Book review: Tcl Scripting for Cisco IOS

Tcl scripting in Cisco IOS is a somewhat underdocumented topic (have you noticed I’m trying to use diplomatic language), so I was excited when I’d spotted the Tcl Scripting for Cisco IOS. I got my copy within a few days (thank you so very much, @jamieadams76) and ran through it in less than three hours. End result: slight disappointment.

If you have no idea what Tcl is, have never used Tcl on Cisco IOS, know only a little bit about Cisco IOS and would like to get started, this is exactly the book you need. If you’re slightly more advanced, continue reading my review.

To be fair, it’s extremely hard to write a good book covering this topic. Very few people know enough about programming and networking. Fluency in Tcl programming and Cisco router configuration is almost non-existent. It’s thus very important that you choose one or the other audience: do you want to teach IOS gurus how to program their boxes in a weird language or do you want to help programmers get control of Cisco IOS. The book tries to do a bit of both, resulting in my mixed feelings.

The first two chapters briefly cover Tcl – exactly the material a networking engineer needs if she wants to jump head-first into light Tcl programming. A lot of other books do a better job of teaching you Tcl, but you don’t need much if you just want to add a line or two to your router configuration.

Chapter three covers the basics of Tclsh. Unfortunately it stops there, it skips the more interesting topics, for example: using command line parameters, the use of typeahead command or other useful bits-and-pieces I’m covering in my Tclsh on Cisco IOS tutorial.

Chapter four describes EEM. After a thorough description of what EEM does (very similar material is available on cisco.com) and a truly nice summary of which EEM feature works in which EEM version in which IOS release, it continues with EEM examples. They are so basic and so stretched out that reading them literally hurt me. Just to give you an example: 13 pages (mostly covered with printouts) are spent describing a simple IP SLA applet that replicates the reliable static routing function of ip route ... track configuration command. Finally, after 40 pages, we get to the EEM Tcl policies, where the writing style becomes truly interesting. One-line chunks of Tcl code are interspersed with explanations like “Validate that the XXX variable is set” next to the code fragment if {![info exists XXX]} {. A reader has to invest enormous amount of reverse-engineering to get the big picture:

  • How you get the values of EEM environment variables.
  • How you exit from an EEM policy ... and what happens if the policy returns an error (BTW, if it’s explained in Cisco’s documentation, I must have missed it).
  • How you deal with CLI commands and collect their output.

The next chapter is a hodgepodge of advanced (really?) topics, including ESM, EEM, syslog daemon on Cisco IOS (unusable, as it only works with TCP and you have to run it from console or VTY) and ... finally ... Tcl as a Web Server. It’s highly interesting that you can use Tcl to solve the problem IOS had for decade: lack of decent web server (all the ingredients are there, they just need someone to integrate and stress-test them). The security of this solution is conveniently forgotten; by running your own server in Tcl, you’re bypassing all Cisco IOS authentication mechanisms.

Chapter six describes with a web application. You’ll learn how to design a basic web application (including the HTML basics you might have missed); assuming, of course, that you’re willing to forgo all IOS security mechanisms and deploy Tcl-based web server. Yet again – great concept, wrong implementation. IOS should have a well-protected web server able to launch Tcl scripts as CGI scripts.

To end my review on an optimistic note: I truly enjoyed the explanation of signed Tcl in chapter seven and appreciated the IOS-specific Tcl commands listed in the appendix.

As I already said: this is a good book for beginners. It could have been a definitive reference full of interesting tips-and-tricks, but unfortunately it’s not.

12 comments:

  1. Charles N Wyble20 July, 2010 18:30

    TCL isn't that hard. :)

    I wrote a bunch of tcl/tk code a few years back. Moved on to other languages since. Always liked TCL a lot. It's quite easy to pick up.

    I have been focused on system engineering for several years, but still tinker with code on a regular basis. Moving more into the network side these days. So I'm fluent in TCL and system/router/switch configuration. You are right that it's rare to find someone like that.

    ReplyDelete
  2. Charles N Wyble20 July, 2010 18:32

    Also why not just use the official docs?

    http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_policy_tcl.html

    That's my preference when learning something new. Examples are somewhat useful, but often lack the depth of knowledge I get from just labbing stuff out.

    ReplyDelete
  3. Roman Nozdrin21 July, 2010 21:41

    I am very agree with Charles. I was lurking through out the Internet seeking for an information of the cisco tcl library routins. The document gave me all the information I need to code some useful tools. I should note, that I had no experience with Tcl before, so I had to get familiar with it's syntax using official tcl guide.

    ReplyDelete
  4. The following statement is wrong :

    Very few people know enough about programming and networking. Fluency in Tcl programming and Cisco router configuration is almost non-existent.

    There is a huge community of networking engineers and testers, both within and outside Cisco, whose bread and butter is programming for networking devices. (read : automation and regression of Cisco features). Apart from this, TCL is widely used for quick scripting of scaled configs, parsing output, etc. I am one of them.

    Now, whether these people are competent or enterprising enough to also write a book about what they do daily ? Probably not.

    ReplyDelete
  5. Ivan Pepelnjak23 July, 2010 12:19

    Interesting feedback, thanks for the insight!

    Now for the details: I will not debate what constitutes a "huge" community but I would love to believe that there's indeed a huge community dedicated to regression testing. However, I doubt your definition of "huge" is equal to mine.

    Next, let's focus on "fluency". If you're smart enough to google for a few hours to find a Tcl example that looks close to what you need and hack it a bit to fit your needs, you're very far away from being fluent in Tcl. Most of the quick scripting "solutions" you write about are short hacks or slight modifications of existing examples.

    Just to give you an example: in every certification forum, you'll find a Tclsh script that pings numerous devices at once. Are you fluent in Tcl if you memorize the script and use it in your CCIE lab exam? You're very far from it.

    In my opinion, being fluent in a programming language means not having to open the documentation or google.com while writing a complex program. To be honest, I'm very far away from being fluent in Tcl, as I don't use it on a daily basis.

    ReplyDelete
  6. Ivan,

    I agree with you, both on the ambiguity regarding the definition of huge, and on the definition of fluency in programming.

    Both the above caveats notwithstanding, there is still a large number of people who are fluent in TCL programming as well as know basic networking. They may not be CCIEs, or customer facing, but they do exist. They are probably hidden away in organizations' testing departments, and do not communicate with the testing community in large, partly due to the fact the network testing is
    * somewhat different from other forms of testing that are written about and discussed
    * Is somewhat specialized, requiring higher effort to write about or discuss (for example, compared to a web testing)

    Apologies for the digression, but I just wanted to point out a "latent force" which is out there (here) :)

    ReplyDelete
  7. Cisco killed TCL sockets in 12.2(58)SE ?

    Catalyst3560(tcl)#socket 172.16.1.1 23
    couldn't open socket: invalid argument

    Catalyst3560(tcl)#sh vers
    Cisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(58)SE, RELEASE SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2011 by Cisco Systems, Inc.
    Compiled Tue 05-Apr-11 08:22 by prod_rel_team

    ROM: Bootstrap program is C3560 boot loader
    BOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(35r)SE2, RELEASE SOFTWARE (fc1)

    Catalyst3560 uptime is 5 hours, 2 minutes

    ReplyDelete
  8. Just a simple question about tcl and networking: a connected route can be tagged when advertised to an ospf neighbor without using redistribution on the advertising router, using a tcl script or something? Does a solution realy exists or is just an ospf limitation?

    ReplyDelete
  9. Ivan Pepelnjak18 July, 2011 09:25

    Internal (non-redistributed) OSPF routes cannot be tagged. You could call it a limitation, I would call it functions-as-designed.

    ReplyDelete
  10. Is there any book (other than this) which covers the TCL language and how to use it for networking like backing up config, check for any config change etc? I am interested to implement tcl to access non-cisco devices which supports TCL... If i am not wrong, this book seems to focus more on EEM with tcl part..

    ReplyDelete
  11. Is there any book (other than this) which covers the TCL language and how to use it for networking like backing up config, check for any config change etc? I am interested to implement tcl to access non-cisco devices which supports TCL... If i am not wrong, this book seems to focus more on EEM with tcl part..

    ReplyDelete
  12. Configuring a cisco router IS programming , only it's done mainly by network engineers. As a programming language it's horrible and cisco don't help by not grouping similar configuration together. One example is vtp password , which is not shown in the config another is show boot , which displays the next boot imnage. Also what happened to plain English.
    IOS written by geeks for geeks.

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.