Validations ============ Validations are split up into features and their different sub-features that can be validated. +----------------+------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | Feature | Sub-feature | Description | Strict | IOS-XE | NXOS | ASA | WLC | Palo | Viptela | +================+==================+========================================================+========+========+======+=====+======+=======+==========+ | system | image | Software version | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | + +------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | | mgmt_acl | Management ACLs | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | + +------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | | module | Model & status (implicit) | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | + +------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | | sla | IP, RTT & status (implicit) | ❌ | ✅ | ❌ | ❌ | ❌ | ✅ | ❌ | +----------------+------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | redundancy | ha_state | Local & peer state | ❌ | ✅ | ❌ | ✅ | ✅ | ✅ | ❌ | + +------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | | sw_stack | Switch, role, priority & state (implicit) | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | +----------------+------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | neighbor | cdp | Neighbor name & port | ❌ | ✅ | ✅ | ❌ | ✅ | ❌ | ❌ | + +------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | | lldp | Neighbor name & port | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | +----------------+------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | intf_bonded | port-channel | Interface members (strict) & status (implicit) | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | + +------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | | vpc | VPC status (implicit), port-channels & VLANs (strict) | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | +----------------+------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | interface | intf | Port speed, duplex, type & status (implicit) | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | + +------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | | switchport | Switchport mode & VLANs | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | + +------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | | ip_brief | IP address & status (implicit) | ❌ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | +----------------+------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | layer2 | vlan | VLAN interfaces | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | + +------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | | stp_vlan | Per-VLAN interfaces STP state (implicit FWD) | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | + +------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | | mac_table | Total & per-VLAN MAC count | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | +----------------+------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | fhr | hsrp | Interface, priority & state | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | +----------------+------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | route_table | vrf | VRF interfaces | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | + +------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | | route_count | Per-VRF routing table subnet count | ❌ | ✅ | ✅ | ✅ | ❌ | ✅ | ❌ | + +------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | | route | Per-VRF route, type & next-hops (strict) | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ❌ | +----------------+------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | route_protocol | eigrp_intf_nbr | Interfaces, neighbors & state (implicit) | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | + +------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | | ospf_intf_nbr | Interfaces, neighbors & state (implicit) | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | + +------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | | ospf_lsdb_count | Total LSAs per-OSPF process | ❌ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | + +------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | | bgp_peer | BGP peer, ASN and received prefix count | ✅ | ✅ | ✅ | ✅ | ❌ | ✅ | ❌ | +----------------+------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | fw | conn_count | Total firewall connections | ❌ | ❌ | ❌ | ✅ | ❌ | ✅ | ❌ | +----------------+------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | auth_session | mab_count | Total MAB Sessions | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | + +------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | | dot1x_count | Total dot1x Sessions | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | +----------------+------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | evpn | nve_vni | NVE L3VNI/ VRF or L2VNI/ BDI & state (implicit) | ❌ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | + +------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | | nve_peer | NVE peers & state (implicit) | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | +----------------+------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | vpn | sts_peer | VPN peers & state (implicit) | ✅ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | + +------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | | ac_user | AnyConnect users, group-policy & tunnel-group | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | ❌ | + +------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | | vpn_count | Total StS VPNs and/or AnyConnect users | ❌ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | +----------------+------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | wifi | wlan | WLAN ID, SSID, interface & status (implicit) | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | + +------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | | ap | APs, model, IP & client count on each | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | + +------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | | client_count | Total clients per-WLAN | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | + +------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | | flexconnect | AP count per-flexconn groups | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | + +------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | | intf_grp | Interfaces, WLANs & APs per-group | ❌ | ❌ | ❌ | ❌ | ✅ | ❌ | ❌ | +----------------+------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | sdwan | omp_peer | OMP peer, site-ID, routes (R/I/S) & status (implicit) | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ✅ | + +------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | | control_conn | Neighbor system-IP, site-ID, color & state (implicit) | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ✅ | + +------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ | | bfd_session | Neighbor system-IP, site-ID, color & state (implicit) | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | +----------------+------------------+--------------------------------------------------------+--------+--------+------+-----+------+-------+----------+ General Behaviors ----------------- - **Strict:** Strict validations (dictionary or list) must be an exact match, no more or no less (for example, exact BGP peers) - **Integers (count):** Any output that is a numerical value (route table summary, MAC count, BGP prefixes, etc) can be: - An exact value (integer) - Less than a value (``<15``) - More than a value (``>15``) - Between a range (``10<->20``) - A tolerance percentage either side of a value (``10%15``) - **Implicit (state):** Expects a certain state (like interfaces being *Up*) rather than defining the state manually in the validation file Validation-specific details --------------------------- - **Management ACL:** Allowed addresses for SSH and HTTP on ASA, or the SSH and SNMP extended ACLs (not standard ACLs) on other platforms (assumes +10 for each seq number) - **SLA:** For Palo it is HA path-monitoring and for IOS-XE SDWAN endpoint tracker and endpoint tracker-groups. The *RTT* is rounded up or down to the nearest integer (can't be a float) to allow for the use *lessthan*, *morethan*, etc - **Module:** Assumes an implicit status of ok, this can be overridden such as for *active* or *standby* when validating NXOS supervisors - **Interface:** The speed and duplex do not need to be defined if a port doesn't support these properties (like sub-interfaces) - **Route table:** The next-hop can be: - A single address - A strict list of multiple next-hops - An interface name for directly connected routes - **OSPF:** A dictionary of interfaces with an optional strict list of neighbors (RID) off each interface (expected to be *FULL*, doesn't care about DR, BDR) - **BGP:** For duplicate peers across different address-families the IPv4 address family entry is ignored and the other overlay address family validated (EVPN, MPLS VPN, etc)