For A10 Load Balancers, how does one quickly see all of the VIPs, End Host / Real Host IP Addresses, and Service status across all the A10s in one report? (You know the answer is NQE).
Note that this is the second post in a series for A10 Load Balancer NQE reports.
The first step is to check the status of each End Host / Real Host using the output of “show slb server”. This command is run ever time a Snapshot occurs.
The next steps are to scrape the A10 Configurations to find the associated slb service-group, then the slb virtual-server. Along the way, let’s determine the Host Inventory to show the Host MAC, type and the network connection. Using a Violation to state whether the End Host is in the Inventory allows us to determine if the Host is modeled.
Someone will probably figure out a method reduce the number of cycles through “foreach device in network.devices” for performance. For this particular immediate need to gather the information, the extra cycles are acceptable.
There are many other Community posts detailing the use of blockMatches for pattern matching. That is the basis for this fairly straightforward A10 report.
There are a few Select outputs that are commented for debugging and for additional reporting.
Use the filters to find specific A10 devices, that status of the Service, and whether the Host is in the Inventory.
/**
* @intent Enumerate the A10 SLB End Host and VIP Status
* @description Parse the output of "ACOS: 'show slb server'", and check the Host Invntory to determine if the IP Address exists.
* Determine the IP address of the End Host / Real Host.
* Determine if the IP address of the Real Host existins in the Forward Networks Inventory.
* Determine the Service Group that the End Host / Real Host is a Member of.
* Determine the IP Address of the Service Group and the SLB Virtual Server value.
*/
// ------------------------------------------------------------------------
//
/* Example output of "show slb server"
Service Current Total Fwd-pkt Rev-pkt Peak-conn State
---------------------------------------------------------------------------------------
server1:443/tcp 0 178 4555 6986 0 Down
server1:48912/tcp 0 0 0 0 0 Down
server1: Total 0 178 4555 6986 0 Down
*/
// Pattern to Enumerate "show slb server"
pattern1 = ```
Service Current Total Fwd-pkt Rev-pkt Peak-conn State
---------------------------------------------------------------------------------------
{service: string} {current: string} {total: string} {fwdpkt: string} {revpkt: string} {peakconn: string} {status: string}
```;
//
/* Example output of matching details in Configuration
slb server server1 10.10.10.10
port 443 tcp
port 48912 tcp
*/
//
pattern2 = ```
slb server {servername: string} {ipAddr: string}
```;
//
/* Enumerate the VIP by searching the slb service-group section in the Configuration
The service name : port is configured as a member. Split the two values from "show slb server" prior in the query.
!
slb service-group servicegroup1_443 tcp
member server1 443
member server2 443
member server3 443
!
*/
//
pattern3 = ```
slb service-group {svcgrp: string} tcp
member {svcmember: string} {tcpport: string}
```;
//
/* Determine the SLB VIP Name and IP Address associated witht he SLB Group
The VIP for the member is found from the above slb output.
!
slb virtual_server1_443 10.10.10.100
disable-when-all-ports-down
vrid 1
port 443 tcp
ha-conn-mirror
service-group servicegroup1_443
!
*/
//
pattern4 = ```
slb virtual-server {slbvirtsvr:string} {slbip:string}
port {tcpport:number} tcp
service-group {svcgroup2:string}
```;
// General Routines
parseSlashPair(s) =
patternMatch(replace(s, "/", " "), `{first:number} {second:string}`);
parseColonPair(s) =
patternMatch(replace(s, ":", " "), `{first:string} {second:string}`);
removeBrackets(s) =
replace(replace(s, " ", ""), "c", "");
// Routine to Parse the full A10 Configuration to find the End Host IP Address.
slbIPConfig (serviceName)=
foreach device in network.devices
where device.platform.vendor == Vendor.A10
let outputs = device.outputs
foreach command in outputs.commands
where command.commandType == CommandType.CONFIG
let rawDataResponse = command.response
let configurations = parseConfigBlocks(OS.ACOS, command.response)
foreach slb_block in blockMatches(configurations, pattern2)
where slb_block.data.servername == serviceName
select distinct slb_block.data.ipAddr
;
// Routine to look up the Host Values for Enumeration.
checkHostIP(device)=
foreach host in device.hosts
where isPresent(host.macAddress)
select {
deviceName: device.name,
physicalName: device.system.physicalName,
address: host.addresses,
addrStr: toString(host.addresses),
macAddress: host.macAddress,
vendor:ouiAssignee(host.macAddress),
interfaces: host.interfaces,
hostType: host.hostType,
}
;
// Routine to search the Configuration to match the slb service-group to find the member.
checkSvcGrp(serviceName,servicePort)=
foreach device in network.devices
where device.platform.vendor == Vendor.A10
let outputs = device.outputs
foreach command in outputs.commands
where command.commandType == CommandType.CONFIG
let rawDataResponse = command.response
let configurations = parseConfigBlocks(OS.ACOS, command.response)
foreach slb_block in blockMatches(configurations, pattern3)
where slb_block.data.svcmember == serviceName && slb_block.data.tcpport == servicePort
select distinct slb_block.data.svcgrp
;
// Routine to search the Configuration to match the slb virtual-server to find the service-group member.
checkVirtSvr(svcGrp)=
foreach device in network.devices
where device.platform.vendor == Vendor.A10
let outputs = device.outputs
foreach command in outputs.commands
where command.commandType == CommandType.CONFIG
let rawDataResponse = command.response
let configurations = parseConfigBlocks(OS.ACOS, command.response)
foreach slb_block in blockMatches(configurations, pattern4)
where slb_block.data.svcgroup2 == svcGrp
select distinct
{ vipIP: slb_block.data.slbip,
vipName: slb_block.data.slbvirtsvr
}
;
// ***** MAIN FUNCTION *****
foreach device in network.devices
where device.platform.vendor == Vendor.A10
let outputs = device.outputs
foreach command in outputs.commands
where command.commandType == CommandType.SLB_SERVERS
let rawDataResponse = command.response
let configurations = parseConfigBlocks(OS.ACOS, command.response)
foreach slb_block in blockMatches(configurations, pattern1)
where slb_block.data.current != "Total" // Remove the Total Summary Lines
let serviceName = parseColonPair(slb_block.data.service).first
let servicePort = replace(parseColonPair(slb_block.data.service).second, "/tcp", "")
let serviceIP = slbIPConfig(serviceName)
let serviceIPstr = replace(toString(serviceIP), "c", "")
let serviceIPstr = replace(serviceIPstr, "]", "")
let serviceIPstr = serviceIPstr + "/32"
let serviceIPaddr = ipSubnet(serviceIPstr)
let ipHost = max(foreach record in checkHostIP(device)
where serviceIPaddr in record?.address
select record )
let svcGrp = max(checkSvcGrp(serviceName,servicePort))
let svcGrpData = max(checkVirtSvr(svcGrp))
// **** Output Table of Values *****
select {
violation: !isPresent(ipHost?.address),
deviceName: device.name, // A10 for which the output of "show slb server" was executed
ServiceName: serviceName, // End Host / Real Host
ServiceGrp: svcGrp, // Service Group containing the End Host / Real Host and TCP Port
VirtSvrName: svcGrpData?.vipName, // SLB virtual-server Values from Configuration
VirtSvrIP: svcGrpData?.vipIP, // SLB virtual-server Values from Configuration
Service: slb_block.data.service,
ServiceIP: serviceIP,
// ServicePort: servicePort,
// serviceIPstr : serviceIPstr,
// serviceIPaddr: serviceIPaddr,
// SLB Server Values from "show slb server" -------------
State: slb_block.data.status,
Current: slb_block.data.current,
Total: slb_block.data.total,
"Fwd-pkt": slb_block.data.fwdpkt,
"Rev-pkt": slb_block.data.revpkt,
"Peak-conn": slb_block.data.peakconn,
// Host Inventory Values --------------
// recordAdd: ipHost?.address,
// addrStr: ipHost?.addrStr,
hostMAC: ipHost?.macAddress,
hostConn: ipHost?.physicalName,
hostInt: ipHost?.interfaces,
hostVendor: ipHost?.vendor,
}
What additional information would be valuable in the report that will save you time debugging? Please let us know at Forward Networks.
