This Module is intend to make generating/modifying Cisco SD-WAN Policy easier as well as backing up policy.
Currently tested on 19.1.x and 19.2.x vManage.
Also included two cli tools for easiler backup/restore policy and template base on the project.
pip install cisco-sdwan-policy
from cisco_sdwan_policy import * # vManage Info server_info = { "hostname":"198.18.1.10", "port":8443, "username":"admin", "password":"admin" } # Load all policy in vManage pl = PolicyLoader.init(server_info) pl.load() # Show all the loaded Policy. print([i.name for i in pl.main_policies]) print([i.name for i in pl.topo_policies]) print([i.name for i in pl.traffic_policies]) print([i.name for i in pl.list_policies]) # Create a new Policy prefix_list1=[ "10.0.0.0/24" ] prefix_list2=[ "192.168.1.0/24" ] # Create Prefix list data_prefix_source = DataPrefix(name="Prefix_source2",prefix_list=prefix_list1,is_ipv6=False) data_prefix_dest = DataPrefix(name="Prefix_dest2",prefix_list=prefix_list2,is_ipv6=False) # Create Policer pc = Policer("SpeedLimit1",rate="150000",exceed="drop",burst="15000") # Create Site List site = Site("TestSite2",["100","1000-2000"]) # Create VPN List vpn = Vpn("TestVPN2",["10"]) sq = Sequence(1,"Custom","data","accept","ipv4",match=[],actions=[]) # Create Match sq.add_match("sourceDataPrefixList",data_prefix_source) sq.add_match("destinationDataPrefixList",data_prefix_dest) # Create Action sq.add_action("set","policer",pc) sq.add_action("nat","useVpn","0") sq.add_action("nat","fallback","") print(sq.to_json()) # Create Data Policy dp = DataPolicy("NAT_Data_policy2","NAT",[sq],default_action="accept") # Create Main Policy main_policy = MainPolicy(name="API_Policy",description="API",control_policy_list=[],data_policy_list=[],vpn_membership_list=[],approute_policy_list=[]) main_policy.add_data_policy(dp,"service",[site],[vpn]) # Print Policy json print(main_policy.to_json()) # Save Policy (Create) main_policy.save()
The Server Info Part:
server_info = { "hostname":"198.18.1.10", "port":8443, "username":"admin", "password":"admin", "tenant": "xxx" }
When re-initiating ViptelaRest class, all the existing object will auto change to new server as well, so make sure to reload the policy after changing server info
pip install cisco-sdwan-policy
sdwan-template-tool -h
Example usage:
[*] Transfer template test: sdwan-template-tool --mode=transfer --template=test --server1-ip=10.0.0.1 --server1-port=443 --server1-user=admin --server1-pw=admin --server2-ip=10.0.0.2 --server2-port=443 --server2-user=admin --server2-pw=admin [*] Backup all template: sdwan-template-tool --mode=backup --all-template --file=backup.json --server1-ip=10.0.0.1 --server1-port=443 --server1-user=admin --server1-pw=admin [*] Restore template from a file: sdwan-template-tool --mode=restore --file=backup.json --server1-ip=10.0.0.1 --server1-port=443 --server1-user=admin --server1-pw=admin```
sdwan-policy-tool -h
Example usage:
[*] Transfer policy 'Policy1': sdwan-policy-tool --mode=transfer --policy=Policy1 --server1-ip=10.0.0.1 --server1-port=443 --server1-user=admin --server1-pw=admin --server2-ip=10.0.0.2 --server2-port=443 --server2-user=admin --server2-pw=admin [*] Backup all policy: sdwan-policy-tool --mode=backup --all-policy --file=backup.json --server1-ip=10.0.0.1 --server1-port=443 --server1-user=admin --server1-pw=admin [*] Restore policy from a file: sdwan-policy-tool --mode=restore --file=backup.json --server1-ip=10.0.0.1 --server1-port=443 --server1-user=admin --server1-pw=admin
Below is the example of backing up policy into a json file, then transfer policy to a new vManage or restore to existing vManage. You can also tranfer policies between tenants.
Below is the example of transfering a main policy from tenant 1 to tenant 2, and all the policy dependencies will automatically be transferred as well.
Below is the example of generate a IP list base on given domains, useful for not supported applications.
Before using this, please install sublist3r manually, it's not supported yet.
More examples will be added later.
If you have any issues or a pull request, you can submit a Issue or contact me directly。
My Cisco CEC ID: jiaminli
Pull request of enhancements and examples are welcomed!
Owner
Contributors
Categories
Products
Catalyst SD-WANProgramming Languages
PythonLicense
Code Exchange Community
Get help, share code, and collaborate with other developers in the Code Exchange community.View Community