IS-IS Watcher lab is added

docs/telemetry/isis-watcher.md

@@ -0,0 +1,61 @@
+# IS-IS watcher. Tracking IS-IS topology changes in Real-Time
+
+![IS-IS watcher containerlab](container_lab.drawio.png)
+This lab consists of 6 FRR routers and a single IS-IS Watcher. Each router is pre-configured for being in IS-IS domain with different network type. Topology changes are printed in a text file only (which is enough for testing), for getting logs exported to ELK or Topolograph (to see network changes on a map) start `docker-compose` files and follow instructions on main README.
+
+### IS-IS Topology Watcher
+IS-IS Watcher is a monitoring tool of IS-IS topology changes for network engineers. It works via passively listening to IS-IS control plane messages through a specially established IS-IS adjacency between IS-IS Watcher and one of the network device. The tool logs IS-IS events into a static file, which can be exported by Logstash to **Elastic Stack (ELK)**, **Zabbix**, **WebHooks** and **Topolograph** monitoring dashboard for keeping the history of events, alerting, instant notification.
+
+#### Detected network events:
+* IS-IS neighbor adjacency Up/Down
+* IS-IS link cost changes
+* IS-IS networks appearance/disappearance from the topology
+
+### Supported IS-IS TLV 
+| TLV name                         | TLV |
+|----------------------------------|-----|
+| IS Reachability                  | 2   |
+| Extended IS Reachability   (new) | 22  |
+| IPv4 Internal Reachability (old) | 128 |
+| IPv4 External Reachability (old) | 130 |
+| Extended IPv4 Reachability (new) | 135 |
+| IPv6 Reachability                | 236 |  
+
+## Quickstart
+
+1. [Install](https://containerlab.srlinux.dev/install/) containerlab.
+2. Create a `br-dr` linux bridge (to emulate broadcast network):
+
+    ```
+    sudo brctl addbr br-dr
+    sudo ip link set up dev br-dr
+    ```
+
+3. Start the lab
+    ```
+    sudo clab deploy --topo frr01.clab.yml
+    ```
+
+4. Start watching logs
+    ```
+    sudo tail -f watcher/watcher.log
+    ```
+
+5. Change IS-IS settings on lab' routers. Connect to a router
+    ```
+    sudo docker exec -it clab-frr01-router2 vtysh
+    ```
+
+### IS-IS Watcher logs location
+Available under `watcher` folder. To see them:
+```
+sudo tail -f watcher/watcher.log
+```
+
+Note:
+log file should have `systemd-network:systemd-journal` ownership
+
+> **Note**  
+> [IS-IS Watcher](https://github.com/Vadims06/isiswatcher) - IS-IS topology tracker    
+> This lab is based on simple FRR for building topology based on frr routers, more information about it is available here: https://www.brianlinkletter.com/2021/05/use-containerlab-to-emulate-open-source-routers/
+

labs/isis-watcher/README.md

@@ -0,0 +1,94 @@
+# IS-IS watcher. Tracking IS-IS topology changes in Real-Time
+
+![IS-IS watcher containerlab](container_lab.drawio.png)
+This lab consists of 6 FRR routers and a single IS-IS Watcher. Each router is pre-configured for being in IS-IS domain with different network type. Topology changes are printed in a text file only (which is enough for testing), for getting logs exported to ELK or Topolograph (to see network changes on a map) start `docker-compose` files and follow instructions on main README.
+
+### IS-IS Topology Watcher
+IS-IS Watcher is a monitoring tool of IS-IS topology changes for network engineers. It works via passively listening to IS-IS control plane messages through a specially established IS-IS adjacency between IS-IS Watcher and one of the network device. The tool logs IS-IS events into a static file, which can be exported by Logstash to **Elastic Stack (ELK)**, **Zabbix**, **WebHooks** and **Topolograph** monitoring dashboard for keeping the history of events, alerting, instant notification.
+
+#### Detected network events:
+* IS-IS neighbor adjacency Up/Down
+* IS-IS link cost changes
+* IS-IS networks appearance/disappearance from the topology
+
+### Supported IS-IS TLV 
+| TLV name                         | TLV |
+|----------------------------------|-----|
+| IS Reachability                  | 2   |
+| Extended IS Reachability   (new) | 22  |
+| IPv4 Internal Reachability (old) | 128 |
+| IPv4 External Reachability (old) | 130 |
+| Extended IPv4 Reachability (new) | 135 |
+| IPv6 Reachability                | 236 |  
+
+## Quickstart
+
+1. [Install](https://containerlab.srlinux.dev/install/) containerlab.
+2. Run the script to prepare environment:
+
+    ```
+    ./prepare.sh
+    ```
+
+3. Start the lab
+    ```
+    sudo clab deploy --topo frr01.clab.yml
+    ```
+
+4. Start watching logs
+    ```
+    sudo tail -f watcher/watcher.log
+    ```
+
+5. Change IS-IS settings on lab' routers. Connect to a router
+    ```
+    sudo docker exec -it clab-frr01-router2 vtysh
+    ```
+
+### IS-IS Watcher logs location
+Available under `watcher` folder. To see them:
+```
+sudo tail -f watcher/watcher.log
+```
+
+### Logs sample 1  
+```
+2023-01-01T00:00:00Z,demo-watcher,1,host,0200.1001.0002,down,0200.1001.0003,01Jan2023_00h00m00s_7_hosts
+```
+
+* `2023-01-01T00:00:00Z` - event timestamp
+* `demo-watcher` - name of watcher
+* `1` - IS-IS level
+* `host` - event name: `host`, `network`, `metric`
+* `0200.1001.0002` - event object. Watcher detected an event related to `0200.1001.0002` host
+* `down` - event status: `down`, `up`, `changed`
+* `0200.1001.0003` - event detected by this node.
+* `01Jan2023_00h00m00s_7_hosts` - name of graph in Topolograph dashboard
+*Summary: `0200.1001.0003` detected that `0200.1001.0002` host went down at `2023-01-01T00:00:00Z` in IS-IS level 1*
+
+### Logs sample 2  
+```
+2023-01-01T00:00:00Z,isis-watcher,2,metric,4ffe::192:168:23:2/127,changed,old_cost:10,new_cost:12,0200.1001.0002,stub,0200.1001.0002,01Jan2023_00h00m00s_7_hosts
+```
+
+* `2023-01-01T00:00:00Z` - event timestamp
+* `isis-watcher` - name of watcher
+* `2` - IS-IS level
+* `metric` - event name: `host`, `network`, `metric`
+* `4ffe::192:168:23:2/127` - event object. Watcher detected an event related to 4ffe::192:168:23:2/127` subnet
+* `changed` - event status: `down`, `up`, `changed`
+* `10` - old cost
+* `12` - new cost
+* `0200.1001.0002` - event detected by this node.
+* `stub` - subnet type
+* `0200.1001.0002` - since it's a stub network it has router id of terminated node.
+* `01Jan2023_00h00m00s_7_hosts` - name of graph in Topolograph dashboard
+*Summary: `0200.1001.0002` detected that metric of `4ffe::192:168:23:2/127` stub network changed from `10` to `12` at `2023-01-01T00:00:00Z` in IS-IS level 2*
+
+
+Note:
+log file should have `systemd-network:systemd-journal` ownership
+
+> **Note**  
+> This lab is based on simple FRR for building topology based on frr routers, more information about it is available here: https://www.brianlinkletter.com/2021/05/use-containerlab-to-emulate-open-source-routers/
+

labs/isis-watcher/frr01.clab.yml

@@ -0,0 +1,100 @@
+name: frr01
+
+topology:
+  nodes:
+    # note, that the bridge br-dr must be created manually
+    br-dr:
+      kind: bridge
+    isis-watcher:
+      kind: linux
+      image: vadims06/isis-watcher:latest
+      mgmt-ipv4: 172.20.20.10
+      startup-delay: 10
+      stages:
+        create:
+          wait-for:
+            - node: router1
+              stage: create
+            - node: router2
+              stage: create
+            - node: router3
+              stage: create
+            - node: router4
+              stage: create
+            - node: router5
+              stage: create
+            - node: router6
+              stage: create
+      env:
+        WATCHER_LOGFILE: "/home/watcher/watcher/logs/watcher.log" # Watcher -> Export. default is local dir logs/watcher.log
+        ISISD_DUMP_FILE_DIR: "/var/log/frr/isisd.log"
+        TEST_MODE: "False"
+        FRR_HOST: "172.20.20.11"
+        FRR_PORT: "65001"
+      binds:
+        - router1/isisd.log:/var/log/frr/isisd.log # FRR -> Watcher
+        - watcher/watcher.log:/home/watcher/watcher/logs/watcher.log # Watcher -> Export
+    router1:
+      kind: linux
+      image: frrouting/frr:v8.4.1
+      mgmt-ipv4: 172.20.20.11
+      binds:
+        - router1/daemons:/etc/frr/daemons
+        - router1/isisd.log:/var/log/frr/isisd.log
+        - router1/frr.conf:/etc/frr/frr.conf
+      # comment it if you use frr from isis-watcher compose file
+      ports:
+       - 2608:65001
+    router2:
+      kind: linux
+      image: frrouting/frr:v8.4.1
+      mgmt-ipv4: 172.20.20.12
+      binds:
+        - router2/daemons:/etc/frr/daemons
+        - router2/frr.conf:/etc/frr/frr.conf
+      ports:
+        - 65002:2608
+    router3:
+      kind: linux
+      image: frrouting/frr:v8.4.1
+      mgmt-ipv4: 172.20.20.13
+      binds:
+        - router3/daemons:/etc/frr/daemons
+        - router3/frr.conf:/etc/frr/frr.conf
+    router4:
+      kind: linux
+      image: frrouting/frr:v8.4.1
+      mgmt-ipv4: 172.20.20.14
+      binds:
+        - router4/daemons:/etc/frr/daemons
+        - router4/frr.conf:/etc/frr/frr.conf
+    router5:
+      kind: linux
+      image: frrouting/frr:v8.4.1
+      mgmt-ipv4: 172.20.20.15
+      binds:
+        - router5/daemons:/etc/frr/daemons
+        - router5/frr.conf:/etc/frr/frr.conf
+    router6:
+      kind: linux
+      image: frrouting/frr:v8.4.1
+      mgmt-ipv4: 172.20.20.16
+      binds:
+        - router6/daemons:/etc/frr/daemons
+        - router6/frr.conf:/etc/frr/frr.conf
+
+
+  links:
+    - endpoints: ["router1:eth1", "router3:eth1"]
+    - endpoints: ["router1:eth5","mgmt-net:router1-5"]
+    - endpoints: ["router2:eth1", "router3:eth2"]
+    - endpoints: ["router3:eth4", "br-dr:eth13"]
+    - endpoints: ["router3:eth5", "router6:eth1"]
+    - endpoints: ["router4:eth1", "br-dr:eth14"]
+    - endpoints: ["router5:eth1", "br-dr:eth15"]
+    # Run "sudo ip link add veth1 type veth" to connect FRR from isis-watcher to containerlab
+    # - type: host
+    #   endpoint:
+    #     node: router3
+    #     interface: eth1
+    #   host-interface: veth1

labs/isis-watcher/prepare.sh

@@ -0,0 +1,7 @@
+sudo chown systemd-network:systemd-journal router1/isisd.log
+sudo chown systemd-network:systemd-journal watcher/watcher.log
+is_exist=$(brctl show br-dr)
+if [[ -z "$is_exist" ]]; then
+  sudo brctl addbr br-dr && \
+  sudo ip link set up dev br-dr
+fi

labs/isis-watcher/router1/daemons

@@ -0,0 +1,36 @@
+zebra=yes
+bgpd=no
+ospfd=no
+ospf6d=no
+ripd=no
+ripngd=no
+isisd=yes
+pimd=no
+ldpd=yes
+nhrpd=no
+eigrpd=no
+babeld=no
+sharpd=no
+staticd=no
+pbrd=no
+bfdd=no
+fabricd=no
+
+vtysh_enable=yes
+zebra_options=" -s 90000000 --daemon -A 127.0.0.1"
+bgpd_options="   --daemon -A 127.0.0.1"
+ospfd_options="  --daemon -A 127.0.0.1"
+ospf6d_options=" --daemon -A ::1"
+ripd_options="   --daemon -A 127.0.0.1"
+ripngd_options=" --daemon -A ::1"
+isisd_options="  --daemon -A 0.0.0.0"
+pimd_options="  --daemon -A 127.0.0.1"
+ldpd_options="  --daemon -A 127.0.0.1"
+nhrpd_options="  --daemon -A 127.0.0.1"
+eigrpd_options="  --daemon -A 127.0.0.1"
+babeld_options="  --daemon -A 127.0.0.1"
+sharpd_options="  --daemon -A 127.0.0.1"
+staticd_options="  --daemon -A 127.0.0.1"
+pbrd_options="  --daemon -A 127.0.0.1"
+bfdd_options="  --daemon -A 127.0.0.1"
+fabricd_options="  --daemon -A 127.0.0.1"

labs/isis-watcher/router1/frr.conf

@@ -0,0 +1,32 @@
+frr version 8.4.1_git
+frr defaults traditional
+hostname router1
+log file /var/log/frr/isisd.log
+no ipv6 forwarding
+!
+!
+password zebra
+enable password zebra
+!
+interface eth1
+ ip address 192.168.13.1/24
+ ip router isis lab
+ ipv6 address 3ffe::192:168:13:1/127
+ ipv6 router isis lab
+ isis csnp-interval 600
+ isis hello-interval 10
+ isis network point-to-point
+ no isis hello padding
+exit
+!
+interface lo
+ ip address 10.10.10.1/32
+ ip router isis lab
+exit
+!
+router isis lab
+ net 49.0001.0100.1001.0001.00
+ no hostname dynamic
+ metric-style transition
+exit
+!