A perl script to convert Cisco IOS/Nexus/ASA configurations to HTML for easier comprehension

Jesse McGraw jlmcgraw at gmail.com
Thu Oct 6 20:26:48 UTC 2016


Nanog,

     (This is me scratching an itch of my own and hoping that sharing it 
might be useful to others on this list.  Apologies if it isn't)

   When I'm trying to comprehend a new or complicated Cisco router, 
switch or firewall configuration an old pet-peeve of mine is how 
needlessly difficult it is to follow deeply nested logic in route-maps, 
ACLs, QoS policy-maps etc etc

To make this a bit simpler I’ve been working on a perl script to convert 
these text-based configuration files into HTML with links between the 
different elements (e.g. To an access-list from the interface where it’s 
applied, from policy-maps to class-maps etc), hopefully making it easier 
to to follow the chain of logic via clicking links and using the forward 
and back buttons in your browser to go back and forth between command 
and referenced list.


I've put the script itself up here 
<https://github.com/jlmcgraw/network_configuration_navigator>:
https://github.com/jlmcgraw/network_configuration_navigator

See here 
<ttp://htmlpreview.github.com/?https://github.com/jlmcgraw/network_configuration_navigator/blob/master/examples/html_test_case_1.cfg.html> 
for output examples
http://htmlpreview.github.com/?https://github.com/jlmcgraw/network_configuration_navigator/blob/master/examples/html_test_case_1.cfg.html

Here's a quick web demo <https://hidden-waters-8218.herokuapp.com/> on 
Heroku
https://hidden-waters-8218.herokuapp.com/
     (This is just a simple web front-end to the script.  I'm not a 
web-savvy guy so I'm sure it's poorly coded and terribly insecure.
     Please don't upload anything sensitive to this, it's just for testing!)

I know there is a lot of stuff that could be done better so let me know 
if you think of anything new or notice something I’ve done wrong.

One unexpected thing that has come out of this script is the ability to 
catch items that are defined but never actually used, whether it's due 
to a fat-finger or just being leftover cruft. This has proven very 
valuable in catching mistakes that are otherwise hard to spot.  
Unfortunately the script can't currently catch the inverse (things that 
are called but never defined) due to the way the regexes are constructed

Surely this has all been done before but I couldn't find anything in a 
few brief moments of searching so here we are.

-Jesse



Notes:
     See the box on the right for a key and links to jump to the first 
line of the various types of sections or unused items

     There are some command-line options for reformatting (make some 
numbers that are hard to read into more human-readable ones, add colors 
to permits/denies, scrub sensitive info etc, remove some redundancy).  
Try and see what you like.

     If you run it against multiple configuration files at once it will 
also attempt to link between them when applicable (e.g. BGP neighbors, 
route next hops, interfaces on the same subnet etc).  I regularly use it 
on a ~900 configuration files set with no problems

     Developed under Ubuntu Linux, somewhat tested on Windows but not at 
all on OS

     Based on configs that I work with so it doesn't cover all possible 
commands.  Send patches!



More information about the NANOG mailing list