irrpt_objgrpgen: New tool for generating ciscoxr security object groups

[bknight-nitel]

Hi, I have created a new tool, irrpt_objgrpgen, that creates ciscoxr object-groups based on the prefixes downloaded from the IRR. It's entirely based on irrpt_pfxgen; most of the edits were to remove things like end-of-line commas, to rename variables where it seemed to make sense, and to simplify the way items are output. I plan to use this to maintain our anti-spoofing ACLs.

[nistorj]

Hi @bknight-nitel , thanks for this! Wondering if there's any reason to not have this as part of the regular pfxgen but with an option to output it in this format?

[bknight-nitel]

Hi @nistorj , I chose to break it out to a different script because the command line switches are different. There isn't a need to add an "le 24" or "le 48" to an object group, thus no need for the pfxlen* options. Also, UNIX philosophy of one tool doing its job well. But I'm perfectly fine with either way. Let me know what you'd prefer!

[nistorj]

Hi, sorry just getting to this now ... It looks like the v6 stuff doesn't print properly:

nistor@base:~/IRRPT/irrpt.xr/bin % ./irrpt_objgrpgen  30176
conf
no object-group network ipv4 CUSTOMER:30176
no object-group network ipv6 CUSTOMERv6:30176
object-group network ipv4 CUSTOMER:30176
  38.110.72.0/22
  45.42.192.0/22
  45.61.49.0/24
  45.88.132.0/22
  50.31.196.0/23
  50.31.201.0/24
.....
exit
object-group network ipv6 CUSTOMERv6:30176
  2a07:9a40::/29
exit
object-group network ipv6 CUSTOMERv6:30176
  2001:4:112::/48
exit
object-group network ipv6 CUSTOMERv6:30176
  2001:504:1a::/48
exit
object-group network ipv6 CUSTOMERv6:30176
  2602:fde5::/36
exit
object-group network ipv6 CUSTOMERv6:30176
  2602:ff3a::/36
exit
...
object-group network ipv6 CUSTOMERv6:30176
  2620:11a:1000::/44
exit
commit
exit