[j-nsp] Generating events based on day of week

[Alexander Shikoff]

On Fri, Oct 30, 2009 at 07:14:41AM -0700, Curtis Call wrote:
> BTW, if the need is to do stateless firewall filters that change based on the day of week then there is already a commit+event script in Junoscriptorium that do all the heavy lifting for you.  With them loaded, all you need to do is add time-range macros to your filter terms:
> 
>      term night {
>          apply-macro active-time-range {
>              start-time "weekdays 17:00";
>              stop-time "weekdays 20:00";
>          }
>          ...
>      }
> 
> http://junoscriptorium.googlecode.com/svn/trunk/library/juniper/event/filters/time-based-filters/time-based-filters.xml
> http://junoscriptorium.googlecode.com/svn/trunk/library/juniper/commit/filters/cs-time-based-filters/cs-time-based-filters.xml

Thanks for weblinks, Curtis.
Yeah, these some hundreds lines of SLAX code add nice functionality to 
firewall filters. 
Firstly, I don't want to start "holy war" but... compare it with Cisco IOS:
!
ip access-list extended acl-Night
 permit icmp any host 10.0.0.1 time-range Night
 [...]
!
time-range Night
 periodic weekdays 17:00 to 20:00
!

Comparison does not look in favour of JunOS. Nevertheless, I have nothing 
against JunOS scripts, they are really powerful stuff for implementation of 
non-typical tasks. But the necessity to use such big scripts for solution of 
very trivial tasks looks at least strange for me.

Secondly, my task was to change policer on interface
interfaces:
# show configuration interfaces ge-0/0/0 unit 400 family inet policer 
input pol-50Mbit;
output pol-50Mbit;

I've written small op script that changes these policers and 
added its invocation via cron daemon at the time that I need:
# ---- Workdays
00      08      *       *       1-5     /usr/sbin/cli op change-policer interface ge-0/0/0 unit 400 policer-in pol-30Mbit policer-out pol-30Mbit
00      20      *       *       1-5     /usr/sbin/cli op change-policer interface ge-0/0/0 unit 400 policer-in pol-50Mbit policer-out pol-50Mbit

And now I do not see any reasons neither to detect day of week or month 
by catching system events and analyzing them nor to write hundreds lines 
of code.

Thirdly, my first event script that I've written failed to work right away.
It turned out, that it is a PR 436135: a bug in 9.5R1.8 (thank you Curtis 
for information on that). Not very good impression. Who can guarantees 
that all my big scripts (that do very simple things) will stay able to work 
after next JunOS upgrade?

Summing up all thesises: simple problems should have simple solutions.
Matching current date/time in firefall filter or calling some scripts
at desired time/date are not very complicated, are they?

Kind Regards,

-- 
MINO-RIPE