix box..

host1:~ > ssh user at host2 ls -la
total 8410
drwxr-xr-x  12 user  user     1024 Jul  9 14:39 .
drwxr-xr-x   7 root   wheel      512 Jul  7 12:20 ..
drwxr-xr-x   5 root   user      512 Jul  7 14:27 .cpan
-rw-r--r--   1 user  user      758 May 23 17:04 .cshrc
-rw-------   1 user  user      119 May 23 16:16 .history
drwx------   2 user  user      512 Jul  7 10:48 .irssi
-rw-------   1 root   user      112 Jul  2 08:12 .lesshst
drwxr-xr-x   2 root   user      512 Jun  1 07:21 .lftp
-rw-r--r--   1 user  user      258 May 23 17:04 .login
-rw-r--r--   1 user  user      167 May 23 17:04 .login_conf
-rw-------   1 user  user      379 May 23 17:04 .mail_aliases
<snip>

... in other words, your script can grab output without having to go
through the process of logging in, expecting a prompt, running a
command, etc.  This is of course a fairly standard ssh feature.  and
useful!

... but foundry's software doesn't seem to support it.

unixhost:~ > ssh user at foundryrouter show ver
Protocol error, doesn't start with scp!
unixhost:~ >

... which disappoints me greatly.


What I'd really love to see is a community-oriented site, collating
handy scripts and tips on automating administrative checks and the
like.  Is anyone else interested in this kind of venture?  Has anyone
gone far down this path without going mad? :-)  I'd be very happy to
lead or assist with a project aimed this way, as there is currently
not much out there (in my experience - please correct me if I'm
wrong), and with Brocade's new involvement I think we could get some
momentum behind us.  We could even put some collective pressure on
Brocade to extend their ssh implementation to support these features..

What do you think?

--
Nick Morrison <nick at nick.on.net>

More information about the foundry-nsp mailing list