[c-nsp] OSPF Dampening (WORKING!!!!)
Jeremiah Millay
jeremiah at rockriver.net
Fri Sep 29 18:02:56 EDT 2006
I got this working based on Rodney's suggestions and I thought I would
share this with you all:
Basically this is my config:
ip access-list extended BLOCK_OSPF
deny ospf any any
permit ip any any
!
event manager environment _ios_cmd_1 configure terminal
event manager environment _ios_cmd_2 interface FastEthernet0/0
event manager environment _ios_cmd_3 ip access-group OSPF_BLOCK in
event manager directory user policy flash:/
event manager directory user library flash:/
event manager session cli username jeremiah
event manager applet WirelessOSPF
event syslog occurs 6 pattern "%OSPF-5-ADJCHG: Process 1, Nbr X.X.X.X
on FastEthernet0/0" period 300
action BLOCK policy no_runmultiplecommands.tcl
action MAIL mail server "mail.rockriver.net" to "someone at rockriver.net"
from "someone at rockriver.net" subject "ROA OSPF FLAP"
event manager policy no_runmultiplecommands.tcl
This requires a tcl script that Rondey was kind enough to share with me.
I copied this to flash: on my router. The tcl script looks like this:
::cisco::eem::event_register_none runmultiplecommands
#
# Version 1.0
#
# This script uses event manager env variables to run as many commands
# as are configured. The env variables must start at _ios_cmd_1 and
# be sequential. I.e. _ios_cmd_2 then ios_cmd_3, and so on and you can't
# have _ios_cmd_3 unless you also have _ios_cmd_2 and _ios_cmd_1 for
# example.
#
# Here is another example. This will cause the script to run 'show
# version', 'show stacks' and 'show region':
#
# event manager environment _ios_cmd_1 show version
# event manager environment _ios_cmd_2 show stacks
# event manager environment _ios_cmd_3 show region
#
# Add an alias to run this script so you can basically execute multiple
# commands with just one quick command. For example if you configure:
#
# alias exec rmc event manager run no_runmultiplecommands.tcl
#
# You can then run the script (assuming it's registered and you have
# configured a username to run scripts under if you are using AAA) using
#
#
# Router#rmc
#
# The output is sent to the standard output (i.e. the current terminal)
#
# Check to make sure we have at least one command to run.
set i 1
while {[info exists _ios_cmd_[set i]]} {
# Add each command found to the list of commands
lappend cmd_list [set _ios_cmd_[set i]]
incr i 1
}
if {$i == 1} {
error "Policy cannot be run: There are no defined commands."
}
namespace import ::cisco::eem::*
namespace import ::cisco::lib::*
array set arr_einfo [event_reqinfo]
if {$_cerrno != 0} {
set result [format "component=%s; subss err=%s; posix err=%s;\n%s" \
$_cerr_sub_num $_cerr_sub_err $_cerr_posix_err $_cerr_str]
error $result
}
if [catch {cli_open} result] {
error $result $errorInfo
} else {
array set cli1 $result
}
if [catch {cli_exec $cli1(fd) "en"} result] {
error $result $errorInfo
}
foreach command $cmd_list {
if [catch {cli_exec $cli1(fd) $command} result] {
error $result $errorInfo
} else {
puts "Output from \"$command\""
puts $result
}
}
if [catch {cli_close $cli1(fd) $cli1(tty_id)} result] {
error $result $errorInfo
}
So after the event is triggered in my applet the action is to execute
the tcl script with the commands I've set in _ios_cmd_1 _ios_cmd_2
_ios_cmd_3. This applies the access list I've created to block ospf
packets. Then the script e-mails me and I go and manually take the ACL
off when I feel things are stable again. Eventually I would like to
automate the recovery but this is a really good start and it will make
our customers happy.
Thanks Rodney and everyone for your suggestions
Jeremiah
More information about the cisco-nsp
mailing list