[c-nsp] EEM BGP
Clyde Wildes
cwildes at progrizon.com
Mon Dec 21 12:48:13 EST 2009
Tony,
Sorry for not being totally clear with my previous response.
Your original EEM v3.0 policy set was:
event manager applet BGPADJ_SHUT
event syslog occurs 2 pattern "%BGP-5-ADJCHANGE: neighbor 172.16.10.3 Down"
period 600
action 100 cli command "enable"
action 110 cli command "configure terminal"
action 120 cli command "router bgp 666"
action 130 cli command "neighbor 172.16.10.3 shutdown"
action 140 syslog msg "Neighbor 172.16.10.3 shutdown by EEM"
action 150 publish-event sub-system 798 type 100 arg1 "shutdown"
event manager applet BGPADJ_NOSHUT
event tag bgpevent2 application sub-system 798 type 100
trigger delay 60
action 100 cli command "enable"
action 110 cli command "configure terminal"
action 120 cli command "router bgp 666"
action 130 cli command "no neighbor 172.16.10.3 shutdown"
action 140 syslog msg "Neighbor 172.16.10.3 noshut by EEM"
12.4(15)T has EEM v2.3. An equivalent EEM v2.3 policy set might be:
event manager environment _quote "
event manager applet BGPADJ_SHUT
event syslog occurs 2 pattern "%BGP-5-ADJCHANGE: neighbor 172.16.10.3 Down"
period 600
action 100 cli command "enable"
action 110 cli command "configure terminal"
action 120 cli command "router bgp 666"
action 130 cli command "neighbor 172.16.10.3 shutdown"
action 140 syslog msg "Neighbor 172.16.10.3 shutdown by EEM"
action 160 cli command "event manager applet BGPADJ_NOSHUT"
action 170 cli command "event timer countdown time 60"
action 180 cli command "action 100 cli command $_quote enable $_quote"
action 190 cli command "action 110 cli command $_quote configure terminal
$_quote"
action 200 cli command "action 120 cli command $_quote router bgp 666
$_quote"
action 210 cli command "action 130 cli command $_quote no neighbor
172.16.10.3 shutdown $_quote"
action 220 cli command "action 140 syslog msg $_quote Neighbor 172.16.10.3
noshut by EEM $_quote"
action 230 cli command "action 150 cli command $_quote no event manager
applet BGPADJ_NOSHUT $_quote"
In this policy set, the act of running policy BGPADJ_SHUT causes policy
BGPADJ_NOSHUT to be added to the config (after the neighbor is shut down).
Policy BGPADJ_NOSHUT runs 60 seconds later, does a noshut to the neighbor,
and un-configures itself when it is complete. Note that the environment
variable _quote is meant to get around the fact that you can not escape the
double quote symbol using a backslash character in EEM v2.3.
I hope that this helps.
Thanks,
Clyde Wildes
Progrizon, Inc.
www.progrizon.com
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Tony Varriale
Sent: Thursday, December 17, 2009 7:17 PM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] EEM BGP
Clyde,
I don't think I'm following your example with mine. But, it sounds like I
need EEM 3.0 to get the BGP functionality that I'm looking for.
Once again thanks for your help!
tv
----- Original Message -----
From: "Clyde Wildes" <cwildes at progrizon.com>
To: "'Tony Varriale'" <tvarriale at comcast.net>; <cisco-nsp at puck.nether.net>
Sent: Thursday, December 17, 2009 3:04 PM
Subject: RE: [c-nsp] EEM BGP
> Tony,
>
> "event timer countdown time 120" means that the applet BGPADJ_NOSHUT will
> run once, two minutes after it is added to the config.
>
> For EEM v2.2 in place of "action 150 publish-event sub-system 798 type 100
> arg1 "shutdown"" you could add policy B to the config. Policy B would then
> run once, 120 seconds after policy A runs.
>
> Policy B could remove itself from the config using:
> event manager applet t1
> event timer countdown time 120
> action 000 syslog msg "Timer expired"
> action 001 cli command "enable"
> action 002 cli command "config t"
> action 003 cli command "no event manager applet t1"
>
> Multiple event support was added to EEM in v2.4. For a complete list of
> what
> features where added in which EEM release visit our website at
> http://www.progrizon.com/forum/index.php?topic=3.0. For a list of IOS
> releases and which version of EEM they contain visit
> http://www.progrizon.com/forum/index.php?topic=8.0.
>
> The only docs currently available for EEM are on the Cisco web site.
>
> Thanks,
>
> Clyde Wildes
> Progrizon, Inc.
> www.progrizon.com
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Tony Varriale
> Sent: Thursday, December 17, 2009 12:22 PM
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] EEM BGP
>
> Clyde,
>
> Thanks so much for your help. This appears to work well.
>
> I did try and map this into a 12.4(15)T/EEM 2.2 and it appears to work.
> I'm
>
> just not sure how.
>
> Here's the 2.2 config:
>
> event manager applet BGPADJ_SHUT
> event syslog occurs 2 pattern "%BGP-5-ADJCHANGE: neighbor 172.16.10.3
> Down"
>
> period 600
> action 100 cli command "enable"
> action 110 cli command "configure terminal"
> action 120 cli command "router bgp 666"
> action 130 cli command "neighbor 172.16.10.3 shutdown"
> action 140 syslog msg "Neighbor 172.16.10.3 shutdown by EEM"
> action 150 publish-event sub-system 798 type 100 arg1 "shutdown"
> event manager applet BGPADJ_NOSHUT
> event timer countdown time 120
> action 100 cli command "enable"
> action 110 cli command "configure terminal"
> action 120 cli command "router bgp 666"
> action 130 cli command "no neighbor 172.16.10.3 shutdown"
> action 140 syslog msg "Neighbor 172.16.10.3 noshut by EEM"
>
> The event tag command isn't available in 2.2.
>
> I do not understand how the router knows to unshut. Is this functionally
> the same as the 3.0 config?
>
> Are there any better docs than the ones on cisco.com?
>
> Thanks!
> ----- Original Message -----
> From: "Clyde Wildes" <cwildes at progrizon.com>
> To: "'Tony Varriale'" <tvarriale at comcast.net>; <cisco-nsp at puck.nether.net>
> Sent: Wednesday, December 16, 2009 4:06 PM
> Subject: RE: [c-nsp] EEM BGP
>
>
>> Tony,
>>
>> Yes EEM does not screen on the syslog messages that it emits. When we
>> built
>> the EEM syslog Event Detector the test team insisted that we implement it
>> this way to prevent recursion. ;-)
>>
>> You can always use an application specific event to trigger policy B from
>> policy A. You could use a trigger statement to delay the running of
>> policy
>
>> B
>> if desired.
>>
>> Use the following:
>>
>> event manager applet BGPADJ_SHUT
>> event syslog occurs 2 pattern "%BGP-5-ADJCHANGE: neighbor 172.16.10.3
>> Down"
>>
>> period 600
>> action 100 cli command "enable"
>> action 110 cli command "configure terminal"
>> action 120 cli command "router bgp 666"
>> action 130 cli command "neighbor 172.16.10.3 shutdown"
>> action 140 syslog msg "Neighbor 172.16.10.3 shutdown by EEM"
>> action 150 publish-event sub-system 798 type 100 arg1 "shutdown"
>>
>> event manager applet BGPADJ_NOSHUT
>> event tag bgpevent2 application sub-system 798 type 100
>> trigger delay 600
>> action 100 cli command "enable"
>> action 110 cli command "configure terminal"
>> action 120 cli command "router bgp 666"
>> action 130 cli command "no neighbor 172.16.10.3 shutdown"
>> action 140 syslog msg "Neighbor 172.16.10.3 noshut by EEM"
>>
>> Thanks,
>>
>> Clyde
>> Progrizon, Inc.
>> www.progrizon.com
>>
>> -----Original Message-----
>> From: cisco-nsp-bounces at puck.nether.net
>> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Tony Varriale
>> Sent: Wednesday, December 16, 2009 9:38 AM
>> To: cisco-nsp at puck.nether.net
>> Subject: Re: [c-nsp] EEM BGP
>>
>> Well, did a bunch of testing and I am still stuck. So here's the basic
>> idea
>>
>> and config.
>>
>> When the peer is actually shut, I log a message to syslog (info
>> simplified
>> and anonymized to protect innocent).
>>
>> event manager applet BGPADJ_SHUT
>> event syslog occurs 2 pattern "%BGP-5-ADJCHANGE: neighbor 172.16.10.3
>> Down"
>>
>> period 600
>> action 100 cli command "enable"
>> action 110 cli command "configure terminal"
>> action 120 cli command "router bgp 666"
>> action 130 cli command "neighbor 172.16.10.3 shutdown"
>> action 140 syslog msg "Neighbor 172.16.10.3 shutdown by EEM"
>>
>> This works great. Notice action 140.
>>
>> To turn the peer back up, I would like to wait 60 seconds (probably 10
>> minutes in real world) and look for the "Neighbor 172.16.10.3 shutdown by
>> EEM" in the syslog as this will tell me when I need to start my timer.
>>
>> event manager applet BGPADJ_NOSHUT
>> event tag bgpevent1 syslog pattern "%BGP-5-ADJCHANGE: neighbor
>> 172.16.10.3
>> Down"
>> event tag bgpevent2 syslog pattern "Neighbor 172.16.10.3 shutdown by EEM"
>> trigger delay 600
>> correlate event bgpevent1 and event bgpevent2
>> action 100 cli command "enable"
>> action 110 cli command "configure terminal"
>> action 120 cli command "router bgp 666"
>> action 130 cli command "no neighbor 172.16.10.3 shutdown"
>> action 140 syslog msg "Neighbor 172.16.10.3 noshut by EEM"
>>
>> This is the part that does not work. For the correlation, I want to
>> either
>> look for event 1 and 2 or just 2. 1 and 2 is really just a self check.
>>
>> The apparent problem is that EEM doesn't look at the messages that it
>> injects into syslog. So, the trigger never happens. And as
>> verification,
>
>> I
>>
>> tried it with event1 or event2. While watching debug it picks up on
>> event1.
>>
>> Any ideas? Recommendations?
>>
>> tv
>>
>> ----- Original Message -----
>> From: "Clyde Wildes" <cwildes at progrizon.com>
>> To: "'Tony Varriale'" <tvarriale at comcast.net>;
>> <cisco-nsp at puck.nether.net>
>> Sent: Tuesday, December 15, 2009 3:31 PM
>> Subject: RE: [c-nsp] EEM BGP
>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list