Parsing an Cisco-ACE-Configuration

I just had the need for a quite complex ACE-Configuration to visualize dependencies between all the VIPs, Serverfarms, RServers, Policies, Classes ... and so on ...

So I took the chance to write this little script, that takes an Ace-Running-Config and outputs and dotty file.

Dotty afterwards does the drawing part.

Download: aceparse.bash <- This file is probably old by now

You can follow the latest versions via git on: Gitweb


 $ aceparse.bash $INFILE $
 $ dot -Tpdf $ > $PDFFILE.pdf

Other ones, who have Configs they can show, please test or send them, so I can see, which features are used "in the wild" and should be implemented in the parser.


  • Reads currently a ~4.000 line ACE-Module-Config
  • Produces Nodes and Edges from
    • Policymaps
    • Classmaps
    • Servicepolicies
    • VIPs
    • Serverfarms
    • Probes
    • and Realservers
  • Outputs to dot-file
  • currently dot/graphviz can create quite large PDFs
  • visually customizable Nodes
  • completely written in BASH-Script
  • implements a (not yet)complete Parser for the Cisco-configfile (yeah, thats work in progress ... At the moment its a "Works-For-Me")

Known Bugs/Issues

  • lots ...
  • sometimes the graph looses its orientation from left to the right.

    Thats somehow connected to the Fact, that a policy can link to a class and a class again can connect to a policy. To solve this I would not only parse the config syntactically but also semantically, which will be introduced when I have the time and need for that.

  • In large graphs one can hardly trace the edges, because multiple ones are overlapping.

    Thats an issue with the routing algorithms of dot/graphviz. What I tried so far is to increase the distance between the nodes, so that the edges have more space to navigate. I believe I would need some more testing with dot, to find out, where to tweak this stuff.


  • Documentation
  • Code Cleanup
  • allow anonymization of Nodes
  • revert git integration in the script
  • reengineer Debug-Facility