[c-nsp] Catching OSPF hello problems

Rodney Dunn rodunn at cisco.com
Fri Sep 29 14:29:23 EDT 2006 

On Fri, Sep 29, 2006 at 06:48:24PM +0100, Jee Kay wrote:
> On 29/09/06, Rodney Dunn <rodunn at cisco.com> wrote:
> > What you could do instead though is setup a parallel IP SLA probe
> > running between the two boxes and trigger/alarm when you lose
> > X consecutive probes. It's just an IP packet.
> 
> Do reaction triggers trigger immediately after the event, or only at
> the end of a probe?

That's one part of sla that is confusing.
I'm pushing to get it cleared up.


 Ie for the following config would a 'alert when 2
> packets lost' be triggered immediately after the packets were lost, or
> at the end of the 5 minute cycle?

You configure the probe and the frequency to send it but I forgot
(I'd have to go figure it out) how to set a reaction event.

I tied it to an EEM applet and had it send me an email and send a syslog.

To control when it declares up or down you have to set the track threshold.

Here is what I had sent to the team I support here:

Here is an example of where I setup a ip sla probe that 
hooks to a track object that triggers an EEM applet to run
and print a syslog when the probe goes up and down.

The idea is to test for ip reachability to correspond
to EIGRP neighbor flaps over GRE/IPSEC tunnels. 

The probe runs in the clear so if there is loss of connectivity
it will detect it and naturally EIGRP is just a victim.

-=-
!configure the probe
ip sla 1
 udp-echo 64.102.253.69 1501 control disable
 timeout 500
 frequency 5
ip sla schedule 1 life forever start-time now
!
!configure the inbound ACL to let it in
ip access-list extended ISC_FIREWALL_outside_inbound_1
 permit udp host 64.102.253.69 eq 1501 any
-=-

This will send a probe every 5 seconds to the outside IP of the hub.

b) Configure a track object to hook to that probe.

Here is mine:
-=-
track 1 rtr 1
-=-

c) Now configure two event manager applets to print a syslog.
   We want to print one message when the probe fails and one
   if the probe comes up. So the probe hooks to the track object
   and the track object hooks to the event manager policy as a trigger.

Here is mine:

-=-
event manager applet ipsladown 
 event track 1 state down
 action 1.0 syslog msg "IP SLA probe failed!"
event manager applet ipslaup 
 event track 1 state up
 action 1.0 syslog msg "IP SLA probe came up!"
-=-
What will happen is if the probe goes up or down it will print a syslog
message so you can compare that to the EIGRP neighbor flaps.
Here is where I simulated the probe going down and coming back up:
 
rtp-rodunn-vpn#!probe is now up
rtp-rodunn-vpn#sh ip sla stat
 
Round Trip Time (RTT) for       Index 1
        Latest RTT: 58 milliseconds
Latest operation start time: .00:06:21.914 EDT Fri May 26 2006
Latest operation return code: OK
Number of successes: 358
Number of failures: 141
Operation time to live: Forever


rtp-rodunn-vpn#!return code is ok 
rtp-rodunn-vpn#!and the track object should be up
rtp-rodunn-vpn#sh track
Track 1
  Response Time Reporter 1 state
  State is Up
    10 changes, last change 00:00:39
  Latest operation return code: OK
  Latest RTT (millisecs) 33


You have to control the frequecy you want to report a failure by toggling
the delay parameters  under the track configuration until I can get
DE to fix:

CSCsc86447
Externally found enhancement defect: Assigned (A)
IP SLA integration with object tracking improvement request


I did get them to fix this though:

CSCse07265
Externally found moderate defect: More (M)
No syslog message generated for IP SLA timeout condition

When defining an IP SLA probe with a reaction event of TIMEOUT and setting
the probe to generat a trap a syslog message is no generated.

<B>Conditions:</B>

A sample configuration that shows a trap should be generated:

 ip sla logging traps
 ip sla 1
  icmp-echo X.X.X.X
  timeout 200
  frequency 1
ip sla reaction-configuration 1 react timeout threshold-type immediate action-type trapOnly 
ip sla schedule 1 life forever start-time now
snmp-server enable traps syslog snmp-server enable traps rtr
snmp-server host Y.Y.Y.Y public  syslog rtr

<B>Workaround:</B>
None.

so you might could use that approach to see a syslog message directly from
the probe failure and trigger on that.


But what we don't have a good solution for inside of IP SLA is the ability
to say "send pings every 5 sec and react if 3 in a row fail".

That's what CSCsc86447 will hopefully provide one day.

Rodney

  



Then > 
> rtr 2332
>  type jitter dest-ipaddr x.y.z.b dest-port 60813 source-ipaddr x.y.z.a
> num-packets 12000
>  request-data-size 172
>  timeout 150
>  tag customer
>  frequency 300
> 
> Thanks,
> Ras

More information about the cisco-nsp mailing list