[c-nsp] EEM BGP

Tony Varriale tvarriale at comcast.net
Thu Dec 17 22:16:47 EST 2009 

Clyde,

I don't think I'm following your example with mine.  But, it sounds like I 
need EEM 3.0 to get the BGP functionality that I'm looking for.

Once again thanks for your help!

tv
----- Original Message ----- 
From: "Clyde Wildes" <cwildes at progrizon.com>
To: "'Tony Varriale'" <tvarriale at comcast.net>; <cisco-nsp at puck.nether.net>
Sent: Thursday, December 17, 2009 3:04 PM
Subject: RE: [c-nsp] EEM BGP


> Tony,
>
> "event timer countdown time 120" means that the applet BGPADJ_NOSHUT will
> run once, two minutes after it is added to the config.
>
> For EEM v2.2 in place of "action 150 publish-event sub-system 798 type 100
> arg1 "shutdown"" you could add policy B to the config. Policy B would then
> run once, 120 seconds after policy A runs.
>
> Policy B could remove itself from the config using:
> event manager applet t1
> event timer countdown time 120
> action 000 syslog msg "Timer expired"
> action 001 cli command "enable"
> action 002 cli command "config t"
> action 003 cli command "no event manager applet t1"
>
> Multiple event support was added to EEM in v2.4. For a complete list of 
> what
> features where added in which EEM release visit our website at
> http://www.progrizon.com/forum/index.php?topic=3.0. For a list of IOS
> releases and which version of EEM they contain visit
> http://www.progrizon.com/forum/index.php?topic=8.0.
>
> The only docs currently available for EEM are on the Cisco web site.
>
> Thanks,
>
> Clyde Wildes
> Progrizon, Inc.
> www.progrizon.com
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Tony Varriale
> Sent: Thursday, December 17, 2009 12:22 PM
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] EEM BGP
>
> Clyde,
>
> Thanks so much for your help.  This appears to work well.
>
> I did try and map this into a 12.4(15)T/EEM 2.2 and it appears to work. 
> I'm
>
> just not sure how.
>
> Here's the 2.2 config:
>
> event manager applet BGPADJ_SHUT
> event syslog occurs 2 pattern "%BGP-5-ADJCHANGE: neighbor 172.16.10.3 
> Down"
>
> period 600
> action 100 cli command "enable"
> action 110 cli command "configure terminal"
> action 120 cli command "router bgp 666"
> action 130 cli command "neighbor 172.16.10.3 shutdown"
> action 140 syslog msg "Neighbor 172.16.10.3 shutdown by EEM"
> action 150 publish-event sub-system 798 type 100 arg1 "shutdown"
> event manager applet BGPADJ_NOSHUT
> event timer countdown time 120
> action 100 cli command "enable"
> action 110 cli command "configure terminal"
> action 120 cli command "router bgp 666"
> action 130 cli command "no neighbor 172.16.10.3 shutdown"
> action 140 syslog msg "Neighbor 172.16.10.3 noshut by EEM"
>
> The event tag command isn't available in 2.2.
>
> I do not understand how the router knows to unshut.  Is this functionally
> the same as the 3.0 config?
>
> Are there any better docs than the ones on cisco.com?
>
> Thanks!
> ----- Original Message ----- 
> From: "Clyde Wildes" <cwildes at progrizon.com>
> To: "'Tony Varriale'" <tvarriale at comcast.net>; <cisco-nsp at puck.nether.net>
> Sent: Wednesday, December 16, 2009 4:06 PM
> Subject: RE: [c-nsp] EEM BGP
>
>
>> Tony,
>>
>> Yes EEM does not screen on the syslog messages that it emits. When we
>> built
>> the EEM syslog Event Detector the test team insisted that we implement it
>> this way to prevent recursion. ;-)
>>
>> You can always use an application specific event to trigger policy B from
>> policy A. You could use a trigger statement to delay the running of 
>> policy
>
>> B
>> if desired.
>>
>> Use the following:
>>
>> event manager applet BGPADJ_SHUT
>> event syslog occurs 2 pattern "%BGP-5-ADJCHANGE: neighbor 172.16.10.3
>> Down"
>>
>> period 600
>> action 100 cli command "enable"
>> action 110 cli command "configure terminal"
>> action 120 cli command "router bgp 666"
>> action 130 cli command "neighbor 172.16.10.3 shutdown"
>> action 140 syslog msg "Neighbor 172.16.10.3 shutdown by EEM"
>> action 150 publish-event sub-system 798 type 100 arg1 "shutdown"
>>
>> event manager applet BGPADJ_NOSHUT
>> event tag bgpevent2 application sub-system 798 type 100
>> trigger delay 600
>> action 100 cli command "enable"
>> action 110 cli command "configure terminal"
>> action 120 cli command "router bgp 666"
>> action 130 cli command "no neighbor 172.16.10.3 shutdown"
>> action 140 syslog msg "Neighbor 172.16.10.3 noshut by EEM"
>>
>> Thanks,
>>
>> Clyde
>> Progrizon, Inc.
>> www.progrizon.com
>>
>> -----Original Message-----
>> From: cisco-nsp-bounces at puck.nether.net
>> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Tony Varriale
>> Sent: Wednesday, December 16, 2009 9:38 AM
>> To: cisco-nsp at puck.nether.net
>> Subject: Re: [c-nsp] EEM BGP
>>
>> Well, did a bunch of testing and I am still stuck.  So here's the basic
>> idea
>>
>> and config.
>>
>> When the peer is actually shut, I log a message to syslog (info 
>> simplified
>> and anonymized to protect innocent).
>>
>> event manager applet BGPADJ_SHUT
>> event syslog occurs 2 pattern "%BGP-5-ADJCHANGE: neighbor 172.16.10.3
>> Down"
>>
>> period 600
>> action 100 cli command "enable"
>> action 110 cli command "configure terminal"
>> action 120 cli command "router bgp 666"
>> action 130 cli command "neighbor 172.16.10.3 shutdown"
>> action 140 syslog msg "Neighbor 172.16.10.3 shutdown by EEM"
>>
>> This works great.  Notice action 140.
>>
>> To turn the peer back up, I would like to wait 60 seconds (probably 10
>> minutes in real world) and look for the "Neighbor 172.16.10.3 shutdown by
>> EEM" in the syslog as this will tell me when I need to start my timer.
>>
>> event manager applet BGPADJ_NOSHUT
>> event tag bgpevent1 syslog pattern "%BGP-5-ADJCHANGE: neighbor 
>> 172.16.10.3
>> Down"
>> event tag bgpevent2 syslog pattern "Neighbor 172.16.10.3 shutdown by EEM"
>> trigger delay 600
>>  correlate event bgpevent1 and event bgpevent2
>> action 100 cli command "enable"
>> action 110 cli command "configure terminal"
>> action 120 cli command "router bgp 666"
>> action 130 cli command "no neighbor 172.16.10.3 shutdown"
>> action 140 syslog msg "Neighbor 172.16.10.3 noshut by EEM"
>>
>> This is the part that does not work.  For the correlation, I want to
>> either
>> look for event 1 and 2 or just 2.  1 and 2 is really just a self check.
>>
>> The apparent problem is that EEM doesn't look at the messages that it
>> injects into syslog.  So, the trigger never happens.  And as 
>> verification,
>
>> I
>>
>> tried it with event1 or event2.  While watching debug it picks up on
>> event1.
>>
>> Any ideas?  Recommendations?
>>
>> tv
>>
>> ----- Original Message ----- 
>> From: "Clyde Wildes" <cwildes at progrizon.com>
>> To: "'Tony Varriale'" <tvarriale at comcast.net>; 
>> <cisco-nsp at puck.nether.net>
>> Sent: Tuesday, December 15, 2009 3:31 PM
>> Subject: RE: [c-nsp] EEM BGP
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list