Posts tagged with Cisco

Finding overlaps in address space

February 24th, 2014

We have an interesting problem at my workplace, we have an MPLS VPN design for separation of security zones (e.g., staff from students.) and we don’t have MPLS support on our edge. With a L3 to the edge design though this means that while every edge switch has its own address space (per VRF), it also has a /30 uplink (once again, per VRF) back to the PE device.

While this (rightly or wrongly decided) slightly more complicated design in itself isn’t a problem, I’ve been working on programatically putting all of this data into an IPAM (IP Address Management) solution. Doing this from the devices themselves (as apposed to a spreadsheet where it was previously kept) has provided the best way moving forward, so good in fact, that my IPAM started throwing exceptions when duplicate IP addresses and overlapping spaces were attempted to be added in the system.

The following Python script uses my Cisco IOS python library to be able to identify IP address overlaps from a bunch of my saved device configs.

It works by the following:

  1. Adds all L3 interfaces addresses and secondary addresses to a list
  2. Sorts list such that larger subnets are at the front, smaller (/32′s and the such) are at the back of the list.
  3. Walks through each subnet, if the network addresses is not in the routing table, add it in, if it is, add it to a list of colliding subnets.
  4. With the list of colliding subnets (subnets that have been multiply defined, or are of overlapping size):
    1. If they are /30′s and there are only two places of definition, skip
    2. if the subnet values are not equal OR an address appears twice in the subnet.  Print it out as a colliding address (space)

You can find the script as a ghist here (note:  This assumes the devices have been picked and loaded as a Picked list of IOSDevice’s)

What is Anycast?

April 9th, 2013

I’ve never found a really simple video on what exactly Anycast is with a basic examples when exploring the concepts.  I decided to lab it up and figured this might help some of you starting out with the concepts.  Any comments feel free to let me know!

Config Attached for IOS lab HERE.

My experiences of managing a Cisco switch with Puppet

December 8th, 2012

One recent pet gripe of mine has been having to add a new VLAN into our datacenter for our vSphere platform.  Not that I trust my DCs switches with puppet just yet, this is a proof of concept post about how we could be using puppet to centrally manage this configuration and push it out across our DC.

Read more »