New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement of a MAC collector through SSH #1190
Conversation
For devices that doesn't support the walk through SNMP with multiple VLANs
76bb66d
to
df7a14a
Compare
Cool! 👍 For the record, I had similar plans a while ago and already talked @ollyg into adding an API endpoint that can upload a macsuck result ( However this approach showed two issues:
Then other stuff came inbetween and I parked the idea for the time being, looks like this was already two years ago now, dang. But I'd still like a way to do macsuck without snmp, my main problem is that it is so wasteful and slow on big switches and with community based indexing. And it doesn't even work right with SNMPv3 or is a pain with having to create a context per VLAN. This just for a bit of context, I'm in favor of both a ntc-templates or an expect-ish SSH variant. If we go with the latter, sorry @ollyg that I insisted on the API and then not really came through with any useful application for it. |
@rc9000 don't feel bad! The work to support API actually means that inside Netdisco the gather of data is decoupled from the sanity checking and the storage phases, so it makes this work here easier to implement, and also generally cleaner design internally. I was very happy to do it. Note that we even support CLI input of MAC/ARP data via netdisco-do. |
Ah yes, I see @earendilfr has implemented using exactly the right feature as a result of refactor! Makes me happy :-) |
You are right, the solution is not perfect (clearly, I prefer the SNMP way because the SSH is very slow). But if you check the output, you can do the necessary to have in parallel the CLI and the SNMP (it's could be fun if we could run the main
One big difficulty (root cause is Cisco devices) is the need to launch all the cmd in one time because ssh session is dead after the usage of capture function and so, the reuse of this function generate an error... |
There was also various issues in IOSXR.pm over the years. The current version uses Expect instead of capture(), this seemed to work fine in the end. |
I hesitate strongly to say this ... has Net::Appliance::Session been tried? Unfortunately I have no devices to test on, here. |
I can confirm that Net::Appliance::Session works well with pretty much everything that Cisco has sold in the last two decades :) IIRC in the first couple SSHCollector modules I didn't use it because the dependencies were a pain in our airgapped DC equipped with quite old RHEL servers, Expect was just there. Nowadays everybody seems to have Internet-straight-to-critical-infrastructure pipelines with Docker, Artifactory and DevopsThisAndThat, so that should not be an issue anymore. |
This patch is fine. The reason I've not merged it yet is I wanted to see if there's a way to let Netdisco do the interfaces status as SNMP and cache that, then let the SSH mac-address table command run. Then combine the two at the end. |
I can try to update the PR to replace the usage of Net::SSH module by Except or Net::Appliance::Session... |
note to self @ollyg: remove macs on forbidden vlans (sanity_vlans) |
replaced with #1202 |
Hi @earendilfr thanks for the patch! because there were quite significant changes I wanted to make (remove interface status checks), it was easier to make a new branch and PR which is over here at #1202. |
* Implement of a MAC collector through SSH For devices that doesn't support the walk through SNMP with multiple VLANs * fix typo in SSH transport macsuck * update macsuck ssh to remove interface update and add sanity/debug * update IOS SSH collector to remove interfaces and add safeguarding * fix typo syntax error * fall back to provided port abbreviation if not known * add example output for macsuck and change regexp to allow zero numbers on port name * fix another typo in the worker * missing dependency --------- Co-authored-by: earendilfr <earendil@toleressea.fr>
Some Cisco devices doesn't support the
macsuck
function because they doesn't support the BridgeMIB to the retrieve MAC addresses connected to switch ports...(By example, the Cisco C1100 series routers have a switch inside but doesn't support the BridgeMIB...)
So, I have created a simple macsuck function through the SSH collector to retrieve these data.
Like the SNMP collector, the function:
Currently, I have done only the IOS platform but it could be interesting for other devices...