Solved: Re: EEM config & Track delay

Ven Taylor · ‎09-19-2012

We have two iBGP peers with their own separate eBGP (Internet) peers.

We use them as an HSRP pair (over an L2 trunk) for our redundant Internet.

I've created an EEM script that will have the "secondary" router track the "primary" router's HSRP interface to ensure it's still up.

If the link goes down, the router immediately removes all of its iBGP static routes to avoid a routing black hole.

When the link comes back up, the secondary router re-adds the iBGP static routes.

The script works fine, but the maximum delay on the ip sla track command has a maximum of 180 seconds.

Since we're talking BGP, this short delay could wreak havoc if an Internet link is flapping or something.

Here's the track command:

track 1 ip sla 1 reachability

default-state up

delay down 30 up 180

I'm trying to think of a way to make it wait longer than 180 seconds. (900 seconds would be ideal to ensure the issue has been resolved before re-establishing the static routes.

Can anyone think of a way to increase the delay using the EEM commands? The track command is too limited here.

Thanks!

Ven

Ven Taylor

Joe Clarke · ‎09-20-2012

Don't rely on track. Remove the up delay, and have your EEM policy that detects the up condition install a second EEM policy that counts down from 900. If that policy is allowed to hit 0, it will reconfigure the peers. If not, then the "down" policy will remove it. I call this "nesting" EEM policies. Your "up" policy would look something like:

event manager environment q "

!

event manager applet ipsla-up

event track 1 state up

action 1.0 cli command "enable"

action 2.0 cli command "config t"

action 3.0 cli command "event manager applet add-ibgp"

action 3.1 cli command "event timer countdown time 900"

action 3.2 cli command "action 1.0 cli command enable"

action 3.3 cli command "action 2.0 cli command $q config t$q"

action 3.4 cli command "action 3.0 cli command ADD_BGP_PEERS"

action 3.5 cli command "action 4.0 cli command end"

action 4.0 cli command "end"

Then add some code to your "down" applet to remove the "add-ibgp" policy if the link goes down again. Make sense?

View solution in original post

Joe Clarke · ‎09-22-2012

Then this should work.

event manager environment q "

!

event manager applet track-bgp-down authorization bypass

event track 1 state down

action 100 cli command "enable"

action 101 cli command "conf t"

action 105 cli command "no ip route 10.101.16.101 255.255.255.255 163.230.254.69"

action 110 cli command "no ip route 10.101.16.112 255.255.255.255 163.230.254.69"

action 115 cli command "no ip route 163.230.0.0 255.255.0.0 163.230.254.69"

action 120 cli command "no ip route 163.230.250.0 255.255.255.0 163.230.254.69"

action 125 cli command "no ip route 216.54.43.224 255.255.255.224 163.230.254.69"

action 126 cli command "no event manager applet add-ibgp"

action 130 cli command "end"

action 135 syslog priority notifications msg "SCP iBGP static routes deleted due to vlan200 failure"

!

event manager applet track-bgp-up authorization bypass

event track 1 state up

action 100 cli command "enable"

action 105 cli command "conf t"

action 106 cli command "event manager applet add-ibgp"

action 107 cli command "event timer countdown time 900"

action 108 cli command "action 1.0 cli command enable"

action 109 cli command "action 2.0 cli command $q config t$q"

action 110 cli command "action 3.0 cli command $q ip route 10.101.16.101 255.255.255.255 163.230.254.69$q"

action 115 cli command "action 4.0 cli command $q ip route 10.101.16.112 255.255.255.255 163.230.254.69$q"

action 120 cli command "action 5.0 cli command $q ip route 163.230.0.0 255.255.0.0 163.230.254.69$q"

action 125 cli command "action 6.0 cli command $q ip route 163.230.250.0 255.255.255.0 163.230.254.69$q"

action 130 cli command "action 7.0 cli command $q ip route 216.54.43.224 255.255.255.224 163.230.254.69$q"

action 131 cli command "action 8.0 cli command end"

action 135 cli command "end"

action 140 syslog priority notifications msg "SCP iBGP static routes re-added - vlan200 UP"

View solution in original post

Joe Clarke · ‎09-20-2012

Don't rely on track. Remove the up delay, and have your EEM policy that detects the up condition install a second EEM policy that counts down from 900. If that policy is allowed to hit 0, it will reconfigure the peers. If not, then the "down" policy will remove it. I call this "nesting" EEM policies. Your "up" policy would look something like:

event manager environment q "

!

event manager applet ipsla-up

event track 1 state up

action 1.0 cli command "enable"

action 2.0 cli command "config t"

action 3.0 cli command "event manager applet add-ibgp"

action 3.1 cli command "event timer countdown time 900"

action 3.2 cli command "action 1.0 cli command enable"

action 3.3 cli command "action 2.0 cli command $q config t$q"

action 3.4 cli command "action 3.0 cli command ADD_BGP_PEERS"

action 3.5 cli command "action 4.0 cli command end"

action 4.0 cli command "end"

Then add some code to your "down" applet to remove the "add-ibgp" policy if the link goes down again. Make sense?

Ven Taylor · ‎09-21-2012

Joseph:

You know, I really don't get it.

Here's what I've got:

no event manager session cli username "EEM"

no event manager applet track-bgp-down authorization bypass

no event manager applet track-bgp-up authorization bypass

!

event manager session cli username "EEM"

event manager applet track-bgp-down authorization bypass

event track 1 state down

action 100 cli command "enable"

action 101 cli command "conf t"

action 105 cli command "no ip route 10.101.16.101 255.255.255.255 163.230.254.69"

action 110 cli command "no ip route 10.101.16.112 255.255.255.255 163.230.254.69"

action 115 cli command "no ip route 163.230.0.0 255.255.0.0 163.230.254.69"

action 120 cli command "no ip route 163.230.250.0 255.255.255.0 163.230.254.69"

action 125 cli command "no ip route 216.54.43.224 255.255.255.224 163.230.254.69"

action 130 cli command "end"

action 135 syslog priority notifications msg "SCP iBGP static routes deleted due to vlan200 failure"

event manager applet track-bgp-up authorization bypass

event track 1 state up

action 100 cli command "enable"

action 105 cli command "conf t"

action 107 cli command "event timer countdown time 900"

action 110 cli command "ip route 10.101.16.101 255.255.255.255 163.230.254.69"

action 115 cli command "ip route 10.101.16.112 255.255.255.255 163.230.254.69"

action 120 cli command "ip route 163.230.0.0 255.255.0.0 163.230.254.69"

action 125 cli command "ip route 163.230.250.0 255.255.255.0 163.230.254.69"

action 130 cli command "ip route 216.54.43.224 255.255.255.224 163.230.254.69"

action 135 cli command "end"

action 140 syslog priority notifications msg "SCP iBGP static routes re-added - vlan200 UP"

!

The problem is, the countdown time 900 doesn't seem to do anything. I shut down the interface, then turn it back up, then watch the log.

To test, I put in syslog messages before and afte the countdown time and expected to see a 15 minute timestamp difference between them, but I didn't. They were only milliseconds apart. That tells me the countdown didn't happen.

What do you think?

Ven Taylor

Joe Clarke · ‎09-22-2012

Then this should work.

event manager environment q "

!

event manager applet track-bgp-down authorization bypass

event track 1 state down

action 100 cli command "enable"

action 101 cli command "conf t"

action 105 cli command "no ip route 10.101.16.101 255.255.255.255 163.230.254.69"

action 110 cli command "no ip route 10.101.16.112 255.255.255.255 163.230.254.69"

action 115 cli command "no ip route 163.230.0.0 255.255.0.0 163.230.254.69"

action 120 cli command "no ip route 163.230.250.0 255.255.255.0 163.230.254.69"

action 125 cli command "no ip route 216.54.43.224 255.255.255.224 163.230.254.69"

action 126 cli command "no event manager applet add-ibgp"

action 130 cli command "end"

action 135 syslog priority notifications msg "SCP iBGP static routes deleted due to vlan200 failure"

!

event manager applet track-bgp-up authorization bypass

event track 1 state up

action 100 cli command "enable"

action 105 cli command "conf t"

action 106 cli command "event manager applet add-ibgp"

action 107 cli command "event timer countdown time 900"

action 108 cli command "action 1.0 cli command enable"

action 109 cli command "action 2.0 cli command $q config t$q"

action 110 cli command "action 3.0 cli command $q ip route 10.101.16.101 255.255.255.255 163.230.254.69$q"

action 115 cli command "action 4.0 cli command $q ip route 10.101.16.112 255.255.255.255 163.230.254.69$q"

action 120 cli command "action 5.0 cli command $q ip route 163.230.0.0 255.255.0.0 163.230.254.69$q"

action 125 cli command "action 6.0 cli command $q ip route 163.230.250.0 255.255.255.0 163.230.254.69$q"

action 130 cli command "action 7.0 cli command $q ip route 216.54.43.224 255.255.255.224 163.230.254.69$q"

action 131 cli command "action 8.0 cli command end"

action 135 cli command "end"

action 140 syslog priority notifications msg "SCP iBGP static routes re-added - vlan200 UP"

Ven Taylor · ‎09-24-2012

Joseph:

I tried that, but all it did was create the new applet "add-ibgp" but didn't actually run the applet because the routes are still gone.

Should there be something that runs the applet after it's created?

Ven

Ven Taylor

Joe Clarke · ‎09-24-2012

Once created, the add-ibgp applet will run after 900 seconds. Then it will unconfigure itself. This is so you're sure that the network has been stable for 15 minutes. If it goes down again, the "down" applet will unconfigure the add-ibgp applet thus preventing its timer from reaching 0.

Ven Taylor · ‎09-24-2012

That makes sense, but it didn't do anything after the 15-minute wait period.

In fact, it's been a few hours now and the routes are still not back. (lab)

Any thoughts?

Ven

Ven Taylor

Joe Clarke · ‎09-24-2012

Post your full EEM config. I have a feeling something was left out.