Skip to main content

netsert

Declarative network state testing — validate live networks against YAML assertions via gNMI.

What it does

Define what your network should look like as YAML assertions, then validate that state against live devices. Catch misconfigurations before they become outages.

YAML Assertions → netsert run → Live Network → Pass/Fail Results

Installation

go install github.com/ndtobs/netsert/cmd/netsert@latest

Or build from source:

git clone https://github.com/ndtobs/netsert
cd netsert
go build -o netsert ./cmd/netsert

Quick Start

Run assertions against a device:

netsert run assertions.yaml --target spine1:6030 -u admin -P password -k

Generate assertions from live state:

netsert generate spine1:6030 -u admin -P password -k > baseline.yaml

Run against all devices in inventory:

netsert run assertions.yaml -i inventory.yaml

Example Output

$ netsert run assertions.yaml

 [PASS] Ethernet1 is UP @ spine1:6030
 [PASS] BGP peer established @ spine1:6030

Completed in 92ms
  Total:  2
  Passed: 2
  Failed: 0

Commands

CommandDescription
runExecute assertions against targets
generateCreate assertions from device state
getQuery a single gNMI path
validateCheck assertion file syntax

What Can You Test?

  • Interfaces — status, IPs, descriptions, MTU
  • BGP — neighbor state, peer groups, route counts
  • EVPN/VXLAN — overlay peering, L2VPN_EVPN AFI-SAFI, VTEP config
  • OSPF — neighbor adjacencies, areas
  • LLDP — neighbor relationships
  • System — hostname, NTP, DNS

CLI Reference

netsert run <file> [flags]

Flags:
  -t, --target string      single target (host:port)
  -i, --inventory string   inventory file for groups
  -g, --group string       run against specific group
  -u, --username string    gNMI username
  -P, --password string    gNMI password
  -k, --insecure           skip TLS verification
  -w, --workers int        concurrent targets (default 10)
  -p, --parallel int       concurrent assertions per target (default 5)
  -o, --output string      output format: text, json (default text)
      --timeout duration   gNMI timeout (default 30s)

Next Steps

  • Assertions — All assertion types and path syntax
  • Generators — Auto-generate assertions from live state
  • Inventory — Organize devices into groups
  • CI/CD — Integrate with your pipeline