4.2 KiB
Configuration
Hyperglass configuration files are stored in hyperglass/hyperglass/configuration/, in TOML format.
hyperglass/configuration/
├── blacklist.toml
├── commands.toml
├── configuration.toml
├── devices.toml
└── requires_ipv6_cidr.toml
Blacklist
Blacklisted querys are defined in hyperglass/hyperglass/configuration/blacklist.toml
The blacklist is a simple TOML array (list) of host IPs or prefixes that you do not want end users to be able to query. For example, if you have one or more hosts/subnets you wish to prevent users from looking up (or any contained host or prefix), add them to the list.
Example
blacklist = [
'198.18.0.0/15',
'2001:db8::/32',
'10.0.0.0/8',
'192.168.0.0/16',
'172.16.0.0/12'
]
When users attempt to query a matching host/prefix, they will receive the following error message by default:
Commands
Commands are defined in hyperglass/hyperglass/configuration/commands.toml. A table for each NOS (Network Operating System) contains three nested tables: dual, ipv4, and ipv6.
| Table | Function | Commands |
|---|---|---|
| dual | Protocol agnostic commands | bgp_community bgp_aspath |
| ipv4 | IPv4-specific commands | bgp_route ping traceroute |
| ipv6 | IPv6-specific commands | bgp_route ping traceroute |
Variables
The following variables can be used in the command definitions.
{target}Maps to search box input.{src_addr_ipv4}Maps to src_addr_ipv4{src_addr_ipv6}Maps to src_addr_ipv6
Example
[[cisco_ios]]
[cisco_ios.dual]
bgp_community = "show bgp all community {target}"
bgp_aspath = 'show bgp all quote-regexp "{target}"'
[cisco_ios.ipv4]
bgp_route = "show bgp ipv4 unicast {target} | exclude pathid:|Epoch"
ping = "ping {target} repeat 5 source {src_addr_ipv4}"
traceroute = "traceroute {target} timeout 1 probe 2 source {src_addr_ipv4}"
[cisco_ios.ipv6]
bgp_route = "show bgp ipv6 unicast {target} | exclude pathid:|Epoch"
ping = "ping ipv6 {target} repeat 5 source {src_addr_ipv6}"
traceroute = "traceroute ipv6 {target} timeout 1 probe 2 source {src_addr_ipv6}"
[[cisco_xr]]
[cisco_xr.dual]
bgp_community = 'show bgp all unicast community {target} | utility egrep -v "\(BGP |Table |Non-stop\)"'
bgp_aspath = 'show bgp all unicast regexp {target} | utility egrep -v "\(BGP |Table |Non-stop\)"'
[cisco_xr.ipv4]
bgp_route = 'show bgp ipv4 unicast {target} | util egrep "\(BGP routing table entry|Path \#|aggregated by|Origin |Community:|validity| from \)"'
ping = "ping ipv4 {target} count 5 source {src_addr_ipv4}"
traceroute = "traceroute ipv4 {target} timeout 1 probe 2 source {src_addr_ipv4}"
[cisco_xr.ipv6]
bgp_route = 'show bgp ipv6 unicast {target} | util egrep "\(BGP routing table entry|Path \#|aggregated by|Origin |Community:|validity| from \)"'
ping = "ping ipv6 {target} count 5 source {src_addr_ipv6}"
traceroute = "traceroute ipv6 {target} timeout 1 probe 2 source {src_addr_ipv6}"
[[juniper]]
[juniper.dual]
bgp_community = "show route protocol bgp community {target}"
bgp_aspath = "show route protocol bgp aspath-regex {target}"
[juniper.ipv4]
bgp_route = "show route protocol bgp table inet.0 {target} detail"
ping = "ping inet {target} count 5 source {src_addr_ipv4}"
traceroute = "traceroute inet {target} wait 1 source {src_addr_ipv4}"
[juniper.ipv6]
bgp_route = "show route protocol bgp table inet6.0 {target} detail"
ping = "ping inet6 {target} count 5 source {src_addr_ipv6}"
traceroute = "traceroute inet6 {target} wait 1 source {src_addr_ipv6}"
IPv6 CIDR Format Required
Some platforms (namely Cisco IOS) are unable to perform a BGP lookup by IPv6 host address (e.g. 2001:db8::1), but must perform the lookup by prefix (e.g. 2001:db8::/48). requires_ipv6_cidr.toml is a list (TOML array) of network operating systems that require this (in Netmiko format).
Example
requires_ipv6_cidr = [
"cisco_ios",
"cisco_nxos"
]