Cisco AURA-SDWAN (SURE) Command Line tool performs a total of 30(Non Cluster Mode) or 36(Cluster Mode) checks at different levels of the SDWAN overlay. The purpose of the tool is to prevent potential failures and recommend corrective actions for a seamless upgrade process. The tool retrieves data using GET API Calls and show/shell commands.
The objective is to execute without impact the performance of the vManage or other devices.
- Simple and straighfroward, uses default python modules that are already available on the vManage server
- Automatically generates TXT report.
- Only requires – vManage and password.
- To Execute, simply copy the file to the vManage and run it on the server.
- Not Intrusive
- Run Time - usually less than 60 seconds, depending on your deployment size
- Root access is not required to perform any check.
- No data is collected or shared to anyone. All information used by the tool, remains in the provided report and logs
- Doesn't use Real Time APIs that have scale limitations
IF YOU HAVE ANY QUESTIONS OR FEEDBACK, reach out to [email protected]
- vManage user with admin OR RO network operator privileges
- The vManage user password must not contain the "!" character.
Identify which python version file to execute based on the vManage version.
| vManage version | Python version | Python File to execute |
|---|---|---|
| below 20.5 | Python2 | python2/py2_sure.py |
| 20.5 onwards | Python3 | python3/py3_sure.py |
Download the respective Python version file.
Note: The application can be downloaded under any desired directory, typically it is downloaded under the user home directory.
Option 1. Isolated environment.
Obtain file content from this site, then copy via SCP to the server.
scp source_file.py {user}@{vManageIP}:/home/{user}
Option 2. Paste Method.
- Open py2_sure.py OR py3_sure.py file, select all and copy to clipboard
- SSH to the vManage, and do vshell command
- Open vi, press Esc and then i (letter i), then paste the content
- Press Esc, :wq (symbol : and letters w,q) to save it
Option 3. WGET
wget https://raw.githubusercontent.com/CiscoDevNet/sure/main/python3/py3_sure.py
wget https://raw.githubusercontent.com/CiscoDevNet/sure/main/python2/py2_sure.py
Command Line Options
usage: sure.py [-h] [-q] [-v] [-d] -u USERNAME
SURE - SDWAN Uprade Readiness Engine - v3.2.1
optional arguments:
-h, --help show this help message and exit
-q, --quiet Quiet execution of the script
-v, --verbose Verbose execution of the script
-d, --debug Debug execution of the script
-u USERNAME, --username USERNAME
vManage Username
-vp VMANAGE_PORT, --vmanage_port VMANAGE_PORT
vManage PasswordREQUIRED Arguments: You must provide the vManage .
OPTIONAL Arguments: Enter the vManage Port.
- Quiet Execution Mode -q/--quiet
- Verbose Execution Mode -v/--verbose
- Debug Execution Mode -d/--debug
> By default the script runs in the normal execution mode
> In order to change the execution mode enter the desired flag.
- vManage Port -p/--vmanage_port > Note: The default vmanage_port is 8443,
> https://{vManage_localip}:8443//dataservice system/ device/vedges
> if the port has been changed from 8443 to another port, use --vmanage_port/-p argument.
> https://{vManage_localip}:{vmanage_port}//dataservice system/device/vedges
Example:
| Execution Options | Python2 | Python3 |
|---|---|---|
| Normal Execution Mode | python py2_sure.py -u | python3 py3_sure.py -u |
| Quiet Execution Mode | python py2_sure.py -q -u | python3 py3_sure.py -q -u |
| Verbose Execution Mode | python py2_sure.py -v -u | python3 py3_sure.py -v -u |
| Debug Execution Mode | python py2_sure.py -d -u | python3 py3_sure.py -d -u |
| Specify vManage Port | python py2_sure.py -u -vp | python3 py3_sure.py -u -vp |
After executing the python/python3 command, there will be a input prompt to enter the vManage Password.
vmanage-cluster1:~$ python3 py3_sure.py -u <username>
vManage Password (Note: Tool doesn't support passwords containing "!") :Normal Execution:
CLI Output on executing the script in normal mode.
vmanage-cluster1:~$ python3 py3_sure.py -u <username>
vManage Password:
#########################################################
### SURE – Version 3.2.1 ###
#########################################################
### Performing SD-WAN Upgrade Readiness Check ###
#########################################################
*Starting Checks, this may take several minutes
**** Performing Critical checks
Critical Check:#01
Critical Check:#02
Critical Check:#03Quiet Execution mode
In the quiet execution mode it quietly performs all the checks and on completion it provides the locations of the report and logs files that were generated.
vmanage-cluster1:~$ python3 py3_sure.py -q -u <username>
vManage Password:
#########################################################
### SURE – Version 3.2.1 ###
#########################################################
### Performing SD-WAN Upgrade Readiness Check ###
#########################################################
*Starting Checks, this may take several minutes
******
Cisco SDWAN SURE tool execution completed. Verbose Execution mode
In this mode the progress of the checks being performed can be monitored from the cli.
vmanage-cluster1:~$ python3 py3_sure.py -v -u <username>
vManage Password:
#########################################################
### SURE – Version 3.2.1 ###
#########################################################
### Performing SD-WAN Upgrade Readiness Check ###
#########################################################
*Starting Checks, this may take several minutes
**** Performing Critical checks
#01:Checking:vManage:Validate current version
#02:Checking:vManage:vManage sever disk space
#03:Checking:vManage:Memory size
#04:Checking:vManage:CPU Count3. Debug Execution mode
In the debug mode you can monitor the check performed and check analysis from the cli.
vmanage-cluster1:~$ python3 py3_sure.py -d -u <username>
vManage Password:
#########################################################
### SURE – Version 3.2.1 ###
#########################################################
### Performing SD-WAN Upgrade Readiness Check ###
#########################################################
*Starting Checks, this may take several minutes
**** Performing Critical checks
#01:Checking:vManage:Validate current version
INFO:Direct Upgrade to 20.5 is possible
#02:Checking:vManage:vManage sever disk space
INFO:Enough Disk space available to perform the upgrade
******
Cisco SDWAN SURE tool execution completed.
Total Checks Performed: 35
Overall Assessment: 4 Critical errors, 2 Warnings, please check report for details.
-- Full Results Report: sdwan_sure/sure_report_03_09_2021_11_35_56.txt
-- Logs: sdwan_sure/sure_logs_03_09_2021_11_35_56.log
-- Json Summary: sdwan_sure/sure_json_summary_03_09_2021_11_35_56.json
Reach out to [email protected] if you have any questions or feedback
criticalChecknine(es_indices_est, server_type, cluster_size, cpu_count, total_devices, dpi_status)
-
GET API Calls
- https://{vManage_localip}:{Port}/dataservice/system/device/controllers
- https://{vManage_localip}:{Port}/dataservice/system/device/vedges
- https://{vManage_localip}:{Port}/dataservice/statistics/settings/status
- https://{vManage_localip}:{Port}/dataservice/management/elasticsearch/index/size/estimate
- https://{vManage_localip}:{Port}/dataservice/device/system/synced/status?deviceId={}
- https://{vManage_localip}:{Port}/dataservice/clusterManagement/list
- https://{vManage_localip}:{Port}/dataservice/disasterrecovery/details
- https://{vManage_localip}:{Port}/dataservice/device/action/status/tasks
- https://{vManage_localip}:{Port}/dataservice/device/vmanage
- https://{vManage_localip}:{Port}/dataservice/device/ntp/associations?deviceId={deviceIP} <<<<<<< HEAD =======
dev
- show/shell commands
Checks with severity level: CRITICAL
#01:Check:vManage:Validate current version
#02:Check:vManage:vManage:At minimum 20% server disk space should be available
#03:Check:vManage:Memory size
#04:Check:vManage:CPU Count
#05:Check:vManage:ElasticSearch Indices status
#06:Check:vManage:Look for any neo4j exception errors
#07:Check:vManage:Validate all services are up
#08:Check:vManage:Elasticsearch Indices version
#09:Check:vManage:Evaluate incoming DPI data size
#10:Check:vManage:NTP status across network
#11:Check:vManage:Validate Neo4j Store version
#12:Check:vManage:Validate ConfigDB Size is less than 5GB
#13:Check:vManage:Validate UUID from server configs file
#14:Check:vManage:Validate server configs file on vManage
#15:Check:vManage:Validate UUID at /etc/viptela/uuid
#16:Check:Controllers:Validate vSmart/vBond CPU count for scale
#17:Check:Controllers:Verify if stale entry of vManage+vSmart UUID present on any one cEdge
Checks with severity level: WARNING
#1:Check:vManage:Network Card type
#2:Check:vManage:Backup status
#3:Check:vManage:Evaluate Neo4j performance
#4:Check:vManage:Confirm there are no pending tasks
#5:Check:vManage:Validate there are no empty password users
#6:Check:Controllers:Controller versions
#7:Check:Controllers:Confirm Certificate Expiration Dates
#8:Check:Controllers:vEdge list sync
#9:Check:Controllers: Confirm control connections
Checks with severity level: INFORMATIONAL
#1:Check:vManage:Disk controller type
#2:Check:Controllers:Validate there is at minimum vBond, vSmart present
#3:Check:Controllers:Validate all controllers are reachable
Cluster Checks with severity level: CRITICAL
#1:Check:Cluster:Version consistency
#2:Check:Cluster:Cluster health
#3:Check:Cluster:Cluster ConfigDB topology
#4:Check:Cluster:Messaging server
#5:Check:Cluster:DR replication status
#6:Check:Cluster:Intercluster communication