Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Alcatel-Lucent Enterprise AOS8 integration #759

Open
wants to merge 87 commits into
base: develop
Choose a base branch
from
Open
Changes from 1 commit
Commits
Show all changes
87 commits
Select commit Hold shift + click to select a range
a7e582a
Fix linting warnings
claudiolor Jun 20, 2022
57a9b02
Bump version to 0.18.0
ddutt Jun 20, 2022
93ada58
Updated release notes for 0.18.0
ddutt Jun 21, 2022
4e475c7
Add document about throttling requests to AAA servers
ddutt Jun 21, 2022
7687233
Fix services init tests
claudiolor Jun 26, 2022
176e77f
Interfaces: bug fix to handle unique when specifying vlan filter
ddutt Jun 25, 2022
5e6bfba
Update tests to test the bug fix
ddutt Jun 25, 2022
007cfa9
Updating task list, cleaning out obsolete stuff
ddutt Jun 30, 2022
fa575a3
Add `show arp` textfsm template
jefvantongerloo Jul 1, 2022
7411854
Add `show chassis` textfsm template
jefvantongerloo Jul 1, 2022
cb7d9db
Add `show interfaces` textfsm template
jefvantongerloo Jul 1, 2022
6c11ddc
Add `show interfaces` textfsm template
jefvantongerloo Jul 1, 2022
1d75cbf
Add `show ip routes` textfsm template
jefvantongerloo Jul 1, 2022
e7b1aee
Add `show mac-learning` textfsm template
jefvantongerloo Jul 1, 2022
3321e72
Add `show system` textfsm template
jefvantongerloo Jul 1, 2022
95a9d34
Add `show vlan members` textfsm template
jefvantongerloo Jul 1, 2022
66fc031
Add `show vlan` textfsm template
jefvantongerloo Jul 1, 2022
d6414c8
Add `aos` namespace/nos
jefvantongerloo Jul 1, 2022
7362db5
Add Alcatel-Lucent Enterpise AOS8 support
jefvantongerloo Jul 1, 2022
609886e
Add vlan.yml
jefvantongerloo Jul 1, 2022
03c2863
Add route.yml
jefvantongerloo Jul 1, 2022
e1baa0f
Add mac.yml
jefvantongerloo Jul 1, 2022
bafb8c1
Add interface.yml
jefvantongerloo Jul 1, 2022
3d5ed86
Add device.yml
jefvantongerloo Jul 1, 2022
af53570
Add arpnd.yml
jefvantongerloo Jul 1, 2022
e50fe67
Add arpnd.output
jefvantongerloo Jul 1, 2022
9d4235e
Add device.output
jefvantongerloo Jul 1, 2022
1baaabb
Add inventory.output
jefvantongerloo Jul 1, 2022
d56bda3
Add macs.output
jefvantongerloo Jul 1, 2022
8315e25
Add routes.output
jefvantongerloo Jul 1, 2022
6093199
Add vlan.output
jefvantongerloo Jul 1, 2022
c44a3c8
Add interfaces.output
jefvantongerloo Jul 1, 2022
485c375
Correct services file location
jefvantongerloo Jul 1, 2022
979c8a8
Fix missing : in ip:port log
jefvantongerloo Jul 1, 2022
dad00ec
Add Alcatel-Lucent Enterpise AOS8
jefvantongerloo Jul 1, 2022
9a93599
Remove debug logger lines
jefvantongerloo Jul 1, 2022
9d9de04
Add namespace aos
jefvantongerloo Jul 4, 2022
dc26671
Add aos
jefvantongerloo Jul 4, 2022
1455282
Regex as raw string
jefvantongerloo Jul 7, 2022
8d29808
Adjust `detected_speed` key to `speed`
jefvantongerloo Jul 7, 2022
c862650
Call dict value directly instead of .get
jefvantongerloo Jul 7, 2022
de18f21
Regex as raw string
jefvantongerloo Jul 7, 2022
040ee09
Regex as raw string
jefvantongerloo Jul 7, 2022
356bdb0
Regex as raw string
jefvantongerloo Jul 7, 2022
3464466
Remove ´type´ entry
jefvantongerloo Jul 7, 2022
46acc11
Linting (Flake8 + Pylint)
jefvantongerloo Jul 7, 2022
f9e1018
Linting (Flake8 + Pylint)
jefvantongerloo Jul 8, 2022
c250e8b
Linting (Flake8 + Pylint)
jefvantongerloo Jul 8, 2022
33276f7
Add newline at end of file
jefvantongerloo Jul 8, 2022
f17602e
Add newline at end of file
jefvantongerloo Jul 8, 2022
2e3d68f
Linting (Flake8 + Pylint)
jefvantongerloo Jul 8, 2022
2411f8a
Add aos ´state´ item
jefvantongerloo Jul 8, 2022
5b65851
Linting (Flake8 + Pylint)
jefvantongerloo Jul 8, 2022
02db219
Linting (Flake8 + Pylint)
jefvantongerloo Jul 8, 2022
98f046f
Remove `type` name in variable
jefvantongerloo Jul 12, 2022
6aa7ce4
Merge 'develop' into alcatel-lucent-enterprise
jefvantongerloo Sep 8, 2022
4f8e2af
textfsm-aos v1.1.2 template update
jefvantongerloo Dec 20, 2022
1c479d4
add `memory` and `os`parameter
jefvantongerloo Dec 20, 2022
f832c8e
add `bd`and `protocol` parameters
jefvantongerloo Dec 20, 2022
169c91a
add aos `show ip interface` command
jefvantongerloo Dec 22, 2022
b69c007
add aos `show``arp``ip_interface` `ip_routes` command
jefvantongerloo Dec 22, 2022
6ce09d5
add aos_show_ip_interface.tfsm
jefvantongerloo Dec 22, 2022
3d5c94c
add aos vlan interfaces
jefvantongerloo Dec 22, 2022
1325b50
add aos route parameters
jefvantongerloo Dec 22, 2022
a4e2163
add `linkagg interfaces`
jefvantongerloo Dec 22, 2022
d321b34
add aos_show_linkagg.tfsm
jefvantongerloo Dec 22, 2022
0fbb008
add aos_show_linkagg_port.tfsm
jefvantongerloo Dec 22, 2022
485a4f9
add aos `show linkagg` & `show linkagg port` commands
jefvantongerloo Dec 22, 2022
3ce87f7
Merge branch 'develop' into alcatel-lucent-enterprise
jefvantongerloo Dec 22, 2022
f18cbc8
remove
jefvantongerloo Dec 22, 2022
f1b5c8d
update test data
jefvantongerloo Dec 22, 2022
cc76f94
add tests
jefvantongerloo Dec 22, 2022
7641987
Merge remote-tracking branch 'origin/develop' into alcatel-lucent-ent…
claudiolor Jan 12, 2023
95b48b9
Make AOS complaint to the new Node class structure
claudiolor Jan 9, 2023
d9d3998
Fix device autodiscovery
claudiolor Jan 11, 2023
b83c265
Invert cmd order
claudiolor Jan 11, 2023
c3b9711
Fix device service crash with empty response
claudiolor Jan 11, 2023
81144e3
vrf `default` instead of `blank`
jefvantongerloo Feb 1, 2023
9744d98
change `aggregate` to `bond`
jefvantongerloo Feb 20, 2023
a2f9891
transform `emp` type to `ethernet`
jefvantongerloo Feb 20, 2023
ab27c11
add mackey generation
jefvantongerloo Feb 20, 2023
ce19e52
linting
jefvantongerloo Feb 20, 2023
5436af8
Merge branch 'develop' into alcatel-lucent-enterprise
jefvantongerloo Jul 8, 2024
5c20574
fix interface speed value
jefvantongerloo Jul 9, 2024
0eec163
remove catch errors
jefvantongerloo Jul 9, 2024
75b0f36
fix memory bytes value
jefvantongerloo Jul 9, 2024
85d2b0a
Merge branch 'develop' into alcatel-lucent-enterprise
jefvantongerloo Jan 8, 2025
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Add document about throttling requests to AAA servers
Signed-off-by: Dinesh Dutt <dd.ps4u@gmail.com>
Signed-off-by: jefvantongerloo <jefvantongerloo@gmail.com>
ddutt authored and jefvantongerloo committed Jul 7, 2022
commit 4e475c7c857b4040dc627d9ad09e857ab2e5ea54
75 changes: 75 additions & 0 deletions docs/rate-limiting-AAA.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
# Rate Limiting AAA Server Requests

Many AAA servers (such as TACACS, Radius) cannot handle the rate at which SuzieQ can issue requests. This is especially true in larger installations, those with older AAA servers, or when command authorization is used in addition to authentication. The most common symptom of this problem is the authentication failed error message. To avoid user lockout, we stopped retrying on authentication failures. To fix this, we added three new parameters to the poller configuration. A consequence of throttling is of course that it takes longer to collect the data.

* **max-cmd-pipeline**: This is an integer value that ensures that no more than this number of requests are sent to a device in a second. Thus a value of 9 implies that we never have more than 9 outstanding commands or logins. If you use distributed pollers, you need to ensure that this number is a multiple of the number of pollers. Thus with a value of 9, you can use either 1 or 3 pollers. With 8, you can use 1, 2, or 4 pollers and so on. This is **specified in the suzieq-cfg.yml** file. The default is 0 i.e. no limits.

* **per-cmd-auth**: This is a boolean to specify whether need to throttle logins as well as commands sent to a device. This is required in installations where commands are authorized before execution. True means use it for commands as well as logins. This is specified in the devices section of the poller inventory file. The default is False.

* **retries-on-auth-fail**: Some older AAA servers fail even at low rates. In certain installations, a maximum of 3 authentication failures are tolerated before the user account is locked, and in some installations it can be anything more than a single failure. This parameter now enables us to support both types of installations. This is specified in the devices section of the poller inventory file. The default is 0, i.e. we never retry on authentication failure.

Here's a sample suzieq-cfg.yml file with the max-cmd-pipeline parameter (see the poller section).
```
data-directory: tests/data/parquet
coalescer:
period: 1h
archive-directory:
logging-level: DEBUG
rest:
# Uncomment these lines if you're using your own files for the REST server
# The certificates listed below are provided purely to get started, In any
# secure deployment, these must be generated specifically for the site and
# these lines uncommented and containing the location of the site-specific file.
# rest_certfile: /suzieq/cert.pem
# rest_keyfile: /suzieq/key.pem
#
API_KEY: 496157e6e869ef7f3d6ecb24a6f6d847b224ee4f
logging-level: WARNING
address: 127.0.0.1
port: 8000
# no-https: True
log-stdout: True
# rest-certfile: /secrets/cert.pem
# rest-keyfile: /secrets/key.pem
# logfile: /tmp/sq-rest-server.log
# log-stdout: True

poller:
connect-timeout: 60
period: 60
logsize: 10000000
logging-level: WARNING
log-stdout: True
max-cmd-pipeline: 4

ux:
engine: pandas

analyzer:
timezone: America/Los_Angeles
```

Here's a sample inventory file with per-cmd-auth and retries-on-auth-fail set:
```
---
sources:
- name: ans
type: ansible
path: /tmp/ansinv

devices:
- name: default
per-cmd-auth: False
retries-on-auth-fail: 2
ignore-known-hosts: true

auths:
- name: default
username: vagrant
password: vagrant

namespaces:
- name: demo
source: ans
device: default
```
1 change: 1 addition & 0 deletions mkdocs.yml
Original file line number Diff line number Diff line change
@@ -16,6 +16,7 @@ nav:
- Gathering Data:
- Poller: poller.md
- Inventory File: inventory.md
- Rate Limiting AAA Server Requests: rate-limiting-AAA.md
- Tables: tables.md
- Transports: transports.md
- Polling From a Local Folder: simnode.md