Skills
skills/automateyournetwork/netclaw/pyats-health-check

pyats-health-check

SKILL.md

Device Health Check

Perform comprehensive health assessments on network devices using pyATS. This skill defines the systematic approach for evaluating device health across all critical dimensions.

When to Use

  • Proactive daily/weekly health monitoring
  • Pre-change and post-change validation
  • Incident response — first thing you run when alerted
  • Capacity planning and trending
  • Compliance checks for operational readiness

Health Check Procedure

Always run health checks in this exact order. Each section builds on the previous one.

Step 1: Device Identity & Uptime

Run show version to establish baseline identity.

PYATS_TESTBED_PATH=$PYATS_TESTBED_PATH python3 $MCP_CALL "python3 -u $PYATS_MCP_SCRIPT" pyats_run_show_command '{"device_name":"R1","command":"show version"}'

Extract and report:

  • Hostname, model, serial number
  • IOS-XE version and image filename
  • Uptime (flag if < 24 hours — indicates recent reload)
  • Last reload reason (flag if unexpected: crash, power failure)
  • Total/available memory
  • License status

Thresholds:

  • Uptime < 24h → WARNING: Recent reload
  • Uptime < 1h → CRITICAL: Very recent reload, check for crash
  • Last reload reason contains "crash" or "error" → CRITICAL

Step 2: CPU Utilization

PYATS_TESTBED_PATH=$PYATS_TESTBED_PATH python3 $MCP_CALL "python3 -u $PYATS_MCP_SCRIPT" pyats_run_show_command '{"device_name":"R1","command":"show processes cpu sorted"}'

Thresholds (5-second / 1-minute / 5-minute averages):

  • < 50% → HEALTHY
  • 50-75% → WARNING: Elevated CPU
  • 75-90% → HIGH: Investigate top processes

  • 90% → CRITICAL: Immediate investigation required

Top processes to watch:

  • IP Input — high traffic volume or routing loops
  • BGP Router / BGP I/O — large BGP table or instability
  • OSPF-1 Hello — OSPF adjacency issues
  • Crypto IKMP / Crypto Engine — IPsec overhead
  • SNMP ENGINE — polling storm
  • ARP Input — ARP storm or L2 loop

Step 3: Memory Utilization

PYATS_TESTBED_PATH=$PYATS_TESTBED_PATH python3 $MCP_CALL "python3 -u $PYATS_MCP_SCRIPT" pyats_run_show_command '{"device_name":"R1","command":"show processes memory sorted"}'

Also run:

PYATS_TESTBED_PATH=$PYATS_TESTBED_PATH python3 $MCP_CALL "python3 -u $PYATS_MCP_SCRIPT" pyats_run_show_command '{"device_name":"R1","command":"show platform resources"}'

Thresholds:

  • Used < 70% → HEALTHY
  • 70-85% → WARNING: Memory pressure
  • 85-95% → HIGH: May impact routing table updates

  • 95% → CRITICAL: Risk of process crashes or OOM

Memory consumers to watch:

  • BGP Router — large BGP table (full internet table = ~1M routes)
  • CEF process — large FIB
  • OSPF Router — large OSPF LSDB
  • HTTP CORE — web server / RESTCONF overhead
  • IOSD iomem — I/O memory for packet buffers

Step 4: Interface Status

PYATS_TESTBED_PATH=$PYATS_TESTBED_PATH python3 $MCP_CALL "python3 -u $PYATS_MCP_SCRIPT" pyats_run_show_command '{"device_name":"R1","command":"show ip interface brief"}'

Then for each active interface, get detailed counters:

PYATS_TESTBED_PATH=$PYATS_TESTBED_PATH python3 $MCP_CALL "python3 -u $PYATS_MCP_SCRIPT" pyats_run_show_command '{"device_name":"R1","command":"show interfaces"}'

Report for each interface:

  • Admin status (up/down) and protocol status (up/down)
  • IP address and subnet
  • Speed, duplex, MTU
  • Input/output rate (bps and pps)
  • Error counters: CRC, input errors, output errors, drops, overruns
  • Resets counter (flag if incrementing — indicates flapping)
  • Last input/output timestamps

Flags:

  • Interface up/down → WARNING: Check physical or protocol
  • CRC errors > 0 → WARNING: Physical layer issue (cabling, optics, duplex mismatch)
  • Input errors incrementing → WARNING: Packet corruption
  • Output drops > 0 → WARNING: Congestion or QoS issue
  • Resets incrementing → CRITICAL: Interface flapping
  • Line protocol down on configured interface → CRITICAL

Step 5: Hardware & Environment

PYATS_TESTBED_PATH=$PYATS_TESTBED_PATH python3 $MCP_CALL "python3 -u $PYATS_MCP_SCRIPT" pyats_run_show_command '{"device_name":"R1","command":"show inventory"}'

PYATS_TESTBED_PATH=$PYATS_TESTBED_PATH python3 $MCP_CALL "python3 -u $PYATS_MCP_SCRIPT" pyats_run_show_command '{"device_name":"R1","command":"show platform"}'

Report: Module status (ok/fail), serial numbers, PID, transceiver types and DOM readings.

Step 6: NTP Synchronization

PYATS_TESTBED_PATH=$PYATS_TESTBED_PATH python3 $MCP_CALL "python3 -u $PYATS_MCP_SCRIPT" pyats_run_show_command '{"device_name":"R1","command":"show ntp associations"}'

PYATS_TESTBED_PATH=$PYATS_TESTBED_PATH python3 $MCP_CALL "python3 -u $PYATS_MCP_SCRIPT" pyats_run_show_command '{"device_name":"R1","command":"show clock"}'

Flags:

  • No NTP peer synchronized (no * in associations) → CRITICAL for logging/forensics
  • Clock offset > 100ms → WARNING
  • Clock offset > 1s → CRITICAL
  • No NTP configured at all → CRITICAL

Step 7: System Logs

PYATS_TESTBED_PATH=$PYATS_TESTBED_PATH python3 $MCP_CALL "python3 -u $PYATS_MCP_SCRIPT" pyats_show_logging '{"device_name":"R1"}'

Scan for these patterns:

  • %SYS-*-RELOAD — reload events
  • %LINEPROTO-5-UPDOWN — interface flaps
  • %OSPF-*-ADJCHG — OSPF adjacency changes
  • %BGP-*-ADJCHANGE — BGP peer state changes
  • %DUAL-*-NBRCHANGE — EIGRP neighbor changes
  • %SYS-2-MALLOCFAIL — memory allocation failure (CRITICAL)
  • %SYS-3-CPUHOG — process monopolizing CPU (HIGH)
  • %TRACKING-* — IP SLA or object tracking changes
  • %SEC-* / %AUTHMGR-* — security events
  • %PLATFORM-*-CRASH — crash events (CRITICAL)
  • Traceback — software bug (CRITICAL — open TAC case)

Step 8: Connectivity Validation

Test reachability to critical infrastructure:

PYATS_TESTBED_PATH=$PYATS_TESTBED_PATH python3 $MCP_CALL "python3 -u $PYATS_MCP_SCRIPT" pyats_ping_from_network_device '{"device_name":"R1","command":"ping 8.8.8.8 repeat 5"}'

Thresholds:

  • 100% success, RTT < 50ms → HEALTHY
  • 100% success, RTT > 100ms → WARNING: High latency
  • 80-99% success → WARNING: Packet loss
  • < 80% success → CRITICAL: Significant packet loss
  • 0% success → CRITICAL: No reachability

Health Report Format

Always produce a summary table:

Device: R1 (devnetsandboxiosxec8k.cisco.com)
Model: C8000V | IOS-XE: 17.x.x | Uptime: XXd XXh

┌──────────────────┬──────────┬─────────────────────────┐
│ Check            │ Status   │ Details                 │
├──────────────────┼──────────┼─────────────────────────┤
│ CPU (5min avg)   │ HEALTHY  │ 12%                     │
│ Memory           │ HEALTHY  │ 45% used (1.2G/2.6G)   │
│ Interfaces       │ WARNING  │ Gi2 down/down           │
│ Hardware         │ HEALTHY  │ All modules OK          │
│ NTP              │ HEALTHY  │ Synced, offset 2ms      │
│ Logs             │ WARNING  │ 3 OSPF adjacency flaps  │
│ Connectivity     │ HEALTHY  │ 100% to 8.8.8.8, 23ms  │
└──────────────────┴──────────┴─────────────────────────┘

Overall: WARNING — 2 items need attention

Severity order: CRITICAL > HIGH > WARNING > HEALTHY. Overall status = worst individual status.

NetBox Cross-Reference (MISSION02 Enhancement)

When NetBox is available ($NETBOX_MCP_SCRIPT is set), cross-reference device state against the source of truth after Steps 1 and 4:

Interface State Validation

Query NetBox for expected interface states:

python3 $MCP_CALL "python3 -u $NETBOX_MCP_SCRIPT" netbox_get_objects '{"object_type":"dcim.interfaces","filters":{"device":"R1"},"brief":true}'

Compare NetBox intent vs device reality:

  • NetBox shows interface enabled but device shows down → CRITICAL: Unexpected outage
  • NetBox shows interface disabled but device shows up → WARNING: Undocumented activation
  • Interface exists on device but not in NetBox → WARNING: Undocumented interface
  • Interface in NetBox but not on device → WARNING: NetBox stale data

IP Address Validation

Query NetBox for expected IP assignments:

python3 $MCP_CALL "python3 -u $NETBOX_MCP_SCRIPT" netbox_get_objects '{"object_type":"ipam.ip-addresses","filters":{"device":"R1"}}'

Compare: Flag any IP_DRIFT where the device IP differs from NetBox.

Fleet-Wide Health (pCall)

To run health checks across ALL devices simultaneously, first list all devices:

PYATS_TESTBED_PATH=$PYATS_TESTBED_PATH python3 $MCP_CALL "python3 -u $PYATS_MCP_SCRIPT" pyats_list_devices

Then run Steps 1-8 on each device concurrently using multiple exec commands. Collect all results and produce a fleet summary:

┌──────────┬──────────┬──────┬────────┬──────────┬─────────────┐
│ Device   │ CPU      │ Mem  │ Intf   │ NTP      │ Overall     │
├──────────┼──────────┼──────┼────────┼──────────┼─────────────┤
│ R1       │ HEALTHY  │ WARN │ HEALTHY│ HEALTHY  │ WARNING     │
│ R2       │ HEALTHY  │ OK   │ CRIT   │ HEALTHY  │ CRITICAL    │
│ SW1      │ HIGH     │ OK   │ HEALTHY│ CRIT     │ CRITICAL    │
└──────────┴──────────┴──────┴────────┴──────────┴─────────────┘

Sort devices by severity (CRITICAL first) for triage prioritization.

GAIT Audit Trail

After completing a health check, record the session in GAIT:

python3 $MCP_CALL "python3 -u $GAIT_MCP_SCRIPT" gait_record_turn '{"input":{"role":"assistant","content":"Health check completed on R1: CPU HEALTHY (12%), Memory WARNING (78%), Interfaces HEALTHY, NTP HEALTHY. Overall: WARNING.","artifacts":[]}}'
Weekly Installs
9
Repository
automateyournet…/netclaw
GitHub Stars
282
First Seen
10 days ago
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
Installed on
opencode9
gemini-cli9
antigravity9
claude-code9
github-copilot9
codex9