Connected networks do not match across cluster members-juniper-junos

Connected networks do not match across cluster members-juniper-junos

Vendor: juniper

OS: junos

Description:
Indeni will identify when two devices are part of a cluster and alert if the networks they are directly connected to do not match.

Remediation Steps:
Ensure all of the required ports are configured correctly on all cluster members, including the subnet mask.

How does this work?
This script extracts the networks directly connected to a device by running the command “show route protocol direct terse” via SSH connection to a device.

Why is this important?
The IPs configured on ports define networks directly connected to a device.

Without Indeni how would you find this?
An administrator could log on to the device to run the command “show route protocol direct terse” to collect the same information.

junos-show-route-protocol-direct-terse

name: junos-show-route-protocol-direct-terse
description: JUNOS get directly connected network information
type: monitoring
monitoring_interval: 5 minute
requires:
    vendor: juniper
    os.name: junos
    product: firewall
comments:
    connected-networks-table:
        why: |
            The IPs configured on ports define networks directly connected to a device.
        how: "This script extracts the networks directly connected to a device by\
            \ running the command \"show route protocol direct terse\" via SSH connection\
            \ to a device. \n"
        without-indeni: |
            An administrator could log on to the device to run the command "show route protocol direct terse" to collect the same information.
        can-with-snmp: false
        can-with-syslog: false
        vendor-provided-management: The commamnd line is available to retrieve this
            information
steps:
-   run:
        type: SSH
        command: show route protocol direct terse
    parse:
        type: AWK
        file: show-route-protocol-direct-terse.parser.1.awk

connected_tables_comparison_vsx

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.rulesForTests.templatebased.crossvendor

import com.indeni.server.common.data.conditions.{Equals => DataEquals}
import com.indeni.server.rules.library.templates.SnapshotComparisonTemplateRule
import com.indeni.server.rules.RemediationStepCondition

/**
  *
  */
case class connected_tables_comparison_vsx() extends SnapshotComparisonTemplateRule(
  ruleName = "connected_tables_comparison_vsx",
  ruleFriendlyName = "Clustered Devices: Connected networks do not match across cluster members",
  ruleDescription = "Indeni will identify when two devices are part of a cluster and alert if the networks they are directly connected to do not match.",
  metricName = "connected-networks-table",
  applicableMetricTag = "vs.name",
  metaCondition = DataEquals("vsx", "true"),
  isArray = true,
  alertDescription = "Devices that are part of a cluster must have the same directly connected networks. Review the differences below.",
  baseRemediationText = "Ensure all of the required ports are configured correctly on all cluster members, including the subnet mask.")(
  RemediationStepCondition.VENDOR_CISCO ->
    """|
      |1. Ensure all of the required interfaces are configured accordingly on all cluster members.
      |2. Consider to suspending this alert in case of orphan ports configured to one of the vPC peer switches.""".stripMargin
)