[c-nsp] Shutdown an interface based on CRC errors

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Thu Feb 11 05:52:41 EST 2016

>On Thu, Feb 11, 2016 at 10:00:16AM +0100, Robert Hass wrote:
>> I'm looking for function which can shutdown an interface if CRC error
>> threshold will be overdraft. Is any existing command for this in JunOS
>> MX and EX platforms ?
>> If not maybe some OP script ?
>You sort of hit the wrong list, but if someone has good ideas how to solve
>this for IOS, I'm all ears :-)
>(Specifically what I'm looking for is something that hooks into IP SLA or
>Ethernet OAM/CFM and takes a link out of IGP routing if packet loss
>a certain threshold - we recently had a carrier break their metro network
>in interesting ways, leading to 50% packet loss, which was enough to
>effectively take the site offline, but IGP stubbornly clung to "I have
>seen a keepalive!")

something like this could get you started, Gert?

1) Trigger based on SNMP interface error counters.
Rate is always calculated per second. Average factor identifies number
of data points (one for each poll-interval) will be averaged for
calculation of rate. Average factor needs to be a minimum of 2.

event manager applet INTERFACE-ERROS trap
event snmp oid ifEntry.14.XX get-type exact entry-op ge entry-val 10
entry-type rate average-factor 2 poll-interval 5
action 20.0 syslog msg "disabling Gigxxx due to errors"
action 30.0 cli command "enable"
action 30.1 cli command "config terminal"
action 40.0 cli command "interface Gig XX"
action 50.0 cli command "ip ospf cost 9999"
action 60.0 cli command "end"

and a reverse to reduce the cost back in case error rates falls below a

you can also trigger based on IP-SLA, for example below trigger

2) Trigger based on RTT delay mib:
Use RTT delay mib associated with RTR probes to trigger when the delay
is too long. rttMonLatestJitterOperRTTSum shows the sum of delays for
probes sent during the last interval. By default 10 probes are sent. To
trigger on 10ms RTT delay trigger value must be set below 100.

event manager applet TEST3-SNMP-RTT-Delay trap
event snmp oid rttMonLatestJitterOperRTTSum.1 get-type exact entry-op ge
entry-val 90 entry-type value exit-op le exit-val 20 poll-interval 10

for Ethernet OAM/CFM, you could hook EEM into the syslog messages produced
by the syslog? You can also parse the syslog string using regexp, check
the applet I found somewhere:

event manager applet TunnelLost
 event syslog occurs 1 pattern "OSPF-5-ADJCHG.*on Tunnel.*FULL to DOWN"
period 1
 action 100 regexp "on (Tunnel[0-9]+) from" "$_syslog_msg" match ifname
 action 200 if $_regexp_result eq 1
 action 210  cli command "show interface $ifname | include Description:"

trust you get the gist :)


More information about the cisco-nsp mailing list