Skip to main content

Detect simulated IPSec tunnel changes using Invariant

To detect changes in simulated IPSec tunnels between two network snapshots, fetch the ipsec_edges report for each snapshot and compare them.

First, retrieve the report for your current snapshot. Replace <current_snapshot_uuid> with the actual snapshot ID.

invariant show ipsec_edges --snapshot <current_snapshot_uuid> --json > current_ipsec_edges.json

Next, retrieve the report for the previous or baseline snapshot. Replace <previous_snapshot_uuid> with its ID.

invariant show ipsec_edges --snapshot <previous_snapshot_uuid> --json > previous_ipsec_edges.json

Use a diff tool to compare the two files. Differences will highlight added or removed IPSec edges, indicating changes in tunnel establishment.

diff current_ipsec_edges.json previous_ipsec_edges.json
# Example output might show removed (-) edges:
# <   "Tunnel_Interface_str": "border-1[Tunnel1]",
# <   "Source_Interface_str": "tgw-06b348adabd13452d[external-vpn-01c45673532d3e33e-1]"
# ---
# > (This edge might be missing in the current file)

Refer to Invariant output documentation for ipsec_edges details (Note: This specific report wasn't listed in the provided Output overview but is demonstrated in the Jenkins automation example).