cdot65/pan-os-upgrade

Implement routing adjacency status capture for OSPF and BGP

Opened this issue · 0 comments

cdot65 commented

Is your feature request related to a problem? Please describe.
When upgrading PAN-OS on firewalls using the pan-os-upgrade utility, it is important to ensure that the routing adjacencies and neighbor relationships are maintained and re-established correctly after the upgrade. Currently, the utility does not have a built-in mechanism to capture and compare the routing adjacency status before and after the upgrade, which may lead to situations where routing issues go unnoticed or are difficult to troubleshoot.

Describe the solution you'd like
Enhance the pan-os-upgrade utility to capture the routing adjacency status for OSPF and BGP before and after the upgrade process. The utility should:

  1. Before initiating the upgrade, determine if OSPF or BGP is currently running on the firewall.
  2. If OSPF is running, execute the appropriate CLI command to capture the status of OSPF neighbors.
  3. If BGP is running, execute the appropriate CLI command to capture the status of BGP neighbors.
  4. Store the captured outputs in a structured format along with metadata such as the protocol, timestamp, and device information.
  5. Proceed with the normal upgrade process.
  6. After the upgrade is completed and the firewall is back online, re-check if OSPF or BGP is running on the upgraded firewall.
  7. If OSPF is running, execute the same OSPF neighbor status command and capture the output.
  8. If BGP is running, execute the same BGP summary command and capture the output.
  9. Store the post-upgrade outputs in a similar structured format as the pre-upgrade outputs.
  10. Compare the pre-upgrade and post-upgrade outputs to identify any changes in the routing adjacency status, such as neighbors that are no longer present or have changed states.
  11. Generate a report or display the comparison results to the user, highlighting any discrepancies or potential issues.

Describe alternatives you've considered
An alternative approach could be to rely on external monitoring systems or network management tools to track the routing adjacency status. However, this would require additional integrations and may not provide a seamless experience within the pan-os-upgrade utility itself.

Additional context
Here are a few additional points to consider:

  • The utility should handle scenarios where OSPF or BGP is not running on the firewall gracefully and skip the adjacency status capture for those protocols.
  • Consider providing options to customize the CLI commands used to capture the neighbor status, as different network environments may have specific requirements or configurations.
  • Handle cases where the neighbor status commands may fail or return unexpected output, and provide appropriate error handling and logging.
  • Provide clear documentation and examples on how to interpret the comparison results and troubleshoot common routing adjacency issues.
  • Consider integrating with external tools or APIs to enable automatic notification or ticketing systems when routing adjacency issues are detected.
  • Update the project's documentation to include information about this new feature, explaining how it helps monitor and maintain routing adjacencies during the upgrade process.

By implementing this feature, the pan-os-upgrade utility will provide an additional layer of assurance by capturing and comparing the routing adjacency status for OSPF and BGP before and after the upgrade. This will help identify potential routing issues early, ensure a smooth transition, and minimize disruptions to network connectivity.