Journal of Military Technology Vol. 2, No. 1, Jun.

2019

Integrated Management of Transport and

Commutation Resources over the Network Layer
Marius-Ioan CANDREA-BOZGA and Petrică CIOTÎRNAE

1
Abstract—In the information and automation era, the represents the actions through which network supervision,
activities of today’s society are based on communications control and management are achieved. The control,
media with fast and secure transmission of information. supervision and maintenance functions underpin these
Because of the information dependency, today’s networking
objectives.
solutions must transport more data traffic and deliver it in a
fast and efficient way. It is useless to assign an appropriate Telnet protocol offers support for connecting to a device
epithet to the degree of importance that efficient and accurate which has the support for it and managing it from a remote
design and the use of a management mechanism appropriate to location. There are some requirements that are expected to
the necessity, have in the context of the current society. The be configured before starting a Telnet session with a device.
usage of programming via Python for increasing management These requirements are: configuring a hostname, a logical
capabilities is required in order to do high performance
address, an enable password (for data network devices), a
management of a network. One of the most important aspects
of managing a large scale network that uses various platforms user and a password and at least one VTY line that permits
bought from different vendors is how to manage all these telnet traffic. The main problem of the Telnet protocol is the
systems using a unique management platform. The current lack of security within its session. All the data sent across
paper is concerned with Python capabilities put to good use, to the network are being sent as plain text, neither one of these
develop an Integrated Management platform that performs the sent packets aren’t being encrypted.
management of the devices that form or are part of the
SSH protocol offers a secure alternative for remote
telecommunications network. The topologies and the script
programming were done in GNS3 using Ubuntu Docker management. The SSH creates encrypted sessions using a
Containers with Python installed, to remotely configure public and private key and authenticates the user that tries to
CISCO IOS MultyLayer Switches and Routers. login by comparing the credentials configured to those
entered and then granting access to the legitimate users.
Index Terms—Integrated management; Network management The main focus of a network administrator is to centralize
using Python; Python in networking. all the devices within a monitorization platform and perform
integrated management [11]. A communications network
I. INTRODUCTION consists of different devices that have different uses and
The present-day society we live in is beginning to show capabilities and need different configuration, because a
its dependency on information. Everything that exists switch has a different configuration from a router or a
consists of information and it is necessary for many to firewall. Because of the high amount of data consumption
accomplish their daily working tasks. This need for and the exhaustion of analogical technology development,
information is increasing the data traffic which is getting there is a powerful migration of all devices from analogical
bigger and harder to manage every day. to digital switching.
Higher amounts of information being transferred from Integrated management of all these resources is being
here to there are the main reason for evolving and creating done by some producers within proprietary platforms like
better equipment with specs that enhance switching and PRIME or FABRIC or others like that. The main problem of
routing capabilities, and protocol developments that allow a these platforms is the interoperability with different OS -
better data flow control over the network [1]. Operating Systems and different syntax forms they use, to
All these pieces of equipment which form the configure the equipment and implement their solutions [10].
communications network need to be managed and it is not The goal of the article is to realize that you can create an
possible for a network administrator team that is located in a integrated management of both commutation and transport
town at an office to physically travel the country just to resources over the network layer, free of cost, without buying
deploy a configuration on a device, so it was developed a licenses. In order to achieve this product we will use Python
remote management type [4]. The remote management and libraries that implement Telnet and SSH protocols.
means having logical access to the device as it was in front
of you. Instead of transferring a device located 1000 km II. PYTHON AND PYTHON MODULES
away; one can just configure it by using a remote connection Python is a programming language derived directly from
management tool. Two protocols used for this kind of ABC scripted language. This language is kind-of new
management are Telnet and SSH - Secure Shell [6]. because of its relatively young age of use. The founder of
The action of managing a communications network the language is the well known Guigo van Rossum who
started developing Python in the early year of 1989 from
which he developed a strong and powerful tool for
M.-I. CANDREA-BOZGA is with the Military Technical Academy
“Ferdinand I”, Communication Department, Bucharest, Romania (e-mail: programmers to use worldwide for free. A very important
[email protected]). characteristic of Python is that it can function as a pegboard
P. CIOTÎRNAE is with the Military Technical Academy “Ferdinand I”, language that connects multiple software components that
Communication Department, Bucharest, Romania.

Digital Object Identifier 10.32754/JMT.2019.1.05 27

Journal of Military Technology Vol. 2, No. 1, Jun. 2019

!/usr/bin/env python
are independent in a flexible environment using a simple
import getpass
syntax. The ease with which this language is programmed import sys
dictates that it can serve as a programming environment for import telnetlib

both students and application development experts. # Credentials required to login on the devices
utilizator = raw_input("Introduceti credentialele telnet: ")
The functionality and flexibility of the programming parola = getpass.getpass()
# Open the file that contains the Switches IP's
language is provided by its ability to work with certain s = open ("ipswitch")
libraries, also called modules. These libraries contain for line in s:
print "Se configureaza switch-ul " + (line)
functions and protocol implementations that allow HOST = line.strip()
tn = telnetlib.Telnet(HOST)
developers to create relatively small size but very powerful # It is necesary to use the exact lines that appear at login in the equipment
scripts that can be reused as functions in other scripts. Most tn.read_until("Username: ")
tn.write(utilizator + "\n")
modules are integrated into the Python architecture and are if parola:
tn.read_until("Password: ")
part of the standard library. In order to increase the tn.write(parola + "\n")
effectiveness of the programming language, its developers # CONFIGURATION that will be written on the equipment
tn.write("configure terminal\n")
have allowed the addition of non-standard libraries, with for n in range (2,36):
tn.write("vlan " + str(n) + "\n")
added features being part of the extended Python library [1]. tn.write("name VLanPython" + str(n) + "\n")
One of the libraries that will be used to meet the goal of tn.write("exit\n")
for n in range (0,4):
developing integrated network resource management is tn.write("interface GigabitEthernet3/" + str(n) + "\n")
tn.write("switchport mode access\n")
TelnetLib. TelnetLib is a standard Python Library and is the tn.write("switchport access vlan 1" + str(n) + "\n")
implementation of the Telnet protocol which is being used to tn.write("exit\n")
tn.write("end\n")
make connections to network devices in order to manage them. # Write down the configuration in the memory of the Device
tn.write("write\n")
The second module of interest for the purpose of the work tn.write("exit\n")
is Paramiko. This module is the implementation of SSHv2 # Every command or set entered will be returned
print tn.read_all()
protocol which is used to establish encrypted sessions
Figure 1. Script using TelnetLib module to configure switches
between source and destination. The Paramiko library is an
extended Python library so it is not Python proprietary. In the second image it can be seen how the script
More information about the library can be found at the conducts Telnet traffic and configures both Router and
official Paramiko website which is stated in the References Switch devices. As for the Switch, it can be seen in the
section. information returned to the Programmer station, on the left
The most important module for this article is Netmiko. window inside the picture [2].
This is a Python module in which the SSHv2 protocol was
implemented. The development of the Netmiko module was
carried out from the Paramiko module itself and aimed at
eliminating the complexity of establishing a secure
connection and increasing the compatibility level to achieve
SSHv2 connections with different network equipment [3].
In the near future, it will be necessary to address another
management concept, one in which programming is a part of
this management. Most vendors have already done this, and
have built platforms that allow, or even recommend, the use
of programming environments to streamline management
actions, and one of the most used is Python with its API -
Application Programming Interfaces.
The field of communications is a dynamic environment,
subject to continuous changes and moving towards a Figure 2. The topology used for simulation in GNS3 and Script writing
config on Router and Switch using TelnetLib module
virtualization of the equipment. This virtualization means
creating a single, highly-suited hardware component inside As can be seen from previous images and explanations,
which virtual machines are created, which in turn are the TelnetLib library meets the requirements of an
transformed into virtual equipment. These devices work integrated management but does not meet the minimum
exactly like physical ones, with the same operating system, security requirements. The following deployed module,
the necessary resources being allocated by an administrator through which a more complex management solution is
or through an automation process that transfers resources by presented using another Python library, but implementing
work needs. the SSH protocol, provides the necessary security
This transfer from physical to virtual allows the requirements in a communications network.
introduction of new concepts of communications resource Unlike TelnetLib, Paramiko is not a standard Python
management. library and requires the installation of packages in the Linux
operating system for use in Python. As an SSH protocol
III. PYTHON IMPLEMENTATIONS implementation, Paramiko provides a secure (encrypted)
In the first script that will be presented here, you will see connection from source to destination. Paramiko’s
a part of the configuration that will be sent to a range of command-line writing capabilities are not so different from
switches, which will be configured as shown. The range of those of the TelnetLib library, with the difference being
switches is contained inside a file named ipswitch. functions, syntax, commands, and interoperability.

28 Digital Object Identifier 10.32754/JMT.2019.1.05

Journal of Military Technology Vol. 2, No. 1, Jun. 2019

#!/usr/bin/dev python
use of the library for transmitting instruction sets across the
import paramiko
import time network to the device with which the SSHv2-encrypted
# Credentials used for login connection has been made.
utilizator = "admin"
parola = "paramiko" In the image below, you can see the network topology
s = open ("iprswitch") simulated in GNS3, a network where Python code was
for line in s:
adresaip = line.strip() inserted through the script hereby presented. The Python
# Establishing conexion
ssh_client = paramiko.SSHClient() running code has configured topology switches and routers,
print "Se efectueaza conectarea la RouterSwitch-ul" + line
# Aquiring a security policy automatically all actions being done according to the set of instructions
ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh_client.connect(hostname=adresaip,username=utilizator,password=parola) assigned to each file. Each set of devices has been assigned
# Confirming establishing SSH conexion
print "Conectare la RSwitch ", adresaip," realizata cu succes!" a text file from which the configuration commands have
# Within SSH conexion transmit Instruction set ##2 and ##3 been extracted.
remote_connection = ssh_client.invoke_shell()
##2 2nd Instruction Set for RSw(RouterSwitch)
remote_connection.send("configure terminal\n")
remote_connection.send("no int loop 0\n")
remote_connection.send("ip address 1.1.1.1 255.255.255.255\n")
remote_connection.send("no int loop 1\n")
remote_connection.send("ip address 2.2.2.2 255.255.255.255\n")
remote_connection.send("router ospf 1\n")
remote_connection.send("network 0.0.0.0 255.255.255.255 area 0\n")
##3 3rd Instruction Set for RSw(RouterSwitch)
for n in range (2,21):
print "Se creeaza vlan-ul " + str(n)
remote_connection.send(" vlan " + str(n) + "\n")
remote_connection.send("name VlanPython " + str(n) + "\n")
time.sleep(0.5)
for n in range (0,4):
remote_connection.send("interface Gigabit2/" + str(n) +"\n")
remote_connection.send("switchport trunk encapsulation dot1q\n")
remote_connection.send("switchport mode trunk\n")
remote_connection.send("description ===WAN " + str(n) + "Trunk
Port===\n")
remote_connection.send("switchport trunk allowed vlan 20-100\n")
time.sleep(1)
remote_connection.send("end\n")
remote_connection.send("write\n")
time.sleep(1)
# dateiesire will contain all infos above written on equipments
dateiesire = remote_connection.recv(65535)
# Print variable dateiesire Figure 5. The topology used for simulation in GNS3 and the Script used for
print dateiesire
writing config on Router and Switch using Netmiko module
Figure 3. Script using Paramiko module to configure RSW
The most important script obtained using Netmiko was
The above presented script fulfils management for both creating an app that finds a MAC Address on switch
layer 2 and layer 3 equipment, as it can be seen in Fig. 4 equipment. The complexity of the script requires knowledge
where information about the configurations sent via script from both CISCO technology configuring and Python
appear above the topology [5]. programming functionality to be implemented.
At the time of running the macsearch.py script, it was
given the initial data needed to find the MAC address,
namely, an IP address on which to start the search for the
host, this being the core switch in the topology used, then
passing through each switch to the destination device where
this MAC address was found to belong to its own interface.
Successive passes through the switch devices are marked to
know the path that the MAC address has on the network [8].
The reason for returning mentioned information lies at the
root of the remedy of the case, namely that the information
may be used to reconfigure the equipment (or the interface)
or even to close the port on which the network connection
was made.

Figure 4. The topology used for simulation in GNS3 and Script writing
config on Router and Switch using Paramiko module

The Paramiko module is characterized as having a hard

and complex implementation and therefore another SSHv2
implementation module has been created in order to enhance
Paramiko and focus its uses on establishing sessions with
network equipment.
Netmiko is presented as a “multi-vendor” library [7]. The
explanation of this concept could be described as being
compatible with as many platforms as possible from as
many equipment manufacturers as possible. In addition to
this increased level of compatibility, Netmiko simplifies the Figure 6. The topology used for MAC Search in GNS3

Digital Object Identifier 10.32754/JMT.2019.1.05 29

Journal of Military Technology Vol. 2, No. 1, Jun. 2019

As can be seen, the search script of a MAC address offers. Hence, a clear conclusion can be drawn regarding
successfully performed the search and display of the data which of them is the best to use for implementing integrated
presented above. remote management and automation of the networks tasks
from netmiko import ConnectHandler, SCPConn that need to be done periodically.
from netmiko import Netmiko
import time Within the script that uses the Python TelnetLib module,
import getpass it can be seen clearly the weak point of the module is clearly
import socket
print("#"*23)
the lack of security. A network hacker performing Man in
print("#"+" MAC Layer 2 Network "+"#") the middle attack, or packet sniffing may find the packets
print("#"*23)
containing information about credentials used to login, IP
# Datas needed to begin search
ip_start = input("Adresa IP de start: ") addressing or the configuration done on the network devices
mac_address = input("Adresa MAC (1234.abcd.ef12) : ")
when these are sent in clear text messages using the non-
# Credentials used for login
username = input("Username: ") encrypted module TelnetLib. The second module
parola = getpass.getpass("Parola: ") implemented in the Python scripts was Paramiko. This
# A list that is writed with the IP addresses of the switches in which the MAC is
switch_list = []
module offers secure connections to the devices via
# Begin connection using the socket presented and surpass error if Telnet port is met
encrypted SSHv2 protocol but lacks interoperability
def connect_to_switch(ip_add): enhancements. The 3rd module implemented is a multi-
'''
:param ip_add: Represents the IP add to which we connect using SSH vendor library developed from Paramiko and it is named
:return: False - If MAC is in loop
True - If everything is ok
Netmiko. Netmiko offer secure connections via encrypted
''' links, by implementing SSHv2 protocol. The reasons for
client_socket = socket.socket()
try: why Netmiko is better than Paramiko are: interoperability
client_socket.connect((ip_add, 22))
port = 22
enhancements and a much easier way to implement a
except socket.error: connection to the managed device [9].
client_socket.connect((ip_add, 23))
port = 23 As can be seen in the MAC Search script, various actions
finally:
time.sleep(5)
can be done using the programming in the networking
print(ip_add+" "+str(port)) domain via Python.
client_socket.close()
Concluding on the issues presented in the article, it can be
# Establishing SSH conexion using credentials
if port == 22: # SSH appreciated that the advantage of using the TelnetLib library
device = {'device_type': 'cisco_ios',
'ip': ip_add,
is given by the ease of implementation, with the
'username': username, disadvantages of platform compatibility and the unsafe
'password': parola}
ssh_conn = Netmiko(**device) connection to the destination [11]. The advantage of the
comanda = "sh mac address-table | i " + mac_address
output = ssh_conn.send_command(comanda)
Paramiko module to the TelnetLib library is given by the
# Print Host down! for no response encryption of the connection, the disadvantages being the
if len(output) == 0: difficult implementation and incompatibility with many of
print("Host down!")
return False the communications platforms [13]. In order to eliminate the
# From the last line select only the targeted info disadvantages of the Paramiko implementation, Netmiko
interfata = output.splitlines()[0].split(" ")[-1]
# Within the class presented, search for neighbor and send command written below offers an easy implementation with the possibility of
comanda = 'sh cdp nei ' + interfata + ' detail | i 192.168.122.' selecting the operating system of the platform to be
output = ssh_conn.send_command(comanda)
# Present the IP address of the switch connected, thus eliminating the compatibility issue.
if len(output) == 0:
print("Adresa IP Switch: " + ip_add)
# Search for the MAC address ACKNOWLEDGMENT
comanda = 'sh mac address-table int ' + interfata
output = ssh_conn.send_command(comanda) This work was supported by a grant of the Ministry of
print("Adresa MAC: " + output)
# Print informations asked for, about the location of the MAC add connection Innovation and Research, UEFISCDI, project number
comanda = 'sh run int ' + interfata
output = ssh_conn.send_command(comanda) 9SOL/12.04.2019 within PNCDI III.
print("Config interfata: \n" + output)
return True
# Add to file ip add if mac was not found on sw REFERENCES
ip_switch = output.splitlines()[0].split(" ")[-1]
[1] www.python.org/
# Do not enter loop and to not search in switches you have searched already for MAC
if ip_switch in switch_list: [2] docs.python.org/2/library/telnetlib.html
return False [3] 160592857366.free.fr/joe/ebooks/tech/Wiley%20Making%20Use%20
else: of%20Python.pdf
switch_list.append(ip_switch) [4] Craig Hunt, “TCP/IP Network Administration”, O'REILLY, 2002
connect_to_switch(ip_switch)
[5] docs.paramiko.org/en/2.4/
Figure 6. Part of the MAC Search Script that connects SSHv2 [6] Jay Liebowitz and David S. Prerau, “Worldwide intelligent systems:
approaches to telecommunications and network management”, 1995.
IV. CONCLUSIONS [7] netmiko.readthedocs.io/en/latest
[8] pynet.twb-tech.com/blog/automation/netmiko.html
What has been accomplished in this article represents a [9] www.cisco.com/c/en/us/solutions/internet-of-things/iot-management-
small part of the capabilities that the usage of programming automation.html?dtid=osscdc000283
offers to network administrators. [10] www.fortinet.com/products/management.html
[11] A. S. Tanenaum, D. J. Wetherhall, “Computer Networks 5th Edition,”
As seen and explained in the previous studies, there were 2010.
3 libraries used for completing remote management[12]. [12] M. O. Faruque Sarker, S. Washington, “Learning Python Network
The reasons for implementing all 3 modules within the Programming”, 2015.
[13] G. C. Hillar, Internet of Things with Python, Packt Publishing, 2016.
Python scripts are to show the weak points in everyone of
them, what advantages and disadvantages each of them

30 Digital Object Identifier 10.32754/JMT.2019.1.05