Shorter display of OSPF database

Recently I had to explore the behavior of Cisco IOS OSPF implementation and had to inspect OSPF database on routers in various areas. If you're only interested in the contents of the database (not in low-level troubleshooting), variety of LSA fields (including LS Age, Options, Checksum, Length ...) are just cluttering the printout, so I fine-tuned the show filter to exclude all the non-relevant fields, ending with show ip ospf database parameters | exclude LS|Options|Check|Len|(MTID:[ 0-9]+$) (the MTID field appears in IOS release 12.2SRC).To make the command more useful, I've changed it into a short Tcl script (using steps from the post explaining how to execute complex CLI commands from Tcl) stored in flash:ospfdb.tcl …

set cmd {show ip ospf database }
append cmd $argv
append cmd { | excl LS|Options|Check|Len|(MTID:[ 0-9]+$)}
puts [exec $cmd]

… and defined alias exec ospfdb flash:ospfdb.tcl. I could then easily inspect the contents of various parts of OSPF database I was interested in, for example:

a3#ospfdb external 0.0.0.0
 
            OSPF Router with ID (10.0.1.3) (Process ID 1)
 
                Type-5 AS External Link States
 
  Link State ID: 0.0.0.0 (External Network Number )
  Advertising Router: 10.0.1.5
  Network Mask: /0
        Metric Type: 2 (Larger than any link state path)
        Metric: 1 
        Forward Address: 0.0.0.0
        External Route Tag: 1

Simple CLI extensions: handling special characters

Last week I've described how you can extend the exec-mode CLI commands with almost no knowledge of Tcl. A bit more work is required if your commands include Tcl special characters (quotes, braces or backslashes).

For example, to display all routes advertised by customers of AS X, you'd use the following show command: show ip bgp regexp _X_([0-9]+)(_\1)*$ (the regular expression is explained in the AS-path based filter of customer BGP routes post). This command cannot be entered as a Tcl string with variable substitution; Tcl would interpret the [ and \ characters. You could enter the whole command in curly braces, but then there would be no variable substitution that we need to insert command line parameters. To make Tcl happy, use the following Tcl commands:

1. set cmd {first-part-of-command} stores the command prefix into the cmd variable;
2. append cmd $argv appends the command line arguments to the command;
3. append cmd {rest-of-command} appends the rest of the IOS exec command;
4. puts [exec $cmd] executes the command and prints the results.

For example, the following code will display the customers of a BGP AS specified in the command line (after being stored in a flash file and defined in an alias, of course):

set cmd {show ip bgp regexp _}
append cmd $argv
append cmd {_([0-9]+)(_\1)*$}
puts [exec $cmd]

Simple extensions to exec-mode CLI

The various show filters available in Cisco IOS are a great tool to minimize the amount of printout you have to analyze, their only problem (from my perspective) is that you cannot make an alias out of them, as you usually have to supply one or more parameters to the show command and these parameters have to be inserted before the filter (and the alias command does not support replaceable parameters). You could solve the problem with Tcl shell, but I'm not sure many networking engineers are fluent Tcl programmers. Fortunately, the code you need is so simple anyone can create a working solution.

Follow these simple steps:

1. Execute the show command you're interested in and fine-tune the filter. For example, I wanted to have a short display of IP interfaces produced with the show ip interface fa0/0 ¦ include address¦protocol command.
2. Store the following line of Tcl code in a flash file: puts [exec "your-command"], replacing the arguments in your command with $argv (you can use this trick if you don't have an external file server handy). In my case, the flash:ipconfig.tcl file contained the following code:

puts [exec "show ip interface $argv ¦ include address¦protocol"]

3. Define a command alias: alias exec new-command tclsh file-in-flash, for example, alias exec ipconfig flash:ipconfig.tcl.

Now you can execute your new command and use command parameters to select the printout you want.

X1#ipconfig fa0/0
FastEthernet0/0 is up, line protocol is up
  Internet address is 172.16.0.1/24
  Broadcast address is 255.255.255.255
  Helper address is not set
  Network address translation is disabled

Replace the broken vertical bar in sample printouts with a vertical bar before using them.

Display locally originated BGP routes

Displaying the BGP routes originated in the local AS is simple: you just filter the BGP table with a regular expression matching an empty AS path. Displaying routes originated by the local router is tougher. You could use the fact that the local routes have the weight set to 32768:

PE-A#show ip bgp quote-regexp "^$" | inc Network|32768
   Network          Next Hop            Metric LocPrf Weight Path
*> 10.0.1.1/32      0.0.0.0                  0         32768 i

This would work if you don’t play with BGP weights in network statements. If you’ve changed the weights, you should filter the routes based on the BGP next-hop: locally originated routes have the next-hop 0.0.0.0 and all other routes should have a non-zero BGP next-hop. To filter BGP routes based on the next-hop you have to:

• Define an access-list that matches desired next-hop (0.0.0.0)
• Define a route-map that uses the access-list to match IP next hop.
• Display BGP routes matched by a route-map.

A sample configuration and show command printout is included below:

ip access-list standard AllZeros
 permit 0.0.0.0
!
route-map NextHopSelf permit 10
 match ip next-hop AllZeros

PE-A#show ip bgp route-map NextHopSelf | begin Network
   Network          Next Hop            Metric LocPrf Weight Path
*> 10.0.1.1/32      0.0.0.0                  0         32768 i

To make this command simpler to use, define an alias: alias exec mybgp show ip bgp route-map NextHopSelf | begin Network.

Display BGP routes originated in the local AS

The easiest way to display BGP routes originating in the local autonomous system is to use the regular expression ^$ (empty AS-path) in the show ip bgp regexp command, for example:

PE-A#show ip bgp regexp ^$
BGP table version is 10, local router ID is 10.0.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 10.0.1.1/32      0.0.0.0                  0         32768 i
r>i10.0.1.2/32      10.0.1.2                 0    100      0 i

If you want to apply a show filter to the printout of this command, you have to use the quote-regexp variant; otherwise the rest of the line is interpreted as regular expression. To skip the header explaining the BGP status code (we know them by heart by now, don’t we?), use …

PE-A#show ip bgp quote-regexp "^$" | begin Network
   Network          Next Hop            Metric LocPrf Weight Path
*> 10.0.1.1/32      0.0.0.0                  0         32768 i
r>i10.0.1.2/32      10.0.1.2                 0    100      0 i

… and end with the eye candy – define this command as an alias: alias exec localbgp show ip bgp quote-regexp "^$" | begin Network.

A bug in the IOS “section” filter

The section filter of the show commands contains a nasty bug (at least in the IOS release 12.4T) in IOS release 12.2SRC: if a line in the section matches the same regular expression as the section header, the rest of the section is not printed.I guess this sounds a bit perplexing, so here's an example. When using the router bgp regular expression in a section filter appended to the show running command, the whole BGP configuration is displayed:

PE-A#show run ¦ section router bgp
router bgp 65000
 template peer-policy Internal
  send-community both
 exit-peer-policy
 !
 template peer-session Internal
  remote-as 65000
  update-source Loopback0
 exit-peer-session
 !
 no synchronization
 bgp log-neighbor-changes
 neighbor 10.0.1.5 inherit peer-session Internal
 neighbor 10.0.1.5 description PE-C(RR)
 neighbor 10.0.1.5 inherit peer-policy Internal
 no auto-summary
 !
 address-family vpnv4
  neighbor 10.0.1.5 activate
  neighbor 10.0.1.5 send-community extended
 exit-address-family

However, if you use bgp as the regular expression, the printout starts with the router bgp command, but stops abruptly after the first line containing the string bgp, skipping the rest of the section:

PE-A#show run ¦ section bgp
router bgp 65000
 template peer-policy Internal
  send-community both
 exit-peer-policy
 !
 template peer-session Internal
  remote-as 65000
  update-source Loopback0
 exit-peer-session
 !
 no synchronization
 bgp log-neighbor-changes

Display operational IPv6 interfaces

The brief display of the state of IPv6 interfaces in the router (show ipv6 interface brief) is significantly different from the well-known show ip interface brief display as the IPv6 address might not fit in the same line as all the other data. To filter the printout and display only the operational interfaces, you have to replace the include filter with the section filter, which displays all the lines matching the regular expression as well as associated follow-up lines.

PE-A#show ipv6 interface brief | section up
Serial1/0                  [up/up]
    unassigned
Serial1/1                  [up/up]
    FE80::C800:CFF:FEA7:0
Loopback0                  [up/up]
    unassigned

The definition of the associated follow-up lines depends on the printout. Usually the indented lines are assumed to belong to a section, but you might be surprised.

Display the names of the configured route-maps

I'm probably getting old … I keep forgetting the exact names (and capitalization) of route-maps I've configured on the router. The show route-maps command is way too verbose when I'm simply looking for the exact name of the route-map I want to use, so I wrote a Tcl script that displays the names of the route-maps configured on the router. If you add a -d switch, it also displays their descriptions (to be more precise, the first description configured in the route-map).

When using the -d switch, the script executes the show running command and might take a while to complete.

To use the script, download the routeMaps.tcl file (available from my web site) into the router's flash and follow the installation instructions in the source.

Here is a sample printout from one of my routers:

R1#show alias | include rm

  rm                    tclsh flash:routeMaps.tcl
R1#rm
LocPref
SetCommunity
TestRange
prepend
 
R1#rm -d
Route map name       Description
========================================================================
LocPref
SetCommunity         Sets time-based communities on local routes
TestRange
prepend

Show active IOS processes

You can use the show process cpu sorted command in combination with an output filter to display only those IOS processes that consumed noticeable amount of CPU time in the last five minutes, last minute or last five seconds. Use the following patterns to construct your regular expression:

• The [0-9.]+% pattern will match any non-zero percentage;
• The 0.00% pattern will obviously match the zero-percentage display;
• As the percentage figures are separated by various amounts of whitespace characters, we have to use the ' +' pattern to match those;

The show filter should exclude the processes that have the zero percentage in the desired column and any percentage in the other two columns (any other filter would show too many or too few processes). To display processes active in the last minute, use the show process cpu sorted 1min | exclude [0-9.]+% +0.00% +[0-9.]+% command (and define an alias to make it easier to use).You could use these configuration commands to define the aliases:

alias exec cpu1min show process cpu sorted 1min | exclude [0-9.]+% +0.00%
+[0-9.]+%
alias exec cpu5sec show process cpu sorted 5sec | exclude 0.00% +[0-9.]+% +[0-9.]+%
alias exec cpu5min show process cpu sorted 5min | exclude [0-9.]+% +[0-9.]+% +0.00%

A sample printout from one of my routers is included:

rtr#cpu1min
CPU utilization for five seconds: 4%/0%; one minute: 2%; five minutes: 2%
 PID Runtime(ms)   Invoked      uSecs   5Sec   1Min   5Min TTY Process
   5    27260472   1470452      18538  0.00%  1.74%  1.78%   0 Check heaps
  62         536       226       2371  3.27%  0.52%  0.15%   2 Virtual Exec
  30      248000    230369       1076  0.16%  0.07%  0.02%   0 IP Input
  25      617780     25736      24004  0.00%  0.03%  0.00%   0 Per-minute
  43          32       485         65  0.00%  0.01%  0.00%   0 TCP Timer

Display IP packet filters attached to router's interfaces

A few days ago, Jeremy Stretch asked me whether there's a command to display packet lists attached to router's interfaces. While he got pretty far with the output filters, he would like to have a nice tabular format as well as the contents of the access lists displayed next to the interfaces. The show ip access-list interface name command comes pretty close, but it displays the information only for a single interface, so it was time to write another Tcl script. To install it on your router:

1. Download it from my web site and copy it to your router's flash or NVRAM.
2. Define an alias, for example alias exec filters tclsh flash:packetFilters.tcl.

The script recognizes two parameters: the all parameter displays all interfaces, including ones with no access lists and the verbose parameter displays the contents of the access list after the interface name.

Here are a few sample printouts from one of my lab routers:

R2#filters
Interface Inbound Outbound
=========================================================
Serial1/0 101
Serial1/2 ICMP 101

R2#filters verbose

Serial1/0
====================
in: Extended IP access list 101
    10 permit ip any any (2012 matches)

Serial1/2
====================
in: Extended IP access list ICMP
    10 deny icmp any host 10.0.1.2 echo
    20 deny icmp any host 10.2.0.2 echo
    30 permit ip any any (637 matches)

out:Extended IP access list 101
    10 permit ip any any (2012 matches)

Note: This article is part of You've asked for it series.

Display OSPF neighbor sorted by OSPF process ID

I had two issues with the show ip ospf neighbors command:

• It is not sorted by the OSPF process ID, so you get a mess if you have more than one OSPF process and don't specify the process ID in the show command
• It does not display the OSPF area the neighbor belongs to

To fix both problems, I wrote a Tcl script that displays OSPF neighbors sorted by process ID and includes the fields I wanted to have. To install it on your router:

1. Download it from my web site.
2. Copy the ospfNeighbors.tcl file to your router's flash (or NVRAM).
3. Define an alias, for example alias exec ospf tclsh flash:ospfNeighbors.tcl.

Here is a sample printout produced on my lab router:

a1#ospf

OSPF neighbors for process ID 1

Router ID       Area    State      Address         Interface
172.16.0.21     0       FULL       172.16.1.2      Serial0/0/0.100
172.16.0.12     0       FULL/DR    10.0.0.6        FastEthernet0/0

OSPF neighbors for process ID 2

Router ID       Area    State      Address         Interface
172.16.1.5      2       FULL       10.3.1.2        Serial0/1/0

Skip the “show ip route” legend

Are you as upset as I am with the constant display of the legend in front of the routes displayed with the show ip route command? Two output filters can help you.The easier one is show ip route parameters ¦ begin Gateway (as there is always a line starting with Gateway of last resort ...) before the actual IP routes:

a1#show ip route 172.16.0.0 longer ¦ begin Gateway
Gateway of last resort is not set

     172.16.0.0 255.255.0.0 is variably subnetted, 4 subnets, 2 masks
O       172.16.0.21 255.255.255.255
           [110/51] via 172.18.1.2, 00:04:56, Serial0/0/0.100
O       172.16.0.12 255.255.255.255
           [110/65] via 172.18.1.6, 00:04:56, Serial0/1/0
C       172.16.0.11 255.255.255.255 is directly connected, Loopback0
O       172.16.1.4 255.255.255.252
           [110/113] via 172.18.1.6, 00:04:56, Serial0/1/0

A slightly more complex one matches the first line that has a digit after the leading white space.

a1#show ip route 172.16.0.0 longer ¦ begin ^ +[0-9]+
     172.16.0.0 255.255.0.0 is variably subnetted, 4 subnets, 2 masks
O       172.16.0.21 255.255.255.255
           [110/51] via 172.18.1.2, 00:08:55, Serial0/0/0.100
O       172.16.0.12 255.255.255.255
           [110/65] via 172.18.1.6, 00:08:55, Serial0/1/0
C       172.16.0.11 255.255.255.255 is directly connected, Loopback0
O       172.16.1.4 255.255.255.252
           [110/113] via 172.18.1.6, 00:08:55, Serial0/1/0

If only IOS would have more decent regular expressions, like \s and \d ...

Update: The “show ip interface” command I've always wanted to have

After I've published the Tcl script that displays the interface IP parameters in a formatted table, cos quickly pointed out a bug: I've expected the IP addresses in the address mask format. In the meantime, I've figured out the root cause of the problem (our remote labs are set to display IP masks in decimal format for compatibility reasons) and fixed the Tcl script. It temporarily sets the terminal ip netmask-format to bit-count before executing the show command. The new script recognizes three parameters:

• active: display only interfaces that are up/up;


• configured: display only interfaces with configured IP addresses (unnumbered interfaces using IP address of an interface without one count as configured since IOS reports their IP address as 0.0.0.0).


• address: displays IP address of the unnumbered interface, not the interface that it's borrowing the address from.

You can view the Tcl source or download it from my web site.

The “show ip interface” command I've always wanted to have

Recently I was investigating MTU-related problems and got mightily upset when I had to search for the interface IP MTU size in the long printout produced by the show ip interface command. Obviously I could display the IP MTU size of a single interface with the show ip interface name | include MTU filter, but I wanted to have a nice tabular printout. Obviously it was time for another Tcl script.

To use it, download it and store it into the flash memory of your router. Configure alias exec ipconfig tclsh flash:ipInterfaces.tcl and you can use ipconfig or ipconfig active to display interface IP addresses.Included below are sample printouts:

ro#ifconfig
Interface         IP Address      Mask            MTU  State
=================================================================
FastEthernet0/0   172.18.25.1     255.255.255.0   1500 up
FastEthernet0/1   no address                           admin down
Serial0/0/0       no address                           up
Serial0/0/0.101   192.168.201.2   255.255.255.252 1500 up
Serial0/1/0       no address                           up/down
Serial0/1/1       no address                           down
Tunnel0           FastEthernet0/0                 1476 up

ro#ifconfig active
Interface         IP Address      Mask            MTU  State
=================================================================
FastEthernet0/0   172.18.25.1     255.255.255.0   1500 up
Serial0/0/0.101   192.168.201.2   255.255.255.252 1500 up
Tunnel0           FastEthernet0/0                 1476 up

Tcl script to display Frame Relay DLCI status

In my IP Corner article, Enhance the IOS User Interface, I've included a short Tcl script that displays the list of all DLCIs on the router in a nice tabular format. If you'd like to have them grouped by interface, you can use this Tcl script. To use it, download it and store it into your router's flash. Define an alias: alias exec dlci tclsh flash:dlci.tcl. Now you can use the new dlci command to display nicely formatted list of DLCI's.Here is a sample printout:

rtr#dlci

Interface Serial0/0/0

DLCI  Status    Usage    Interface
=============================================
100   ACTIVE    LOCAL    Serial0/0/0.100
200   ACTIVE    UNUSED
301   ACTIVE    UNUSED
401   ACTIVE    UNUSED

Interface Serial0/1/0 (DCE)

DLCI  Status    Usage    Interface
=============================================
213   ACTIVE    LOCAL
214   ACTIVE    LOCAL
301   INACTIVE  SWITCHED

Interface Tunnel0

DLCI  Status    Usage    Interface
=============================================
301   ACTIVE    SWITCHED

Display the EIGRP stub neighbors

If you've deployed EIGRP stub routers in your network, you'd probably like to know which neighbors of a particular router are stub routers. Unfortunately, the only command to display a neighbor's stub status is the show ip eigrp neighbor detail command, which is a bit too verbose for what we need. In my latest IP Corner article, Enhance the IOS User Interface, I'm focusing on the stub routers in the EIGRP example section, where you'll find how to minimize the length of the show ip eigrp neighbor detail printout.

Note: You can get in-depth information on EIGRP stub routers in the virtual classroom recording available free-of-charge from www.nil.com.

Periodic execution of IOS show commands

If you want to execute IOS show commands periodically (for example, to monitor router status or take snapshots of routing tables), you can combine new output redirection features introduced in IOS release 12.2T in an Embedded Event Manager (EEM) applet. For example, to store the brief interface status into a file on an FTP server, use the following EEM applet:

event manager applet SaveInterfaceStatus
 event timer watchdog name SaveIfStat time 60
 action 1.0 cli command "show ip interface brief | redirect ftp://username@password:host/path"
 action 2.0 syslog msg "Interface status saved"

Notes:

• The timer watchdog EEM event defines a recurring event triggered every X seconds.
• Output of a show command can be redirected only to a TFTP or FTP server, redirection to a web (HTTP) server does not work yet.
• The syslog action is configured for debugging purposes only and can be removed in production environment.
• More complex functionality (for example, sending show command output in an email) can be implemented with help of Tcl EEM policies

Enhance the IOS user interface

Have you ever wanted to fine-tune the IOS show commands to provide you with the exact information you need instead of having to dig through long screens full of data you are not interested in to find what you need?

In this month's IP Corner article, Enhance the IOS User Interface, I'm describing how to use simple filters provided by the Cisco IOS to pick only the information you need from the printouts, as well as how to generate tailored printouts (even combining outputs from multiple show commands) with Tcl shell introduced in IOS release 12.3(2)T.

Save IOS printouts in a file

IOS release 12.2(13)T (integrated in IOS release 12.3) has added the capability to redirect output of an IOS show command to a file. This feature uses Unix-style pipes (similar to the include, exclude and section keywords) and adds append, redirect and tee (redirect + print) keywords.

The show output can be redirected to a local filename (in flash, on usb token or even in NVRAM) or sent to a remote server (currently only FTP and TFTP servers are supported). For example, the show ip interface brief | redirect ftp://student:lab@192.168.0.10/ifstatus command will store the current interface status to an FTP server.

Note: the append (or tee /append) operation only works on destinations that support the file append operation: class-C flash file systems, local disks, USB tokens and NVRAM.

Summarize IOS printouts (example: Frame Relay DLCIs)

I've always wanted a short summary display of DLCIs configured on my Frame Relay boxes (or whatever your favorite WAN technology is), but the only printout I would get from the router would be the lengthy show frame pvc printout. Fortunately, a judicious use of output filters can get you a summary printout from almost anything Cisco IOS produces.For example, I would like to see just the highlighted lines in my show frame pvc printout:

b2#show frame pvc

PVC Statistics for interface Serial0/0/0 (Frame Relay DTE)

              Active     Inactive      Deleted       Static
  Local          1            0            0            0
  Switched       0            0            0            0
  Unused         3            0            0            0

DLCI = 101, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0.101

  input pkts 1003          output pkts 948          in bytes 107601
  out bytes 106438         dropped pkts 68          in pkts dropped 68
  out pkts dropped 0       out bytes dropped 0
... rest deleted ...

The first line I'm interested in contains the pattern for interface, the second one DLCI USAGE. My output filter would thus have to match any one of these patterns:

b2#show frame pvc ¦ include (for interface¦DLCI USAGE)
PVC Statistics for interface Serial0/0/0 (Frame Relay DTE)
DLCI = 101, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0.101
DLCI = 201, DLCI USAGE = UNUSED, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0
DLCI = 302, DLCI USAGE = UNUSED, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0
DLCI = 401, DLCI USAGE = UNUSED, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0

And to add icing on the cake, I defined an alias with the alias exec dlci show frame pvc ¦ include (for interface ¦ DLCI USAGE) configuration command. Now I can display the FR DLCI status with a simple dlci command.