[c-nsp] OSPF Dampening

Rodney Dunn rodunn at cisco.com
Fri Sep 29 14:48:19 EDT 2006


On Fri, Sep 29, 2006 at 10:33:52AM -0500, Jeremiah Millay wrote:
> Much easier said than done! I've never used the embedded event manager 
> and it looks rather complex. I read this....  
> http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a008045578a.html#wp1082039
> and it didn't provide me with the information I need to write something 
> like you are describing.
> 
> I would be basically grepping the syslog for a message like:
> 
> *Sep 28 17:05:55: %OSPF-5-ADJCHG: Process 1, Nbr X.X.X.X on 
> > FastEthernet0/0 from LOADING to FULL, Loading Done
> 
> 
> 
> and then apply an ACL to block ospf packets when this happens 4 times 
> within 5 minutes. Then I would have something that would take the ACL 
> off when the neighbor is pinging at 100% for 10 minutes.

You can do something close without TCL. Just poke around a box
and look at configuring an EEM applet.
Match on the syslog, run the config commands, have it send you an
email and then you can decide when you turn it back up. 


> 
> If you could point me in the right direction to figure out how to write 
> this that would be great. The router is an 1841 running a 12.4 IOS which 
> supports this feature but writing a policy in EEM and tcl is way over my 
> head and honestly I think its one of the biggest kludges I've ever seen. 

Kludge to you appears as heaven to others. :) Different perspective.

I'd suggest you just keep monitoring this alias for some updates on
EEM/TCL in the near future that might give you some more guidance. 
*hint*


> Haha. Honestly, do you have to now be an expert programmer just to get a 
> simple dampening mechanism in ospf to work?

You asked for a solution and I'm trying to get you one.
Expert is always a relative term.

I don't know TCL either but I plan to learn it.


> 
> Jeremiah
> 
> 
> Rodney Dunn wrote:
> > Oh I'm going to be saying this a lot. :)
> >
> >
> > Look at EEM and write yourself a TCL policy that would monitor for
> > flap rate of an OSPF message in the syslog and block that
> > peer. 
> >
> > ie: put an acl on the interface that blocks ospf packets coming
> > in from it.
> >
> > Then start a script that pings the neighbor at a rate/time that you
> > feel determines the neighbor is back stable and then have the script
> > remove the ACL and let the neighbor come back up.
> >
> > And you can have the EEM policy email you all along the way telling
> > you what it's doing. :)
> >
> >
> > Rodney
> >
> >
> >   
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list