Python3 Network Programming – Deploying base NTP / Logging across entire network, best practices, and the raw script at the very end of the post!

BigMikoTop

To round off the Netmiko section of Python3, I’d like to show a script that will standardize the entire network here with NTP and Buffered Logging, as those two things should be absolutely configured on a network for troubleshooting purposes.

The configs shown are very minimal, and definitely not best practice for production networks, which I will explain as I run through the different configs to automate.

With that, lets get started!

(The full code of this script and files will be in plain text at the end of this post)

First a review of the entire Netmiko script being run for the entire network

For this script I will be touching every network device, however the Core switch will have slightly different configs from the other LAN Switches, so I put them all into their own Dictionary / Variable for reference in the script:

LanAuto1

I imagine there is probably a better way to do this similar to a list of IP’s, but not that I am aware of at this time, so Dictionary Variables it is!

Next is the meat of the script similar to the previous lab I posted:

LanAuto2

As seen the previous script is completely repeated (again copy / pasted) with different naming conventions for files, and after each loop I re-define the List “all_devices” to define first the Core SW1 then the LAN which is SW2-SW5.

Next to review the files that will be configuring NTP / Logging on the LAN

First I will check out iosv_l2_core configs that will be going on SW1:

LanAuto3

This assigned Googles DNS of 8.8.8.8 to the device, so I can then use the FQDN “pool.ntp.org” which to me has always been a best practice, as it will always have an NTP Server available for use whereas statically assigning IP NTP Servers might go offline and throw your network time off until reconfigured.

Best practice note – Generally the Edge Device (Router, Firewall) will be the NTP Master / Pointing at an External NTP Source (pool.ntp.org is probably the best NTP Source), and you will use the “prefer” command after the NTP Server to build in NTP Redundancy.

For example two Core / Distribution Switches will point at the Router, and Access Switches behind that will “prefer” the router, but have the Core / Distribution Switches as backup NTP sources, as even if the router completely dies the Core Switches with redundant links like a Port-Channel (of course) and will continue to provide time to the network even if their NTP Source (the edge device) is no longer provide time!

Also you would want to add a rule denying outside IP’s to connect to your Public IP via Port 123 (NTP) to use your devices precious resources as their NTP Server!

/end best practice rant for NTP Configuration

Then “clock time-zone …” defines the timezone where the device is located via + / – UTC time, also “clock summer-time …” is needed for locations that observe Daylight Savings Time, the device will require the “clock summer-time …” command as shown as well.

Point being if I google my current Timezone UTC offset it shows -5, but that is not correct because its currently “Daylight Savings Time” or CDT, and I don’t want my time-zone to stay at -5 when it goes back to -6 when it’s back to CST (I am not a fan of time changing twice a year personally but that’s the config).

The final config before writing mem is to enable logging for the “sh logg” output at at a warning / level 4 and up level events, and give it 32mb of memory rather than the default 8192 and informational / level 7 events by default with just “logg buff” to just enable it completely default.

You can tell log levels by the console / terminal outputs # in it from an event:

SW1(config)#int gi0/1
SW1(config-if)#shut
SW1(config-if)#
.Jul 1 00:24:40.277: %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to administratively down
.Jul 1 00:24:41.277: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
SW1(config-if)#

I don’t want to see every time an interface is admin shutdown, so I go with level warn / 4 or above, here is a good way of remembering them from another TSHOOT post I wrote and actually made a graphic of that I never posted (but now posted up to LinkedIn):

LoggingMnemonic

However waaay off track, so back to the Netmiko scripting file #2

There is a secondary file in the script called “isov_l2_lan” that consists of this:

LanAuto4

The only real difference is that the Core is the NTP Master for the LAN switches, it points to an external atomic clock source, while the inside switches point to it for their time.

Note that timezone settings must be configured on every switch (as of this writing), as the NTP source will only provide, not the local timezone / Daylight Savings time.

I also of course enable logging level 4 with 32mb dedicated to buffered log events.

All that being said and reviewed, lets see if the script works as expected!

Success!!!!  :

LanAuto5

It first sets the Core SW1 as the NTP Master with an external clock source, then moves on to SW2 setting SW1 as its NTP Server / Enables logging, and the script was still running while I grabbed this screen snip and has now completed successfully!

Went to verify on SW5 and sure enough can see the console messages of automation:

LanAuto6

That is a great feeling to have come this far and have templates to play with version control (GIT) at some point not to far off in my DevNet studies, but for now I will shut this lab down and call it a night with my whole network not time synchronized and logging enabled for later troubleshooting like a proper LAN segment!

I am not entirely sure what is up next, but posts will be ramping up big time soon!

Here in the US we have 4th of July weekend coming up, which means no studying / outdoor fun in the sun time to recharge the battery, but I will probably crank out another lab before the weekend and there after I am not sure if I will stick with Python or get into some different DevNet topics like APIs or JSON / XML / YAML more in depth.

If I do not post before then, have a safe and great 4th of July Weekend here in the US and around the entire globe!

(Also as promised below is the code for the Python Script and config files)

Python Script:

from netmiko import ConnectHandler
iosv_l2_s1 = {
    ‘device_type’: ‘cisco_ios’,
    ‘ip’: ‘192.168.238.11’,
    ‘username’: ‘looped’,
    ‘password’: ‘back’
}
iosv_l2_s2 = {
    ‘device_type’: ‘cisco_ios’,
    ‘ip’: ‘192.168.238.22’,
    ‘username’: ‘looped’,
    ‘password’: ‘back’
}
iosv_l2_s3 = {
    ‘device_type’: ‘cisco_ios’,
    ‘ip’: ‘192.168.238.33’,
    ‘username’: ‘looped’,
    ‘password’: ‘back’
}
iosv_l2_s4 = {
    ‘device_type’: ‘cisco_ios’,
    ‘ip’: ‘192.168.238.44’,
    ‘username’: ‘looped’,
    ‘password’: ‘back’
}
iosv_l2_s5 = {
    ‘device_type’: ‘cisco_ios’,
    ‘ip’: ‘192.168.238.55’,
    ‘username’: ‘looped’,
    ‘password’: ‘back’
}
with open(‘iosv_l2_core’) as f:
    lines = f.read().splitlines()
print (lines)
all_devices = [iosv_l2_s1]
for devices in all_devices:
    net_connect = ConnectHandler(**devices)
    output = net_connect.send_config_set(lines)
    print (output)
with open(‘iosv_l2_lan’) as f:
    lines = f.read().splitlines()
print (lines)
all_devices = [iosv_l2_s2, iosv_l2_s3, iosv_l2_s4, iosv_l2_s5]
for devices in all_devices:
    net_connect = ConnectHandler(**devices)
    output = net_connect.send_config_set(lines)
    print (output)
Core Config:

ip name-server 8.8.8.8

ntp master
ntp server pool.ntp.org

clock timezone CDT -6
clock summer-time CDT recurring

logging buffered 32768 warnings

end
wr mem

LAN Config:

ip name-server 8.8.8.8

ntp server 192.168.238.11

clock timezone CDT -6
clock summer-time CDT recurring

logging buffered 32768 warnings

end
wr mem

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s