[c-nsp] Ethernet Freezeup

Andre Beck cisco-nsp at ibh.net
Tue Apr 8 06:13:45 EDT 2008 

Hi Ed,

On Mon, Apr 07, 2008 at 12:18:37PM -0400, Ed Ravin wrote:
> On Mon, Apr 07, 2008 at 06:04:28PM +0200, Andre Beck wrote:
> 
> > OMG.
> > 
> > Thanks for this hint - I just rolled up something with SLA, tracking
> > and EEM that eventually might just do it. Let's see...
> 
> If you get it working, please post the details!

I still don't know if it would work (hasn't triggered yet) but it's
essentially this:

1) Define a classic SLA ping monitor and track it:

 ip sla monitor 1
  type echo protocol ipIcmpEcho 212.111.225.17 source-ipaddr 212.111.225.1
  timeout 2000
  threshold 2
  frequency 10
 ip sla monitor schedule 1 life forever start-time now
 !
 track 1 rtr 1 reachability

I'm not sure about the timers and threshold, but I assume it would
do the job. Me noticing the box has gone (via a ping monitor run
from my laptop or by getting an SMS from our Nagios), logging into
the router (from the outside or using the console) and giving the
clear command manually will take longer anyway.

2) Define an EEM Applet that tracks whether this tracker goes down
   and does the things we want it to do:

 event manager applet duck-reachable 
  event track 1 state down
  action 1.1 cli command "clear interface Fa0/0"
  action 1.2 syslog priority critical msg "DUCK no longer reachable - Fa0/0 broken?"

Apparently you need somewhat current IOS for the latter, EEM was merged
in a sufficiently new version to 12.2SB it seems.

 nexus#sh track 
 Track 1
   Response Time Reporter 1 reachability
   Reachability is Up
     1 change, last change 18:11:20
   Latest operation return code: OK
   Latest RTT (millisecs) 1
   Tracked by:
      applet duck-reachable 

Looks like it would work - but only time will tell. Given the Heisenbug
nature of the thing, maybe just running the monitor prevents it from
ever occuring again ;)

HTH,
Andre.
-- 
   Real men don't make backups of their mail. They just send it out
    on the Internet and let the secret services do the hard work.

-> Andre Beck    +++ ABP-RIPE +++      IBH IT-Service GmbH, Dresden <-

More information about the cisco-nsp mailing list