[c-nsp] OSPF Dampening (WORKING!!!!)

Rodney Dunn rodunn at cisco.com
Mon Oct 2 13:28:09 EDT 2006 

Glad to know you got that working. Nice.

Just a couple notes is that it would block ALL ospf packets
so any other neighbors wouldn't come up on it. May or may
not be a good thing depending on the topology.

It's no automatic to try and bring the neighbor back up
after some time and again that may or may not be good depending
on the setup.

It will send you an email so what action you take after we mark
it down is ok.

One thing you could do is rather than put the ACL in is just
mark the interface passive under OSPF so we didn't bring any
neighbors up on that interface.

That's the beauty of it. It's flexible to hopefully solve the
different versions of the problem in different ways.

Rodney

On Fri, Sep 29, 2006 at 05:02:56PM -0500, Jeremiah Millay wrote:
> I got this working based on Rodney's suggestions and I thought I would 
> share this with you all:
> 
> Basically this is my config:
> 
> ip access-list extended BLOCK_OSPF
>  deny   ospf any any
>  permit ip any any
> !
> 
> event manager environment _ios_cmd_1 configure terminal
> event manager environment _ios_cmd_2 interface FastEthernet0/0
> event manager environment _ios_cmd_3 ip access-group OSPF_BLOCK in
> event manager directory user policy flash:/
> event manager directory user library flash:/
> event manager session cli username jeremiah
> event manager applet WirelessOSPF
>  event syslog occurs 6 pattern "%OSPF-5-ADJCHG: Process 1, Nbr X.X.X.X 
> on FastEthernet0/0" period 300
>  action BLOCK policy no_runmultiplecommands.tcl
>  action MAIL mail server "mail.rockriver.net" to "someone at rockriver.net" 
> from "someone at rockriver.net" subject "ROA OSPF FLAP"
> event manager policy no_runmultiplecommands.tcl
> 
> 
> This requires a tcl script that Rondey was kind enough to share with me. 
> I copied this to flash: on my router. The tcl script looks like this:
> 
> 
> 
> 
> ::cisco::eem::event_register_none runmultiplecommands
> #
> # Version 1.0
> #
> # This script uses event manager env variables to run as many commands
> # as are configured.  The env variables must start at _ios_cmd_1 and
> # be sequential. I.e. _ios_cmd_2 then ios_cmd_3, and so on and you can't
> # have _ios_cmd_3 unless you also have _ios_cmd_2 and _ios_cmd_1 for
> # example.
> #
> # Here is another example.  This will cause the script to run 'show
> # version', 'show stacks' and 'show region':
> #
> #   event manager environment _ios_cmd_1 show version
> #   event manager environment _ios_cmd_2 show stacks
> #   event manager environment _ios_cmd_3 show region
> #
> # Add an alias to run this script so you can basically execute multiple
> # commands with just one quick command.  For example if you configure:
> #
> #   alias exec rmc event manager run no_runmultiplecommands.tcl
> #
> # You can then run the script (assuming it's registered and you have
> # configured a username to run scripts under if you are using AAA) using
> #
> #
> #   Router#rmc
> #
> # The output is sent to the standard output (i.e. the current terminal)
> #
> 
> # Check to make sure we have at least one command to run.
> set i 1
> while {[info exists _ios_cmd_[set i]]} {
>     # Add each command found to the list of commands
>     lappend cmd_list [set _ios_cmd_[set i]]
>     incr i 1
> }
> 
> if {$i == 1} {
>     error "Policy cannot be run: There are no defined commands."
> }
> 
> namespace import ::cisco::eem::*
> namespace import ::cisco::lib::*
> 
> array set arr_einfo [event_reqinfo]
> 
> if {$_cerrno != 0} {
>   set result [format "component=%s; subss err=%s; posix err=%s;\n%s" \
>     $_cerr_sub_num $_cerr_sub_err $_cerr_posix_err $_cerr_str]
>   error $result
> }
> 
> if [catch {cli_open} result] {
>     error $result $errorInfo
> } else {
>     array set cli1 $result
> }  
> 
> if [catch {cli_exec $cli1(fd) "en"} result] {
>     error $result $errorInfo
> }
> 
> foreach command $cmd_list {
>   if [catch {cli_exec $cli1(fd) $command} result] {
>     error $result $errorInfo
>   } else {
>     puts "Output from \"$command\""
>     puts $result
>   }
> }
> 
> if [catch {cli_close $cli1(fd) $cli1(tty_id)} result] {
>     error $result $errorInfo
> }
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> So after the event is triggered in my applet the action is to execute 
> the tcl script with the commands I've set in _ios_cmd_1 _ios_cmd_2 
> _ios_cmd_3. This applies the access list I've created to block ospf 
> packets. Then the script e-mails me and I go and manually take the ACL 
> off when I feel things are stable again. Eventually I would like to 
> automate the recovery but this is a really good start and it will make 
> our customers happy.
> Thanks Rodney and everyone for your suggestions
> Jeremiah

More information about the cisco-nsp mailing list