Its been a while since my last post, mainly because I have been bitten by the Raspberry Pi bug. As a side effect of this I have been trying to learn Python to implement all the cool things the Raspberry Pi can do. I haven’t touched any programming languages since i was a student and barely scraped through Software Development 1, mainly because at the time I had no interest in C++, preferring micro controllers like the PIC and Intel 8051 where I could physically see the results of my code (making an LED blink is insanely satisfying).
As a result of learning Python I am starting to look for things to use it for in my daily working life. One thing I have to do regularly on the network is Null route naughty boys and girls causing DDoS attacks on our Cisco ASR 9000 routers. Quite often there is more than one address that requires to be nulled at a time, and it can be quite painful to copy and paste the commands in gedit or notepad, I decided that was a perfect opportunity to put my new-found python skills to use.
Objectives
I came up with a brief list of objectives that I wanted the script to achieve :
- Ability to add multiple IP’s in a single line.
- Verify that the IP’s input are valid.
- Print the commands to get into configuration mode on the Cisco ASR 9000.
- Print the null route command for each IP input.
- Add a description with the date to each Null route added.
- Print the commands to remove the Null route at a later date.
Code
IP’s are entered with a space separating each individual IP, I used the socket module of Python to validate the IP’s that are input and then placed the values into a list (array) that could be used in a for loop to print out the commands for each IP.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 |
#!/usr/bin/env python # -*- coding: utf-8 -*- # # nullroute.py # # Copyright 2014 Jonathan Miller <jonathan@routingloops.co.uk> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, # MA 02110-1301, USA. # # # Import time, will be used to determine the description import time # Import socket to validate the IP's entered import socket # Specify the variables today = time.strftime("%Y%m%d") conf = str("conf\n!") add_fam = str("router static address-family ipv4 unicast\n!") commit = str("commit\n!") # Function to check if the IP is valid def is_valid_ipv4_address(ip): try: socket.inet_pton(socket.AF_INET, ip) except AttributeError: # no inet_pton here, sorry try: socket.inet_aton(ip) except socket.error: return False return ip.count('.') == 3 except socket.error: # not a valid address return False return True # Request IP's be input, separated by spaces ip = raw_input("Insert IP's separated by a space: ") # Split the IP's and put them into a list all_ips = map(str,ip.split()) print(" ") print("----------------------------------------------------\n----------------------------------------------------") print("To enter Configuration mode use:\n") print(conf) print(add_fam) print(" ") print("----------------------------------------------------\n----------------------------------------------------") print("Copy and paste the output bellow into the router:") print(" ") # Repeat null route command for each IP entered for x in all_ips: if is_valid_ipv4_address(x)==True: print x+"/32 null0 description "+today+"\n!" else: print(x+" Is not a valid IP address format") print("----------------------------------------------------\n----------------------------------------------------") print(" ") print("To remove the null routes use the following:") print(" ") # Repeat "no" null route command for each IP entered for y in all_ips: if is_valid_ipv4_address(y)==True: print "no "+y+"/32 null0\n!" else: print(y+" Is not a valid IP address format") print("----------------------------------------------------\n----------------------------------------------------") |
Sample output:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
jonathanm@jonathanm:~/Python$ python nullroute.py Insert IP's separated by a space: 1.1.1.1 2.2.2.2 256.123.1.1 ---------------------------------------------------- ---------------------------------------------------- To enter Configuration mode use: conf ! router static address-family ipv4 unicast ! ---------------------------------------------------- ---------------------------------------------------- Copy and paste the output bellow into the router: 1.1.1.1/32 null0 description 20141230 ! 2.2.2.2/32 null0 description 20141230 ! 256.123.1.1 Is not a valid IP address format ---------------------------------------------------- ---------------------------------------------------- To remove the null routes use the following: no 1.1.1.1/32 null0 ! no 2.2.2.2/32 null0 ! 256.123.1.1 Is not a valid IP address format ---------------------------------------------------- ---------------------------------------------------- jonathanm@jonathanm:~/Python$ |
The code still needs a bit of work to get the formatting the way I would like it but it is functional at the moment.
Future Upgrades
There are a few things that I would like to add to the script but just haven’t found the time to do it as yet:
- Add option to select IOS or IOSXR output.
- Add step to correct invalid IP’s before moving on to print the configuration commands.
- Add option to automatically log into the router and apply the Null route.
- Tweak the format of the way the output is displayed to make it more readable.
