[rancid] support for D-Link switches, where to start?

Discussion:

Gavin McCullagh

2011-02-02 10:35:38 UTC

Hi,

we have a lot of D-Link switches which we'd like to use Rancid to version
the config of. It appears that D-Link is not supported at the moment, but
I'm hoping I might be able to work on that a little.

Before I waste a lot of time:

1. Is anyone already working on this or does anyone know of something which
is close to D-Link which could be massaged to work?

2. If I were creating, let's say dlrancid and dllogin, is there a
particular current script that I should use as a template?

3. Are there any docs on how best to go about this? Is there a procedure
you guys would expect me to follow or is it just post clean, working code
to the list?

Thanks in advance,
Gavin

Gavin McCullagh

2011-02-13 12:30:39 UTC

Permalink

Hi,

Post by Gavin McCullagh
we have a lot of D-Link switches which we'd like to use Rancid to version
the config of. It appears that D-Link is not supported at the moment, but
I'm hoping I might be able to work on that a little.

I've spent some time on this and have moreorless working dlrancid and
dllogin scripts which login to the switches (over ssh only just now) and
run:
show switch for getSystem
show config current_config for getConf

This generally works, but there are a few problems which I wonder if people
might have come across in other models and already have strategies for
dealing with.

1. Some of the switches seem very slow to respond. I've had to up $timeo
in dlrancid to 300 seconds as the configs were getting truncated. The
dllogin timeout is set at 45 seconds.

2. Occasionally, I'm getting a truncated config, like this:

config igmp_snooping querier management last_member_query_interval 1 state disable
config igmp_snooping staff host_timeout 260 router_timeout 260 leave_timer 2 state enable
- config igmp_snooping querier staff query_iConnection to sw-w106-3 closed by remote host.
- Connection to sw-w106-3 closed

3. We're having some intermittent network issues which might be explained
by switches dropping frames. I can't really pinpoint it as being due
to rancid, but we've cut it back to running once overnight for now
instead of hourly. It appears our problems have cleared up since.

4. One model of D-Link switch (DES-3250TG) appears not to have a single
getConf command. I can probably constuct a config from 30 commands, but
I'm not keen on that. The switch is capable of uploading the config to
a TFTP server though.

Obviously ssh has much greater CPU requirements than telnet or tftp would
so I guess switching to telnet is my main plan for now. Has anyone else
noted issues like this, or is it just these D-Links? Is there another
possible explanation?

Where there isn't a getConf() command available, do people have a solution,
eg maybe run command to put config to a tftp server, then have rancid
download from the tftp server.

Thanks in advance for any help,
Gavin

john heasley

2011-02-16 00:35:42 UTC

Permalink

Post by Gavin McCullagh
Hi,

I've spent some time on this and have moreorless working dlrancid and
dllogin scripts which login to the switches (over ssh only just now) and
show switch for getSystem
show config current_config for getConf
This generally works, but there are a few problems which I wonder if people
might have come across in other models and already have strategies for
dealing with.
1. Some of the switches seem very slow to respond. I've had to up $timeo
in dlrancid to 300 seconds as the configs were getting truncated. The
dllogin timeout is set at 45 seconds.
config igmp_snooping querier management last_member_query_interval 1 state disable
config igmp_snooping staff host_timeout 260 router_timeout 260 leave_timer 2 state enable
- config igmp_snooping querier staff query_iConnection to sw-w106-3 closed by remote host.
- Connection to sw-w106-3 closed

that could be a network issue or you're just asking too much of the switch
or it's software ... i mean, did you really expect to read the config? :)

Post by Gavin McCullagh
3. We're having some intermittent network issues which might be explained
by switches dropping frames. I can't really pinpoint it as being due
to rancid, but we've cut it back to running once overnight for now
instead of hourly. It appears our problems have cleared up since.

its possible; if the box switches in s/w and doesnt give scheduling priority
to switching or is one non-interruptible context ... it could hurt.

Post by Gavin McCullagh
4. One model of D-Link switch (DES-3250TG) appears not to have a single
getConf command. I can probably constuct a config from 30 commands, but
I'm not keen on that. The switch is capable of uploading the config to
a TFTP server though.
Obviously ssh has much greater CPU requirements than telnet or tftp would
so I guess switching to telnet is my main plan for now. Has anyone else
noted issues like this, or is it just these D-Links? Is there another
possible explanation?

this occurs on some old ciscos, though rarely results in a timeout. you
might try a smaller key, less cpu intensive cypher, etc.

Post by Gavin McCullagh
Where there isn't a getConf() command available, do people have a solution,
eg maybe run command to put config to a tftp server, then have rancid
download from the tftp server.

that could work, but I've not done it before (ie: have no examples).

Gavin McCullagh

2011-02-16 08:22:39 UTC

Permalink

Hi,

Post by john heasley

Post by Gavin McCullagh
- config igmp_snooping querier staff query_iConnection to sw-w106-3 closed by remote host.
- Connection to sw-w106-3 closed

that could be a network issue or you're just asking too much of the switch
or it's software ... i mean, did you really expect to read the config? :)

I was also getting the ssh error "bad packet" now and then. I've since
switched to telnet and all is well now, so I don't fully understand the
cause, but I at least have a workaround.

Post by john heasley

its possible; if the box switches in s/w and doesnt give scheduling priority
to switching or is one non-interruptible context ... it could hurt.

I wouldn't have thought there was switching in software but I guess there
may be some small software element which can cause a deadlock.

Post by john heasley

Post by Gavin McCullagh
Obviously ssh has much greater CPU requirements than telnet or tftp would
so I guess switching to telnet is my main plan for now. Has anyone else
noted issues like this, or is it just these D-Links? Is there another
possible explanation?

this occurs on some old ciscos, though rarely results in a timeout. you
might try a smaller key, less cpu intensive cypher, etc.

I tried blowfish which is supposed to be less cpu intensive, but it didn't
seem to make much difference.

Post by john heasley

that could work, but I've not done it before (ie: have no examples).

Ah well, the lazy person in me was hoping some code would be there already
:-) Our 3Com 4400s seem to have the same issue.

Gavin

Jethro R Binks

2011-02-16 09:31:59 UTC

Permalink

Post by Gavin McCullagh

Post by john heasley

Post by Gavin McCullagh
Where there isn't a getConf() command available, do people have a
solution, eg maybe run command to put config to a tftp server, then
have rancid download from the tftp server.

that could work, but I've not done it before (ie: have no examples).

Ah well, the lazy person in me was hoping some code would be there
already :-) Our 3Com 4400s seem to have the same issue.

wrancid/wrapwrancid might help: see:

http://sites.google.com/site/jrbinks/code/rancid/wraprancid

although since I modified Michael Stefaniuc's original, I haven't actually
used it.

"In brief, w(rap)rancid permits a arbitrary third-party script to be used
to obtain the configuration for a device, rather than expecting rancid
itself to obtain it through clogin/etc. This permits rancid to be used as
a tool for backing up and monitoring changes on a class of devices that do
not have a useable CLI, or which cannot write a textual configuration to
the terminal, as long as some method exists for pulling a textual
configuration from the device (for example, by invoking transfer to
tftp/ftp server via SNMP or CLI, or using scp to retrieve the
configuration file)."

The 3Com 4400 doesn't have a CLI (menu) command to show the running
config, but you could run something periodically to tftp the config to a
server, from where you can instruct rancid can read it by using
wraprancid.

Disclaimer: I've forgotten everything about wraprancid now ...

J.

. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks, Network Manager,
Information Services Directorate, University Of Strathclyde, Glasgow, UK

The University of Strathclyde is a charitable body, registered in
Scotland, number SC015263.

Gavin McCullagh

2011-03-08 11:38:14 UTC

Permalink

Hi,

Post by Jethro R Binks
http://sites.google.com/site/jrbinks/code/rancid/wraprancid

Interesting, thanks.

Post by Jethro R Binks
The 3Com 4400 doesn't have a CLI (menu) command to show the running
config, but you could run something periodically to tftp the config to a
server, from where you can instruct rancid can read it by using
wraprancid.

That's what I had in mind, although, looking at the config, I think there
may be a smarter way. When you run the backupconfig, tell it a tftp server
and a filename, a single line appears saying "Processing:....". The rest
of the line appears to be the current config line which it is reading.
Rather than spit the config out on sequential lines, it refreshes the same
line over and over, but you see things like:

Processing: <bridge vlan modify addPort 4 1:24-1:25 tagged>
...
Processing: <# SECURITY NETWORK ACCESS SECTION>
....
Processing: <trafficManagement qos trafficQueue serviceMode WRR>

so it may be possible to pull the full config, just by sending it to a tftp
server. In fact, the tftp server upload happens afterward and can fail so
it may not be necessary for the upload to work.

I guess it should be possible to capture this information though I haven't
tried yet.

Gavin

Jethro R Binks

2011-03-08 11:45:28 UTC

Permalink

Post by Gavin McCullagh
That's what I had in mind, although, looking at the config, I think
there may be a smarter way. When you run the backupconfig, tell it a
tftp server and a filename, a single line appears saying
"Processing:....". The rest of the line appears to be the current
config line which it is reading. Rather than spit the config out on
sequential lines, it refreshes the same line over and over, but you see
Processing: <bridge vlan modify addPort 4 1:24-1:25 tagged>

Interesting observation, thanks. I don't think I've ever actually
bothered to tftp in all these years, just knew that it was possible!

Post by Gavin McCullagh
I guess it should be possible to capture this information though I
haven't tried yet.

I might take a look if I'm at a loose end. No time soon then!

Jethro.

. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks, Network Manager,
Information Services Directorate, University Of Strathclyde, Glasgow, UK

The University of Strathclyde is a charitable body, registered in
Scotland, number SC015263.

Gavin McCullagh

2011-03-08 11:51:24 UTC

Permalink

Hi,

Post by Jethro R Binks

Post by Gavin McCullagh
Processing: <bridge vlan modify addPort 4 1:24-1:25 tagged>

Interesting observation, thanks. I don't think I've ever actually
bothered to tftp in all these years, just knew that it was possible!

Post by Gavin McCullagh
I guess it should be possible to capture this information though I
haven't tried yet.

I might take a look if I'm at a loose end. No time soon then!

It dawned on me after sending the mail to run wireshark and see how much of
the data really comes across. Disappointingly it seems to only print
a subset of the lines of the config, I guess to give you an idea where it
is in the process.

Shame :-)

Gavin

Jethro R Binks

2011-03-08 11:55:55 UTC

Permalink

Post by Gavin McCullagh

Post by Jethro R Binks
I might take a look if I'm at a loose end. No time soon then!

Bah!

. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks, Network Manager,
Information Services Directorate, University Of Strathclyde, Glasgow, UK

The University of Strathclyde is a charitable body, registered in
Scotland, number SC015263.

Continue reading on narkive:

Search results for '[rancid] support for D-Link switches, where to start?' (Questions and Answers)

replies

Would an ignition coil cause no power?

started 2017-07-19 00:34:41 UTC

maintenance & repairs

replies

I have been supporting Man U for two months now, does this make me a long term fan of the club?

started 2008-04-15 08:18:23 UTC

english football

replies

what should i buy for my cisco lab?