Skip to Content.
Sympa Menu

rare-dev - Re: [rare-dev] acls in table format instead of text

Subject: Rare project developers

List archive

Re: [rare-dev] acls in table format instead of text


Chronological Thread 
    < Chronological >      < Thread >
  • From: Carmen Misa Moreira <>
  • To: <>
  • Subject: Re: [rare-dev] acls in table format instead of text
  • Date: Wed, 16 Mar 2022 14:06:37 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 188.184.36.17) smtp.rcpttodomain=lists.geant.org smtp.mailfrom=cern.ch; dmarc=bestguesspass action=none header.from=cern.ch; dkim=none (message not signed); arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=M3AQKJOgadxDcXvOpAwgrPAuE1Cb6ytaJHADDyqQ1JE=; b=AutVNhy9uf/8C7giatKInu4XeUlCmmU20XuhvBP60QLm/PYMvwuBTuzPNoBTx2wwpSeJhGkCY/ihkLuKvq1O0E+xDsbptZgV3LtNkVkRLc3HtXn4muuxkVz0jxdz+QMshVWl8zAMZE7V7z2mzUE4jx7SLboP5KDi0zB2c1mQ/nt3Wd0ixdoPo0inrKzwrLDlHLxsVcbn+Lgi35ZGxInL4Xi3l1KtWuSStA+Ik1zSgDymCb0I1CQDOEHuvg8uLcC+tqgpjNSzFWgUTaKWozVdUt9Uj7JhVOUElUoECTYfuQ04PsjPnQJSLVAs4PD8oPzpY4T4i5hn00w33WVdwbWTYg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PYB9xgyESrXIW7P+y2P8U6B9C2yu2Beck9sGfUmblOdomskEBluS3wiiGnRagcNLD8xOR52WlbIopOneTpCTceMQ+YvOql5PX4Talp7Ie1Dz8eH9K1ydjV3jdtysoxNXzmpLdDPFAzPcVAIWBLKPoquiLlpS15pbGMmbJroBoExEeB+bhsDxbD8Q+mhjq4BALBuG+ahRbRWRoflIIbsny76U+t+P/6GmyLcof3zEt1GfcisJVDB/ptn9Hj1ISXgGZLimn94+nnyK+MinAOJDR0UWbNlCY1sLv884fXPGDY8pbYYzRYjtDvnkixHCRGpc1Np1NRGXhwvkVHVNT5m28Q==
Hi Csaba,


This is the sensor for the access-list:

E513-E-YECWH-1#show run ifaces-acl
sensor ifaces-acl
 path ifaces-acl/ifaces-acl
 prefix ifaces-acl
 prepend ifaces_acl_
 command show access-list acl_all_ipv6_flowlabels
 name 0 seq=
 key ifaces-acl ifaces-acl/ifaces-acl
 replace \. _
 replace \/ _
 column 1 name txb
 column 1 split + typ="sw" typ="hw"
 column 2 name txp
 column 2 split + typ="sw" typ="hw"
 column 3 name rxb
 column 3 split + typ="sw" typ="hw"
 column 4 name rxp
 column 4 split + typ="sw" typ="hw"
 column 5 name last
 column 6 name timout
 column 7 name cfg
 exit


And the previous sensor for packets and bytes:

sensor ifaces-hw
 path interfaces-hw/interface/counter
 prefix freertr-ifaces
 prepend iface_hw_byte_
 command sho inter hwsumm
 name 0 ifc=
 key name interfaces-hw/interface
 replace \. _
 column 1 name st
 column 1 replace admin -1
 column 1 replace down 0
 column 1 replace up 1
 column 2 name tx
 column 3 name rx
 column 4 name dr
 exit
sensor ifaces-hwp
 path interfaces-hwp/interface/counter
 prefix freertr-ifaces
 prepend iface_hw_pack_
 command sho inter hwpsumm
 name 0 ifc=
 key name interfaces-hwp/interface
 replace \. _
 column 1 name st
 column 1 replace admin -1
 column 1 replace down 0
 column 1 replace up 1
 column 2 name tx
 column 3 name rx
 column 4 name dr
 exit
sensor ifaces-sw
 path interfaces-sw/interface/counter
 prefix freertr-ifaces
 prepend iface_sw_byte_
 command sho inter swsumm
 name 0 ifc=
 key name interfaces-sw/interface
 replace \. _
 column 1 name st
 column 1 replace admin -1
 column 1 replace down 0
 column 1 replace up 1
 column 2 name tx
 column 3 name rx
 column 4 name dr
 exit
sensor ifaces-swp
 path interfaces-swp/interface/counter
 prefix freertr-ifaces
 prepend iface_sw_pack_
 command sho inter swpsumm
 name 0 ifc=
 key name interfaces-swp/interface
 replace \. _
 column 1 name st
 column 1 replace admin -1
 column 1 replace down 0
 column 1 replace up 1
 column 2 name tx
 column 3 name rx
 column 4 name dr
 exit


Regards,

Carmen Misa


On 16.03.22 13:31, mc36 wrote:
hi,
well done!
please note that i did not liked the format so i added an extra banner line, this is how it looks like for now:

mchome#show access-list nat4
     tx          rx                       timers
seq  byte  pack  byte           pack      last      timout    cfg
10   0+0   0+0   172724+137385  1089+574  00:00:00  00:00:00  all 10.0.0.0 255.0.0.0 all 10.0.0.0 255.0.0.0 all
20   0+0   0+0   4504+2132      87+41     00:00:03  00:00:00  all any all 224.0.0.0 240.0.0.0 all
30   0+0   0+0   8160+7800      136+130   00:00:01  00:00:00  all 10.0.0.0 255.0.0.0 all any all

mchome#

so you'll need to add "skip 2" to your sensors definition for it to work after the next upgrade....

also plesae send your sendors config for others to be able to use it....
(i'll put it right to the source tree plus i'll add contributions knob to your name at the greetings page)
thanks,
cs


On 3/16/22 11:54, Carmen Misa Moreira wrote:
Hi Csaba,


This are the current values on the counters:

E513-E-YECWH-1#show access-list acl_all_ipv6_flowlabels
seq   txb   txp   rxb               rxp         last timout       cfg
10     0+0   0+0   0+3468         0+34       00:11:57 00:00:00   permit all any all any all flow 131072&261632
20     0+0   0+0   0+2346         0+23       00:13:28 00:00:00   permit all any all any all flow 65540&261884
30     0+0   0+0   816+61487   12+578   00:00:18   00:00:00 permit all any all any all


And they seems to be properly exported by the sensor:

E513-E-YECWH-1#show sensor ifaces-acl
command=show access-list acl_all_ipv6_flowlabels
path=ifaces-acl/ifaces-acl
prefix=ifaces-acl
asked=47 times
reply=21 ms
output:
seq;txb;txp;rxb;rxp;last;timout;cfg
10;0+0;0+0;0+3468;0+34;00:08:12;00:00:00;permit all any all any all flow 131072&261632
20;0+0;0+0;0+2346;0+23;00:09:43;00:00:00;permit all any all any all flow 65540&261884
30;0+0;0+0;816+56229;12+526;00:00:06;00:00:00;permit all any all any all
yang:
module ifaces-acl {
    namespace "http://www.freertr.net/yang/ifaces-acl";;
    prefix "ifaces-acl";
    container ifaces-acl {
        list ifaces-acl {
            leaf txbtyp="sw" {
                type uint64;
            }
            leaf txbtype="hw" {
                type uint64;
            }
            leaf txptyp="sw" {
                type uint64;
            }
            leaf txptype="hw" {
                type uint64;
            }
            leaf rxbtyp="sw" {
                type uint64;
            }
            leaf rxbtype="hw" {
                type uint64;
            }
            leaf rxptyp="sw" {
                type uint64;
            }
            leaf rxptype="hw" {
                type uint64;
            }
        }
    }
}
prometheus:
# HELP ifaces_acl_txb column 1 of show access-list acl_all_ipv6_flowlabels
# TYPE ifaces_acl_txb gauge
ifaces_acl_txb{seq="10",typ="sw"} 0
ifaces_acl_txb{seq="10",type="hw"} 0
# HELP ifaces_acl_txp column 2 of show access-list acl_all_ipv6_flowlabels
# TYPE ifaces_acl_txp gauge
ifaces_acl_txp{seq="10",typ="sw"} 0
ifaces_acl_txp{seq="10",type="hw"} 0
# HELP ifaces_acl_rxb column 3 of show access-list acl_all_ipv6_flowlabels
# TYPE ifaces_acl_rxb gauge
ifaces_acl_rxb{seq="10",typ="sw"} 0
ifaces_acl_rxb{seq="10",type="hw"} 3468
# HELP ifaces_acl_rxp column 4 of show access-list acl_all_ipv6_flowlabels
# TYPE ifaces_acl_rxp gauge
ifaces_acl_rxp{seq="10",typ="sw"} 0
ifaces_acl_rxp{seq="10",type="hw"} 34
ifaces_acl_txb{seq="20",typ="sw"} 0
ifaces_acl_txb{seq="20",type="hw"} 0
ifaces_acl_txp{seq="20",typ="sw"} 0
ifaces_acl_txp{seq="20",type="hw"} 0
ifaces_acl_rxb{seq="20",typ="sw"} 0
ifaces_acl_rxb{seq="20",type="hw"} 2346
ifaces_acl_rxp{seq="20",typ="sw"} 0
ifaces_acl_rxp{seq="20",type="hw"} 23
ifaces_acl_txb{seq="30",typ="sw"} 0
ifaces_acl_txb{seq="30",type="hw"} 0
ifaces_acl_txp{seq="30",typ="sw"} 0
ifaces_acl_txp{seq="30",type="hw"} 0
ifaces_acl_rxb{seq="30",typ="sw"} 816
ifaces_acl_rxb{seq="30",type="hw"} 56229
ifaces_acl_rxp{seq="30",typ="sw"} 12
ifaces_acl_rxp{seq="30",type="hw"} 526
promwire: 78 9c a5 92 c1 8a c2 30 14 45 bf a0 ff f0 88 db 11 ec 8b 06 5d 74 29 b8 98 85 8b d9 b8 2a b1 a4 5a 88 36 26 75 ea 20 f3 27 f3 b1 a3 48 15 e3 23 06 ba 6d 2f 87 c3 79 39 fd 2d e6 9f 4b a8 4a 59 28 97 cb 42 e7 cd 69 0d 45 ad 8f bb 3d a4 50 97 e0 b6 75 0b b2 b8 fc 76 43 5d b9 06 ae 23 a9 75 5e 99 6f 91 97 ba 6e b5 5c 2b ed 92 01 7c ad 96 73 1f b5 91 c7 8d 4a 9e 3f 9e 9d 3a 64 2c 1d b1 8f e6 c7 64 cc b5 ec 17 46 a1 8d ca d8 f6 36 1a c0 ab af e9 7c b1 b7 af a1 7c 4d 84 af 89 f6 b5 8f be bc a7 af a5 fa da 88 be fe a6 f3 e5 63 31 25 95 ef 89 c7 bd 95 89 c4 36 22 b1 bf 79 28 93 0f 07 23 1e 17 fa c7 a2 2e 1a 04 99 f7 20 1b 61 e4 6f 3a 10 5e ee 41 36 08 b2 68 29 e4 64 03 1e d1 89 c7 74 0a 82 cc 7b 90 a5 8d a6 a9 08 ad 3a d4 44 20 ce c8 0c cf b8 14 43 a3 3b 0d 45 f2 0f c6 78 bd b6
csv:
1647427700100;ifaces_acl_10;0;0;0;0;0;3468;0;34
1647427700100;ifaces_acl_20;0;0;0;0;0;2346;0;23
1647427700100;ifaces_acl_30;0;0;0;0;816;56229;12;526
csvwire: 78 9c ab 98 63 62 6e 62 64 6e 6e 60 60 68 60 60 9d 99 96 98 9c 5a 1c 9f 98 9c 13 6f 68 60 8d 80 c6 26 66 16 60 8a d7 d0 0c 87 7a 23 64 f5 46 40 0d 60 0a b7 7a 63 84 6a 0b 43 33 6b 53 33 23 23 4b 6b 43 23 6b 53 23 33 5e 00 41 6f 25 1b
netconf:
/ifaces-acl/ifaces-acl/ifaces-acl<>10
/ifaces-acl/ifaces-acl/txbtyp="sw"<>0
/ifaces-acl/ifaces-acl/txbtype="hw"<>0
/ifaces-acl/ifaces-acl/txptyp="sw"<>0
/ifaces-acl/ifaces-acl/txptype="hw"<>0
/ifaces-acl/ifaces-acl/rxbtyp="sw"<>0
/ifaces-acl/ifaces-acl/rxbtype="hw"<>3468
/ifaces-acl/ifaces-acl/rxptyp="sw"<>0
/ifaces-acl/ifaces-acl/rxptype="hw"<>34
/ifaces-acl<>
/ifaces-acl/ifaces-acl/ifaces-acl<>20
/ifaces-acl/ifaces-acl/txbtyp="sw"<>0
/ifaces-acl/ifaces-acl/txbtype="hw"<>0
/ifaces-acl/ifaces-acl/txptyp="sw"<>0
/ifaces-acl/ifaces-acl/txptype="hw"<>0
/ifaces-acl/ifaces-acl/rxbtyp="sw"<>0
/ifaces-acl/ifaces-acl/rxbtype="hw"<>2346
/ifaces-acl/ifaces-acl/rxptyp="sw"<>0
/ifaces-acl/ifaces-acl/rxptype="hw"<>23
/ifaces-acl<>
/ifaces-acl/ifaces-acl/ifaces-acl<>30
/ifaces-acl/ifaces-acl/txbtyp="sw"<>0
/ifaces-acl/ifaces-acl/txbtype="hw"<>0
/ifaces-acl/ifaces-acl/txptyp="sw"<>0
/ifaces-acl/ifaces-acl/txptype="hw"<>0
/ifaces-acl/ifaces-acl/rxbtyp="sw"<>816
/ifaces-acl/ifaces-acl/rxbtype="hw"<>56229
/ifaces-acl/ifaces-acl/rxptyp="sw"<>12
/ifaces-acl/ifaces-acl/rxptype="hw"<>526
/ifaces-acl<>
xml:
<ifaces-acl><ifaces-acl><ifaces-acl>10
</ifaces-acl><txbtyp="sw">0
</txbtyp="sw"><txbtype="hw">0
</txbtype="hw"><txptyp="sw">0
</txptyp="sw"><txptype="hw">0
</txptype="hw"><rxbtyp="sw">0
</rxbtyp="sw"><rxbtype="hw">3468
</rxbtype="hw"><rxptyp="sw">0
</rxptyp="sw"><rxptype="hw">34
</rxptype="hw"></ifaces-acl>
<ifaces-acl><ifaces-acl>20
</ifaces-acl><txbtyp="sw">0
</txbtyp="sw"><txbtype="hw">0
</txbtype="hw"><txptyp="sw">0
</txptyp="sw"><txptype="hw">0
</txptype="hw"><rxbtyp="sw">0
</rxbtyp="sw"><rxbtype="hw">2346
</rxbtype="hw"><rxptyp="sw">0
</rxptyp="sw"><rxptype="hw">23
</rxptype="hw"></ifaces-acl>
<ifaces-acl><ifaces-acl>30
</ifaces-acl><txbtyp="sw">0
</txbtyp="sw"><txbtype="hw">0
</txbtype="hw"><txptyp="sw">0
</txptyp="sw"><txptype="hw">0
</txptype="hw"><rxbtyp="sw">816
</rxbtyp="sw"><rxbtype="hw">56229
</rxbtype="hw"><rxptyp="sw">12
</rxptyp="sw"><rxptype="hw">526
</rxptype="hw"></ifaces-acl>
</ifaces-acl>
xmlwire: 78 9c ab 98 93 96 98 9c 5a ac 9b 98 9c 63 67 93 89 9d 6d 68 c0 6b a3 8f 2c 57 52 91 54 52 59 60 ab 54 5c ae 64 07 92 43 e6 43 25 53 6d 95 32 50 64 a1 02 40 e9 02 34 bd 05 c8 7a 0b d0 f5 22 09 d8 14 a1 d9 8b cc 87 4a 42 95 1a 9b 98 59 c0 15 20 b4 17 a0 69 2f 40 d6 5e 80 ac 1d 2e 0d d3 8c 1c 00 bc b8 42 ca 68 e8 85 94 11 30 a8 28 08 29 23 63 f2 42 ca 78 30 86 94 85 a1 19 de b0 32 35 33 32 b2 c4 1b 58 86 46 78 43 cb d4 c8 8c 40 70 a1 f0 00 a4 d8 31 2c
kvgpb: | | 48 ad 8b df 92 f9 2f 0a 0e 45 35 31 33 2d 45 2d 59 45 43 57 48 2d 31 1a 0a 69 66 61 63 65 73 2d 61 63 6c 32 20 69 66 61 63 65 73 2d 61 63 6c 3a 69 66 61 63 65 73 2d 61 63 6c 2f 69 66 61 63 65 73 2d 61 63 6c 5a b3 01 7a 18 12 04 6b 65 79 73 7a 10 12 0a 69 66 61 63 65 73 2d 61 63 6c 2a 02 31 30 7a 96 01 12 07 63 6f 6e 74 65 6e 74 7a 0f 12 0b 74 78 62 74 79 70 3d 22 73 77 22 40 00 7a 10 12 0c 74 78 62 74 79 70 65 3d 22 68 77 22 40 00 7a 0f 12 0b 74 78 70 74 79 70 3d 22 73 77 22 40 00 7a 10 12 0c 74 78 70 74 79 70 65 3d 22 68 77 22 40 00 7a 0f 12 0b 72 78 62 74 79 70 3d 22 73 77 22 40 00 7a 11 12 0c 72 78 62 74 79 70 65 3d 22 68 77 22 40 8c 1b 7a 0f 12 0b 72 78 70 74 79 70 3d 22 73 77 22 40 00 7a 10 12 0c 72 78 70 74 79 70 65 3d 22 68 77 22 40 22 5a b3 01 7a 18 12 04 6b 65 79 73 7a 10 12 0a 69 66 61 63 65 73 2d 61 63 6c 2a 02 32 30 7a 96 01 12 07 63 6f 6e 74 65 6e 74 7a 0f 12 0b 74 78 62 74 79 70 3d 22 73 77 22 40 00 7a 10 12 0c 74 78 62 74 79 70 65 3d 22 68 77 22 40 00 7a 0f 12 0b 74 78 70 74 79 70 3d 22 73 77 22 40 00 7a 10 12 0c 74 78 70 74 79 70 65 3d 22 68 77 22 40 00 7a 0f 12 0b 72 78 62 74 79 70 3d 22 73 77 22 40 00 7a 11 12 0c 72 78 62 74 79 70 65 3d 22 68 77 22 40 aa 12 7a 0f 12 0b 72 78 70 74 79 70 3d 22 73 77 22 40 00 7a 10 12 0c 72 78 70 74 79 70 65 3d 22 68 77 22 40 17 5a b6 01 7a 18 12 04 6b 65 79 73 7a 10 12 0a 69 66 61 63 65 73 2d 61 63 6c 2a 02 33 30 7a 99 01 12 07 63 6f 6e 74 65 6e 74 7a 0f 12 0b 74 78 62 74 79 70 3d 22 73 77 22 40 00 7a 10 12 0c 74 78 62 74 79 70 65 3d 22 68 77 22 40 00 7a 0f 12 0b 74 78 70 74 79 70 3d 22 73 77 22 40 00 7a 10 12 0c 74 78 70 74 79 70 65 3d 22 68 77 22 40 00 7a 10 12 0b 72 78 62 74 79 70 3d 22 73 77 22 40 b0 06 7a 12 12 0c 72 78 62 74 79 70 65 3d 22 68 77 22 40 a5 b7 03 7a 0f 12 0b 72 78 70 74 79 70 3d 22 73 77 22 40 0c 7a 11 12 0c 72 78 70 74 79 70 65 3d 22 68 77 22 40 8e 04 68 c0 8b df 92 f9 2f
memory:


I added the sensor to both prometheus servers:

E513-E-YECWH-1(cfg)#sh run pro
proxy-profile oob
   vrf oob
   exit
server prometheus pr
   sensor ifaces-acl
   sensor ifaces-hw
   sensor ifaces-hwp
   sensor ifaces-sw
   sensor ifaces-swp
   interface ethernet1
   vrf oob
   exit
server prometheus PR-NMAAS
   port 9002
   sensor ifaces-acl
   sensor ifaces-hw
   sensor ifaces-hwp
   sensor ifaces-sw
   sensor ifaces-swp
   interface tunnel123
   vrf oob
   exit


Best regards,

Carmen Misa


On 16.03.22 09:58, mc36 wrote:
hi,


On 3/16/22 09:35, Carmen Misa Moreira wrote:
Hi Csaba,


Thank you I have just executed 'flash upgrade' but it takes some time.

okkk...


One question, in the past for the byte and packets counters they needed to be exported like here:

http://sources.freertr.net/misc/sensor/iface-byte.txt

instead look at this one:
http://sources.freertr.net/misc/sensor/traffic.txt
it have an example on how to split the sw/hw counters....

With this 'sensor' you create the tables and you define the command, for example, 'sho inter hwsumm' but now the command already exists 'show access-list nat4'. Thus, do I need the follow the same process and create the sensors or is different? Maybe is only needed to export the 'show access-list nat4' in 'server prometheus pr' without creating the sensor.

so first you need to create the sensor definition....
then you have to verify if it executes correctly and reports the needed counters: "sho sens acls"
then you'll have to mention it in the serv prom config of yours....
then you'll have to check if your prometheus server if still keeps your endpoint...
(prom could drop the endpoint if format error happens in the reports)
finally please send the file / create the patch / raise a pullreq @ github / whatever you prefer...

thanks,
cs




Best regards,

Carmen Misa


On 15.03.22 18:51, mc36 wrote:
hi,
fortunately the last piece arrived for the puzzle with this change:
https://github.com/mc36/freeRouter/commit/b9497927f6921d691fb212ad6ac6c2500ad65be5
now i see this:

mchome#show access-list nat4
seq     txb     txp rxb                                             rxp last timout             cfg
10         0+0     0+0     286618+225726     2450+1499 00:00:00 00:00:00 deny all 10.0.0.0 255.0.0.0 all 10.0.0.0 255.0.0.0 all
20         0+0     0+0     13032+6396 251+123             00:00:03 00:00:00     deny all any all 224.0.0.0 240.0.0.0 all
30         0+0     0+0     105389+107208     1440+1443 00:00:00 00:00:00 permit all 10.0.0.0 255.0.0.0 all any all

mchome#

it'll be easily exportable via anything... :)
regards,
cs

Archive powered by MHonArc 2.6.19.

Top of Page