TCL Scripting for Cisco IOS

TCL Scripting for Cisco IOSPetr Grygárekrek© 2009 Petr Grygarek, Advanced Computer Networks Technologies 1

Automation using TCL Scriptiong• Network monitoring• Troubleshooting tools• Added intelligence© 2009 Petr Grygarek, Advanced Computer Networks Technologies2

Tool Command Language (TCL)•Invented by John K. Ousterhout,Berkeley, 1980s•Interpreted language•support for compilation into bytecode•Runtime available for many platforms•http://www.tcl.tk/© 2009 Petr Grygarek, Advanced Computer Networks Technologies3

Tool Command Language (TCL)•Invented by John K. Ousterhout,Berkeley, 1980s, http://www.tcl.tk/•Interpreted language•support for compilation into bytecode•Intended for scripting, rapidprototyping, embedding intoapplications, creation of GUIs (TCL/Tktoolkit)•Runtime engine available for manyplatforms© 2009 Petr Grygarek, Advanced Computer Networks Technologies4

TCL Basic Features(taken from http://en.wikipedia.org/wiki/Tcl)•Prefix command notation•variable number of arguments•No data types•all values treated as strings•Everything can be dynamically redefinedand overriden•Object-oriented extensions are available•Many extension libraries were developed© 2009 Petr Grygarek, Advanced Computer Networks Technologies5

•AppletsIOS Policies•sequences of IOS commands•Stored in device's running config•TCL Scripts•Programs in TCL•Stored on FLASH or external storage•Policies are subscribed with EmbeddedEvent Manager (EEM) to be activatedwhen specific event(s) occur(s)•They also can be activated manually© 2009 Petr Grygarek, Advanced Computer Networks Technologies6

Embedded EventManager•Detects interesting events•using Event Detectors•Triggers specific policy based when aspecific event (or combination ofevents) occurs© 2009 Petr Grygarek, Advanced Computer Networks Technologies7

Event Detectors•Monitor SW and HW components forspecific events•Examples of event detectors:•CLI,•Timer•Syslog•Object Tracking•interface state change detector•insertion/removal of module detector•...© 2009 Petr Grygarek, Advanced Computer Networks Technologies8

How to Execute TCLScript from Cisco IOS•tclsh flash0:myScript.tcl•TCL interactive shell mode: tclsh•Urecognized (i.e. non-TCL) commandsare passed to IOS CLI© 2009 Petr Grygarek, Advanced Computer Networks Technologies9

Basic TCL Commandsand Structures© 2009 Petr Grygarek, Advanced Computer Networks Technologies10

Getting Help•info commands•info exists •info args •info body •info globals•info varsCommand typed with wrong argument(s)make tclsh to display usage help# this is a comment© 2009 Petr Grygarek, Advanced Computer Networks Technologies11

set x 1puts $xAssignments, Expressions,Displaying Outputsset x [expr $x+1]puts $xincr x -10set p1 kocourset p2 mourset p3 "$p1 $p2" -> kocour mour© 2009 Petr Grygarek, Advanced Computer Networks Technologies12

“printf-like” OutputFormattingset a 1set s kocourset f [format "int: %d, string: %s" $a $s]f now contains “int: 1, string: kocour”Text in [] is replaced with result ofexecuted TCL code contained in block© 2009 Petr Grygarek, Advanced Computer Networks Technologies13

Arrays•Array is treated as set of associated pairs•no space pre-allocation•keys of any typeset a(1) 10set a(dog) Zerykputs $a(1) -> 10puts $a(dog) -> Zerykputs $a(2) -> can't read "a(2)": no such element in arrayarray set a “kocour mour number 2”puts $a(kocour) -> mourputs $a(number) -> 2© 2009 Petr Grygarek, Advanced Computer Networks Technologies15

Lists•List is a string consisting of valuesseparated by whitespaces.•List manipulation functions:•Llength,•lappend, linsert, lreplace, lrange•lindex, lsearch,•lsort© 2009 Petr Grygarek, Advanced Computer Networks Technologies18

Conditional Executionset x 1if {$x < 10} { puts LESS }else { puts GREATER }-> LESS© 2009 Petr Grygarek, Advanced Computer Networks Technologies20

set fd [open flash:f.txt w]puts $fd kocourputs $fd mourclose $fdRouter# more flash:f.txtset fd [open flash:f.txt r]Fileswhile { [gets $fd line] > 0 } { puts $line }close $fdtell $fd, seek $fd file e.g. file delete flash:f.txt© 2009 Petr Grygarek, Advanced Computer Networks Technologies22

Handling Script Argumentssample.tcl:puts "\n"puts "Argument count: $argc"puts "Argv0: $argv0"puts "Argv: $argv"puts "Individual arguments:"foreach {iterVar} $argv { puts $iterVar }router #tclsh http://10.0.0.2/sample.tcl aaa bbb ccc-> Argument count: 3Argv0: http://10.0.0.2/kocour.tclArgv: aaa bbb cccIndividual arguments:aaabbbccc© 2009 Petr Grygarek, Advanced Computer Networks Technologies23

Interactions between TCLPolicies and IOS CLI© 2009 Petr Grygarek, Advanced Computer Networks Technologies24

Running TCL Scripts•From TCL shell•“source” TCL commandrouter(tcl)#source flash:mysrc.tclrouter(tcl)#source http://10.0.0.2/kocour.tcl•From IOS exec mode•“tclsh” command followed by script namerouter#tclsh http://10.0.0.2/kocour.tcl args•Arguments cannot be passed to scriptusing source command•Multiple scripts may run in parallel.© 2009 Petr Grygarek, Advanced Computer Networks Technologies25

Exec Mode Commands•log_user 0/1 - disables/enables displayingof CLI commands outputs•set cliOutput [exec "sh ip interface brief"]– works both in interactive TCL shell andTCL scripts© 2009 Petr Grygarek, Advanced Computer Networks Technologies26

Config Mode Commands(TCL Shell)ios_config "hostname MYNAME"ios_config "router rip" "network10.0.0.0" "end"•It is recommended to exit from TCLshell for the configuration changes totake effect•Always end the configurationcommands with end to avoid locking© 2009 Petr Grygarek, Advanced Computer Networks Technologies27

Config Mode Commands(EEM TCL Policies)•FD-style functions•cli_open, cli_write, cli_read, cli_exec•cli_exec = cli_write + cli_read•Work in TCL scripts, NOT ininteractive TCL shell.•On the other hand, ios_config doesNOT work in TCL scripts (?)© 2009 Petr Grygarek, Advanced Computer Networks Technologies28

Dealing with InteractiveCommandsRouter(tcl)#typeahead \n\n\nRouter(tcl)#exec "copy run flash:x.x"•Does not work in TCL Shellinteractive mode•Alternative: file prompt quiet IOScomand© 2009 Petr Grygarek, Advanced Computer Networks Technologies29

Policy Registration with EEM•Either applet or TCL script may beregistered to be activated when anevent is detectedevent manager directory user policy flash:/scriptsevent manager policy myScript.tcl•Specification of the event to triggerthe policy is defined at the beginningof policy's TCL script:•::cisco::eem::event_register_timer cron namemyCron1 cron_entry "0-59 0-23 * * 0-7"© 2009 Petr Grygarek, Advanced Computer Networks Technologies30

Checking Registered Policies•show event manager policy available[user | system]•show event manager policyregistered•sh event manager history eventEEM policies have to be stored on some localfilesystem to ensure their availability regardless ofthe current state of the connectivity to anyexternal storage server.© 2009 Petr Grygarek, Advanced Computer Networks Technologies31

Manual Policy Launching•event manager run myScript.tcl•only applicable for policies registeredwith none event© 2009 Petr Grygarek, Advanced Computer Networks Technologies32

Specification of Policy'sEnvironment•Router(config)#event managerenvironment myVariable myValue•Router(config)#event managersession cli username kocour•sh event manager session cliusername© 2009 Petr Grygarek, Advanced Computer Networks Technologies33

Example Policy(launched manually)::cisco::eem::event_register_nonenamespace import ::cisco::eem::*namespace import ::cisco::lib::*array set cliconn [ cli_open ]puts $cliconncli_exec $cliconn(fd) "hostnameCHANGED-NAME"cli_close $cliconn(fd)© 2009 Petr Grygarek, Advanced Computer Networks Technologies34

EEM Applets•Definition consists of•Events to be detected to trigger theapplet•available events may vary with different IOS/EEM versions•Sequence of IOS commands to beexecuted•Sorted lexicographically according to linetags© 2009 Petr Grygarek, Advanced Computer Networks Technologies35

Most Interesting SupportedFeatures (1)• Reaction to composite events• Reacting to interface status change• Processing of RIB change events• Reacting to IOS object status change•Enhanced Object Tracking• Reacting to Syslog messages• Reacting to increased resource utilization (CPU,memory, ...)• Integration with SLA monitoring• Timers & Counters events© 2009 Petr Grygarek, Advanced Computer Networks Technologies36

Most Interesting SupportedFeatures (2)• Sockets Library• SNMP Library (outgoing/incoming messages)• SMTP Library• Integration with Netflow• CLI library & events•issuing IOS exec and config commands•interception of command handling process•creation of user commands and/or extendingcommand parameters© 2009 Petr Grygarek, Advanced Computer Networks Technologies37

Most Interesting SupportedFeatures (3)• Messaging between policies running in parallel,policy synchronization• Policy priorization•multiple scheduling queues, nice, ...• Persistent storage to keep script's internal statebetween runs• Remote Procedure Call (RPC)• XML-PI• TCL scripts debugging support© 2009 Petr Grygarek, Advanced Computer Networks Technologies38

References•Summarized athttp://wh.cs.vsb.cz/sps/index.php/TCL_scripting_on_Cisco_IOS© 2009 Petr Grygarek, Advanced Computer Networks Technologies39