{ "cells": [ { "cell_type": "code", "execution_count": 1, "metadata": { "nbsphinx": "hidden" }, "outputs": [], "source": [ "import pandas as pd\n", "from pybatfish.client.session import Session\n", "from pybatfish.datamodel import *\n", "\n", "pd.set_option(\"display.width\", 300) \n", "pd.set_option(\"display.max_columns\", 30) \n", "pd.set_option(\"display.max_rows\", 1000) \n", "pd.set_option(\"display.max_colwidth\", None)\n", "\n", "# Configure all pybatfish loggers to use WARN level\n", "import logging\n", "logging.getLogger('pybatfish').setLevel(logging.WARN)" ] }, { "cell_type": "code", "execution_count": 2, "metadata": { "nbsphinx": "hidden" }, "outputs": [], "source": [ "bf = Session(host=\"localhost\")\n", "\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "#### IPSec Tunnels" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "This category of questions allows you to query IPSec sessions and tunnels.\n" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "* [IPSec Session Status](#IPSec-Session-Status)\n", "* [IPSec Edges](#IPSec-Edges)" ] }, { "cell_type": "code", "execution_count": 3, "metadata": { "nbsphinx": "hidden" }, "outputs": [ { "data": { "text/plain": [ "'generate_questions'" ] }, "execution_count": 1, "metadata": {}, "output_type": "execute_result" } ], "source": [ "bf.set_network('generate_questions')" ] }, { "cell_type": "code", "execution_count": 4, "metadata": { "nbsphinx": "hidden" }, "outputs": [ { "data": { "text/plain": [ "'hybridcloud'" ] }, "execution_count": 1, "metadata": {}, "output_type": "execute_result" } ], "source": [ "bf.set_snapshot('hybridcloud')" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "##### IPSec Session Status" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "Returns the status of configured IPSec sessions." ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "Shows configuration settings and status for each configured IPSec tunnel in the network. The status is IPSEC_SESSION_ESTABLISHED for tunnels that are expected to be established; it is IKE_PHASE1_FAILED if IKE parameters negotiation failed; it is IKE_PHASE1_KEY_MISMATCH if IKE negotiation was successful but IKE keys do not match; it is IPSEC_PHASE2_FAILED if negotiation of IPsec parameters failed; and it is MISSING_END_POINT if the remote endpoint for a configured IPsec tunnel could not be found in the network." ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "###### **Inputs**" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "Name | Description | Type | Optional | Default Value\n", "--- | --- | --- | --- | --- \n", "nodes | Include sessions whose first node matches this specifier. | [NodeSpec](../specifiers.md#node-specifier) | True | \n", "remoteNodes | Include sessions whose second node matches this specifier. | [NodeSpec](../specifiers.md#node-specifier) | True | \n", "status | Only include IPSec sessions for which status matches this specifier. | [IpsecSessionStatusSpec](../specifiers.md#ipsec-session-status-specifier) | True | " ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "###### **Invocation**" ] }, { "cell_type": "code", "execution_count": 5, "metadata": {}, "outputs": [], "source": [ "result = bf.q.ipsecSessionStatus().answer().frame()" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "###### **Return Value**" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "Name | Description | Type\n", "--- | --- | ---\n", "Node | IPSec initiator | str\n", "Node_Interface | Initiator Interface | [Interface](../datamodel.rst#pybatfish.datamodel.primitives.Interface)\n", "Node_IP | Initiator IP | str\n", "Remote_Node | IPSec responder | str\n", "Remote_Node_Interface | Responder Interface | [Interface](../datamodel.rst#pybatfish.datamodel.primitives.Interface)\n", "Remote_Node_IP | Responder IP | str\n", "Tunnel_Interfaces | Tunnel interfaces pair used in peering session | str\n", "Status | IPSec session status | str" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "Print the first 5 rows of the returned Dataframe" ] }, { "cell_type": "code", "execution_count": 6, "metadata": {}, "outputs": [ { "data": { "text/html": [ "
\n", "\n", "\n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", "
NodeNode_InterfaceNode_IPRemote_NodeRemote_Node_InterfaceRemote_Node_IPTunnel_InterfacesStatus
0exitgwexitgw[GigabitEthernet3]147.75.69.27tgw-06b348adabd13452dtgw-06b348adabd13452d[external-vpn-01c45673532d3e33e-1]3.19.24.131Tunnel1 -> vpn-vpn-01c45673532d3e33e-1IPSEC_SESSION_ESTABLISHED
1exitgwexitgw[GigabitEthernet3]147.75.69.27tgw-06b348adabd13452dtgw-06b348adabd13452d[external-vpn-01c45673532d3e33e-2]52.14.53.162Tunnel2 -> vpn-vpn-01c45673532d3e33e-2IPSEC_SESSION_ESTABLISHED
2exitgwexitgw[GigabitEthernet3]147.75.69.27tgw-0888a76c8a371246dtgw-0888a76c8a371246d[external-vpn-0dc7abdb974ff8a69-1]34.209.88.227Tunnel3 -> vpn-vpn-0dc7abdb974ff8a69-1IPSEC_SESSION_ESTABLISHED
3exitgwexitgw[GigabitEthernet3]147.75.69.27tgw-0888a76c8a371246dtgw-0888a76c8a371246d[external-vpn-0dc7abdb974ff8a69-2]44.227.244.7Tunnel4 -> vpn-vpn-0dc7abdb974ff8a69-2IPSEC_SESSION_ESTABLISHED
4tgw-06b348adabd13452dtgw-06b348adabd13452d[external-vpn-01c45673532d3e33e-1]3.19.24.131exitgwexitgw[GigabitEthernet3]147.75.69.27vpn-vpn-01c45673532d3e33e-1 -> Tunnel1IPSEC_SESSION_ESTABLISHED
\n", "
" ], "text/plain": [ " Node Node_Interface Node_IP Remote_Node Remote_Node_Interface Remote_Node_IP Tunnel_Interfaces Status\n", "0 exitgw exitgw[GigabitEthernet3] 147.75.69.27 tgw-06b348adabd13452d tgw-06b348adabd13452d[external-vpn-01c45673532d3e33e-1] 3.19.24.131 Tunnel1 -> vpn-vpn-01c45673532d3e33e-1 IPSEC_SESSION_ESTABLISHED\n", "1 exitgw exitgw[GigabitEthernet3] 147.75.69.27 tgw-06b348adabd13452d tgw-06b348adabd13452d[external-vpn-01c45673532d3e33e-2] 52.14.53.162 Tunnel2 -> vpn-vpn-01c45673532d3e33e-2 IPSEC_SESSION_ESTABLISHED\n", "2 exitgw exitgw[GigabitEthernet3] 147.75.69.27 tgw-0888a76c8a371246d tgw-0888a76c8a371246d[external-vpn-0dc7abdb974ff8a69-1] 34.209.88.227 Tunnel3 -> vpn-vpn-0dc7abdb974ff8a69-1 IPSEC_SESSION_ESTABLISHED\n", "3 exitgw exitgw[GigabitEthernet3] 147.75.69.27 tgw-0888a76c8a371246d tgw-0888a76c8a371246d[external-vpn-0dc7abdb974ff8a69-2] 44.227.244.7 Tunnel4 -> vpn-vpn-0dc7abdb974ff8a69-2 IPSEC_SESSION_ESTABLISHED\n", "4 tgw-06b348adabd13452d tgw-06b348adabd13452d[external-vpn-01c45673532d3e33e-1] 3.19.24.131 exitgw exitgw[GigabitEthernet3] 147.75.69.27 vpn-vpn-01c45673532d3e33e-1 -> Tunnel1 IPSEC_SESSION_ESTABLISHED" ] }, "execution_count": 1, "metadata": {}, "output_type": "execute_result" } ], "source": [ "result.head(5)" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "Print the first row of the returned Dataframe" ] }, { "cell_type": "code", "execution_count": 7, "metadata": {}, "outputs": [ { "data": { "text/plain": [ "Node exitgw\n", "Node_Interface exitgw[GigabitEthernet3]\n", "Node_IP 147.75.69.27\n", "Remote_Node tgw-06b348adabd13452d\n", "Remote_Node_Interface tgw-06b348adabd13452d[external-vpn-01c45673532d3e33e-1]\n", "Remote_Node_IP 3.19.24.131\n", "Tunnel_Interfaces Tunnel1 -> vpn-vpn-01c45673532d3e33e-1\n", "Status IPSEC_SESSION_ESTABLISHED\n", "Name: 0, dtype: object" ] }, "execution_count": 1, "metadata": {}, "output_type": "execute_result" } ], "source": [ "result.iloc[0]" ] }, { "cell_type": "code", "execution_count": 8, "metadata": { "nbsphinx": "hidden" }, "outputs": [ { "data": { "text/plain": [ "'generate_questions'" ] }, "execution_count": 1, "metadata": {}, "output_type": "execute_result" } ], "source": [ "bf.set_network('generate_questions')" ] }, { "cell_type": "code", "execution_count": 9, "metadata": { "nbsphinx": "hidden" }, "outputs": [ { "data": { "text/plain": [ "'hybridcloud'" ] }, "execution_count": 1, "metadata": {}, "output_type": "execute_result" } ], "source": [ "bf.set_snapshot('hybridcloud')" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "##### IPSec Edges" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "Returns IPSec tunnels." ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "Lists all IPSec tunnels in the network." ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "###### **Inputs**" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "Name | Description | Type | Optional | Default Value\n", "--- | --- | --- | --- | --- \n", "nodes | Include tunnels whose first node matches this name or regex. | [NodeSpec](../specifiers.md#node-specifier) | True | .*\n", "remoteNodes | Include tunnels whose second node matches this name or regex. | [NodeSpec](../specifiers.md#node-specifier) | True | .*" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "###### **Invocation**" ] }, { "cell_type": "code", "execution_count": 10, "metadata": {}, "outputs": [], "source": [ "result = bf.q.ipsecEdges().answer().frame()" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "###### **Return Value**" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "Name | Description | Type\n", "--- | --- | ---\n", "Source_Interface | Source interface used in the IPsec session | [Interface](../datamodel.rst#pybatfish.datamodel.primitives.Interface)\n", "Tunnel_Interface | Tunnel interface (if any) used in the IPsec session | [Interface](../datamodel.rst#pybatfish.datamodel.primitives.Interface)\n", "Remote_Source_Interface | Remote source interface used in the IPsec session | [Interface](../datamodel.rst#pybatfish.datamodel.primitives.Interface)\n", "Remote_Tunnel_Interface | Remote tunnel interface (if any) used in the IPsec session | [Interface](../datamodel.rst#pybatfish.datamodel.primitives.Interface)" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "Print the first 5 rows of the returned Dataframe" ] }, { "cell_type": "code", "execution_count": 11, "metadata": {}, "outputs": [ { "data": { "text/html": [ "
\n", "\n", "\n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", "
Source_InterfaceTunnel_InterfaceRemote_Source_InterfaceRemote_Tunnel_Interface
0tgw-06b348adabd13452d[external-vpn-01c45673532d3e33e-1]tgw-06b348adabd13452d[vpn-vpn-01c45673532d3e33e-1]exitgw[GigabitEthernet3]exitgw[Tunnel1]
1tgw-0888a76c8a371246d[external-vpn-0dc7abdb974ff8a69-1]tgw-0888a76c8a371246d[vpn-vpn-0dc7abdb974ff8a69-1]exitgw[GigabitEthernet3]exitgw[Tunnel3]
2tgw-06b348adabd13452d[external-vpn-01c45673532d3e33e-2]tgw-06b348adabd13452d[vpn-vpn-01c45673532d3e33e-2]exitgw[GigabitEthernet3]exitgw[Tunnel2]
3exitgw[GigabitEthernet3]exitgw[Tunnel4]tgw-0888a76c8a371246d[external-vpn-0dc7abdb974ff8a69-2]tgw-0888a76c8a371246d[vpn-vpn-0dc7abdb974ff8a69-2]
4tgw-0888a76c8a371246d[external-vpn-0dc7abdb974ff8a69-2]tgw-0888a76c8a371246d[vpn-vpn-0dc7abdb974ff8a69-2]exitgw[GigabitEthernet3]exitgw[Tunnel4]
\n", "
" ], "text/plain": [ " Source_Interface Tunnel_Interface Remote_Source_Interface Remote_Tunnel_Interface\n", "0 tgw-06b348adabd13452d[external-vpn-01c45673532d3e33e-1] tgw-06b348adabd13452d[vpn-vpn-01c45673532d3e33e-1] exitgw[GigabitEthernet3] exitgw[Tunnel1]\n", "1 tgw-0888a76c8a371246d[external-vpn-0dc7abdb974ff8a69-1] tgw-0888a76c8a371246d[vpn-vpn-0dc7abdb974ff8a69-1] exitgw[GigabitEthernet3] exitgw[Tunnel3]\n", "2 tgw-06b348adabd13452d[external-vpn-01c45673532d3e33e-2] tgw-06b348adabd13452d[vpn-vpn-01c45673532d3e33e-2] exitgw[GigabitEthernet3] exitgw[Tunnel2]\n", "3 exitgw[GigabitEthernet3] exitgw[Tunnel4] tgw-0888a76c8a371246d[external-vpn-0dc7abdb974ff8a69-2] tgw-0888a76c8a371246d[vpn-vpn-0dc7abdb974ff8a69-2]\n", "4 tgw-0888a76c8a371246d[external-vpn-0dc7abdb974ff8a69-2] tgw-0888a76c8a371246d[vpn-vpn-0dc7abdb974ff8a69-2] exitgw[GigabitEthernet3] exitgw[Tunnel4]" ] }, "execution_count": 1, "metadata": {}, "output_type": "execute_result" } ], "source": [ "result.head(5)" ] }, { "cell_type": "markdown", "metadata": {}, "source": [ "Print the first row of the returned Dataframe" ] }, { "cell_type": "code", "execution_count": 12, "metadata": {}, "outputs": [ { "data": { "text/plain": [ "Source_Interface tgw-06b348adabd13452d[external-vpn-01c45673532d3e33e-1]\n", "Tunnel_Interface tgw-06b348adabd13452d[vpn-vpn-01c45673532d3e33e-1]\n", "Remote_Source_Interface exitgw[GigabitEthernet3]\n", "Remote_Tunnel_Interface exitgw[Tunnel1]\n", "Name: 0, dtype: object" ] }, "execution_count": 1, "metadata": {}, "output_type": "execute_result" } ], "source": [ "result.iloc[0]" ] } ], "metadata": { "celltoolbar": "Edit Metadata", "hide_input": false, "kernelspec": { "display_name": "Python 3 (ipykernel)", "language": "python", "name": "python3" }, "language_info": { "codemirror_mode": { "name": "ipython", "version": 3 }, "file_extension": ".py", "mimetype": "text/x-python", "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", "version": "3.7.6" } }, "nbformat": 4, "nbformat_minor": 2 }