Parsing an Cisco-ACE-Configuration
I just had the need for a quite complex ACE-Configuration to visualize dependencies between all the VIPs, Serverfarms, RServers, Policies, Classes ... and so on ...
So I took the chance to write this little script, that takes an Ace-Running-Config and outputs and dotty file.
Dotty afterwards does the drawing part.
Download: aceparse.bash <- This file is probably old by now
You can follow the latest versions via git on: Gitweb
Usage:
$ aceparse.bash $INFILE $OUTFILE.dot
$ dot -Tpdf $OUTFILE.dot > $PDFFILE.pdf
Other ones, who have Configs they can show, please test or send them, so I can see, which features are used "in the wild" and should be implemented in the parser.
Features
- Reads currently a ~4.000 line ACE-Module-Config
- Produces Nodes and Edges from
- Policymaps
- Classmaps
- Servicepolicies
- VIPs
- Serverfarms
- Probes
- and Realservers
- Outputs to dot-file
- currently dot/graphviz can create quite large PDFs
- visually customizable Nodes
- completely written in BASH-Script
- implements a (not yet)complete Parser for the Cisco-configfile (yeah, thats work in progress ... At the moment its a "Works-For-Me")
Known Bugs/Issues
- lots ...
sometimes the graph looses its orientation from left to the right.
Thats somehow connected to the Fact, that a policy can link to a class and a class again can connect to a policy. To solve this I would not only parse the config syntactically but also semantically, which will be introduced when I have the time and need for that.
In large graphs one can hardly trace the edges, because multiple ones are overlapping.
Thats an issue with the routing algorithms of dot/graphviz. What I tried so far is to increase the distance between the nodes, so that the edges have more space to navigate. I believe I would need some more testing with dot, to find out, where to tweak this stuff.
Todo-List
- Documentation
- Code Cleanup
- allow anonymization of Nodes
- revert git integration in the script
- reengineer Debug-Facility