Generators
Generators connect to live devices and create assertions based on current state. Use them to establish a baseline or bootstrap your assertion files.
Usage
netsert generate <target> [--generators <list>] [flags]Generate all available assertions:
netsert generate spine1:6030 -u admin -P password -kGenerate specific types:
netsert generate spine1:6030 --generators interfaces,bgp -kAvailable Generators
| Generator | Description |
|---|---|
interfaces | Interface status, IP addresses, descriptions |
bgp | BGP neighbors, session state, AFI/SAFI (including EVPN) |
ospf | OSPF neighbors and adjacency state |
lldp | LLDP neighbor relationships |
vxlan | VXLAN VTEP interfaces and VNI mappings |
system | Hostname, version, NTP servers |
Generator Output
interfaces
assertions:
- name: Ethernet1 oper-status
path: interface[Ethernet1]/state/oper-status
equals: "UP"
- name: Ethernet1 description
path: interface[Ethernet1]/config/description
equals: "Uplink to leaf1"
- name: Loopback0 IPv4 address
path: interface[Loopback0]/subinterfaces/subinterface[index=0]/ipv4/addresses/address[ip=10.255.0.1]/config/prefix-length
equals: "32"bgp
The BGP generator detects all address families including EVPN:
assertions:
# Underlay BGP (IPv4)
- name: BGP neighbor 10.0.0.2 session-state
path: bgp[default]/neighbors/neighbor[neighbor-address=10.0.0.2]/state/session-state
equals: "ESTABLISHED"
- name: BGP neighbor 10.0.0.2 peer-as
path: bgp[default]/neighbors/neighbor[neighbor-address=10.0.0.2]/config/peer-as
equals: "65001"
- name: BGP neighbor 10.0.0.2 IPV4_UNICAST active
path: bgp[default]/neighbors/neighbor[neighbor-address=10.0.0.2]/afi-safis/afi-safi[afi-safi-name=IPV4_UNICAST]/state/active
equals: "true"
# EVPN overlay
- name: EVPN peer 10.255.0.1 session-state
path: bgp[default]/neighbors/neighbor[neighbor-address=10.255.0.1]/state/session-state
equals: "ESTABLISHED"
- name: EVPN peer 10.255.0.1 L2VPN_EVPN active
path: bgp[default]/neighbors/neighbor[neighbor-address=10.255.0.1]/afi-safis/afi-safi[afi-safi-name=L2VPN_EVPN]/state/active
equals: "true"
- name: EVPN peer 10.255.0.1 peer-group
path: bgp[default]/neighbors/neighbor[neighbor-address=10.255.0.1]/config/peer-group
equals: "SPINE-EVPN"ospf
assertions:
- name: OSPF neighbor 10.255.0.2 adjacency-state
path: ospf[default]/areas/area[identifier=0.0.0.0]/interfaces/interface[id=Ethernet1]/neighbors/neighbor[router-id=10.255.0.2]/state/adjacency-state
equals: "FULL"lldp
assertions:
- name: LLDP Ethernet1 neighbor system-name
path: lldp/interfaces/interface[name=Ethernet1]/neighbors/neighbor/state/system-name
equals: "leaf1"
- name: LLDP Ethernet1 neighbor port-id
path: lldp/interfaces/interface[name=Ethernet1]/neighbors/neighbor/state/port-id
equals: "Ethernet1"vxlan
The VXLAN generator creates assertions for VTEP interfaces and VNI mappings:
assertions:
- name: Vxlan1 oper-status
path: interface[Vxlan1]/state/oper-status
equals: "UP"
- name: Vxlan1 source-interface
path: interface[Vxlan1]/config/source-interface
equals: "Loopback1"
- name: VNI 10010 mapped
path: interface[Vxlan1]/vxlan/config/vni-map[vni=10010]/vlan
equals: "10"
- name: VNI 10020 mapped
path: interface[Vxlan1]/vxlan/config/vni-map[vni=10020]/vlan
equals: "20"system
assertions:
- name: System hostname
path: system/config/hostname
equals: "spine1"
- name: NTP server 10.0.0.100 configured
path: system/ntp/servers/server[address=10.0.0.100]/config/address
exists: trueWorkflow
-
Generate baseline from known-good state:
netsert generate spine1:6030 -k > baseline.yaml -
Review and edit — remove transient values, add meaningful names
-
Run assertions to validate:
netsert run baseline.yaml -t spine1:6030 -k -
Integrate into CI/CD — run on every change
Tips
- Generate from a known-good state (maintenance window, post-change verification)
- Edit generated assertions — add meaningful names, remove noise
- Don’t assert on counters or timestamps (they change)
- Use
--generatorsto limit scope when you only need specific checks