10-05-2015 08:24 AM
Wanting the ability to track when default route goes away, then wait a certain period of time, like 60 seconds, check default once more to make sure it is still gone and if so then proceed with script to remove static routes. Here is what I had so far but its missing the piece to verify the route a second time before proceeding since this is the piece I'm having trouble with. Using null routes for now and manually removing the default to test the script.
event manager applet BGP_Remove_STATICS
event routing network 0.0.0.0/0 type remove
action 2.0 syslog msg "Default Route Missing-Removing Static Routes"
action 2.5 cli command "enable"
action 3.0 cli command "conf term"
action 3.5 syslog msg "BGP STATIC ROUTES REMOVED BY EEM"
action 4.0 cli command "no ip route 10.200.37.0 255.255.255.0 Null0"
action 4.5 cli command "no ip route 10.200.38.0 255.255.255.0 Null0"
action 5.0 cli command "no ip route 10.200.39.0 255.255.255.0 Null0"
action 5.5 cli command "no ip route 10.200.40.0 255.255.255.0 Null0"
action 6.0 cli command "no ip route 10.201.11.0 255.255.255.0 Null0"
action 6.5 cli command "no ip route 10.201.12.0 255.255.255.0 Null0"
action 7.0 cli command "no ip route 10.201.13.0 255.255.255.0 Null0"
action 7.5 cli command "no ip route 10.201.14.0 255.255.255.0 Null0"
action 8.0 cli command "clear ip bgp 10.161.44.195 soft"
10-05-2015 12:23 PM
Create another applet that looks like:
event manager applet BGP_Abort
event routing network 0.0.0.0/0 type add
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "event manager applet BGP_Remove_STATICS_Timer"
action 4.0 cli command "event none"
action 5.0 cli command "end"
Then within your current applet, remove the actions that remove the routes, and then create a third applet called BGP_Remove_STATICS_Timer with a "none" event. This third applet will have all of your route remove actions.
BGP_Remove_STATICS will then looks like:
event manager applet BGP_Remove_STATICS
event routing network 0.0.0.0/0 type remove
action 2.0 syslog msg "Default Route Missing-Removing Static Routes"
action 2.5 cli command "enable"
action 3.0 cli command "conf term"
action 4.0 cli command "event manager applet BGP_Remove_STATICS_Timer"
action 5.0 cli command "event timer countdown time 60"
action 6.0 cli command "end"
The last action in BGP_Remove_STATICS_Timer can reset its event to none, or you can leave it as it is as that is a timer. The downside of the latter is that on reload, the timer will run again.
10-05-2015 01:24 PM
Thanks for the input. Here is what I did based on it:
event manager applet REMOVE_STATICS_Abort
event routing network 0.0.0.0/0 type add
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "event manager applet BGP_Remove_STATICS_Timer"
action 4.0 cli command "event none"
action 5.0 cli command "end"
event manager applet BGP_Remove_STATICS
event routing network 0.0.0.0/0 type remove
action 2.0 syslog msg "Default Route Missing-Removing Static Routes"
action 2.5 cli command "enable"
action 3.0 cli command "conf term"
action 4.0 cli command "event manager applet BGP_Remove_STATICS_Timer"
action 5.0 cli command "event timer countdown time 60"
action 6.0 cli command "end"
event manager applet BGP_Remove_STATICS_Timer
event none
action 2.5 cli command "enable"
action 3.0 cli command "conf term"
action 5.0 cli command "no ip route 10.200.37.0 255.255.255.0 Null0"
action 5.5 cli command "no ip route 10.200.38.0 255.255.255.0 Null0"
action 6.0 cli command "no ip route 10.200.39.0 255.255.255.0 Null0"
action 6.5 cli command "no ip route 10.200.40.0 255.255.255.0 Null0"
action 7.0 cli command "no ip route 10.201.11.0 255.255.255.0 Null0"
action 7.5 cli command "no ip route 10.201.12.0 255.255.255.0 Null0"
action 8.0 cli command "no ip route 10.201.13.0 255.255.255.0 Null0"
action 8.5 cli command "no ip route 10.201.14.0 255.255.255.0 Null0"
action 9.0 cli command "clear ip bgp 10.161.44.195 soft"
Is that what you were thinking....as it does work. The only question I had about your last comment which was ...The last action in BGP_Remove_STATICS_Timer can reset its event to none, or you can leave it as it is as that is a timer. The downside of the latter is that on reload, the timer will run again......Is that on a reload the timer would kick in and could remove the routes etc... depending on how the route reloads. I did see one other command which is ....event manager detector routing bootup-delay xx(seconds) This would delay the EEM until the router boots correct?
Thanks
10-05-2015 01:27 PM
Yes, this is what I had in mind. No, that command won't help you with this problem (though it could help you in general). The problem is that a countdown timer will rearm on reload. So, 60 seconds after reload, all of your routes will be removed unless the "add" event kills it. Not worth the risk in my opinion. Better to add an action to the end of your timer applet to set its ED back to none.
10-05-2015 01:37 PM
not fully sure I understand yet. When you say set the ED back to none. So what you are saying is under the event manager applet BGP_Remove_STATICS_Timer you would put another action that says what?
10-05-2015 01:41 PM
action 9.1 "event manager applet BGP_Remove_STATICS_Timer"
action 9.2 "event none"
action 9.3 "end"
10-19-2015 07:52 AM
Based on the following script I have a couple of other questions:
1) When I run this script the device I see this in the logs:
Oct 6 19:37:04.461: %HA_EM-3-FMPD_CLI_CONNECT: Unable to establish CLI session: 'Embedded Event Manager' detected the 'fatal' condition 'no tty lines available, minimum of 2 required by EEM'............Yet the script runs fine. Is this an issue and if so how do I solve that?
2) The current script as written will monitor for default to go away. Once it goes away a 60 second timer starts. If within that 60 seconds the default comes back then the script and timer will stop and not remove the routes and prefix lists. This will continue cycling this way so the only concern is what happens if you are having a flapping situation. So would there be a way to do the following:
After the default route goes away......wait a defined time interface(such as 60 second.....Check for default route after the 60 second and if it still gone then go ahead and execute the script. If default is back then stop the execution of the script.
Thank you in advance for all the help.
======================
Current Script:
event manager applet REMOVE_STATICS_Abort
event routing network 0.0.0.0/0 type add
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "event manager applet BGP_Remove_STATICS_Timer"
action 4.0 cli command "event none"
action 5.0 cli command "end"
event manager applet BGP_Remove_STATICS
event routing network 0.0.0.0/0 type remove
action 2.0 syslog msg "Default Route Missing-Removing Static Routes"
action 2.5 cli command "enable"
action 3.0 cli command "conf t"
action 4.0 cli command "event manager applet BGP_Remove_STATICS_Timer"
action 5.0 cli command "event timer countdown time 60"
action 6.0 cli command "end"
event manager applet BGP_Remove_STATICS_Timer
event none
action 1.0 cli command "enable"
action 1.5 cli command "conf t"
action 2.0 cli command "no ip route 10.200.37.0 255.255.255.0 63.145.22.189"
action 2.1 cli command "no ip route 10.200.38.0 255.255.255.0 63.145.22.189"
action 2.2 cli command "no ip route 10.200.39.0 255.255.255.0 63.145.22.189"
action 2.3 cli command "no ip route 10.200.40.0 255.255.255.0 63.145.22.189"
action 2.4 cli command "no ip route 10.201.11.0 255.255.255.0 63.145.22.189"
action 2.5 cli command "no ip route 10.201.12.0 255.255.255.0 63.145.22.189"
action 2.6 cli command "no ip route 10.201.13.0 255.255.255.0 63.145.22.189"
action 2.7 cli command "no ip route 10.201.14.0 255.255.255.0 63.145.22.189"
action 2.8 cli command "no ip prefix-list BGPANNOUNCE seq 5 permit 10.161.44.192/29"
action 2.9 cli command "no ip prefix-list BGPANNOUNCE seq 10 permit 204.194.130.55/32"
action 3.0 cli command "no ip prefix-list BGPANNOUNCE seq 15 permit 204.194.125.41/32"
action 3.1 cli command "no ip prefix-list BGPANNOUNCE seq 25 permit 204.194.129.131/32"
action 4.0 cli command "clear ip bgp 10.161.44.193 soft"
action 4.1 cli command "clear ip bgp 10.161.44.195 soft"
action 4.2 cli command "clear ip bgp 63.145.22.189 soft"
action 5.0 cli command "event manager applet BGP_Remove_STATICS_Timer"
action 5.1 cli command "event none"
action 5.2 cli command "end"
10-19-2015 05:25 PM
1. EEM requires at least two open VTY lines in order to execute CLI commands. One line will be used by EEM itself, and the other will be left free for human use. This is so EEM doesn't use the last available line. If you're getting this error, then you have most lines occupied already.
2. What you describe is how my applets work. The applet that detects the remove doesn't do anything except install a timer to make sure the default route is still gone after 60 seconds. If so, then the other routes are removed. If the default is back, the timer is stopped, and nothing happens.
10-19-2015 07:37 PM
Joe, On your point number 2 I swear I've tested it a couple of times and as long as i bring default route back within the 60 seconds the routes and prefix lists are not removed. I'll test it again tomorrow and let you know.
Thanks for all you help.
10-19-2015 08:05 PM
Correct, they will NOT be removed. This prevents the flapping one would get if the default route is continuously being added and removed. I thought this is what you wanted and what you described in your previous post.
10-26-2015 12:34 PM
In production my script did not run as we are using AAA authentication. Could you help answer these questions?
1) When AAA is accessible you have to enter in a username and password to go into config mode. In this case I would assume I could add the entry
event manager session cli username "xxxxxxx" Where xxxxxxx is the username. Question here is what do you do for the password entry and is my first assumption/command correct?
2) In the event that AAA is down....which would be the case in what I am trying to setup.......how do you allow the script to run?
3) Is there a way to accommodate both if AAA is up or down in the same scripts?
10-26-2015 12:42 PM
1. All CLI commands go through command authz if configured. Therefore, you either need to configure "event manager session cli username USER" where USER is a user authorized to run all CLI commands in your policies, or you need to register each policy with the "auth bypass" keywords to prevent AAA authz.
EEM does not do authn. It assumes that because the policy was configured, it is authenticated. Only authz is done, so you only need a username.
2. Make sure your "aaa authorization" config has an appropriate fallback (e.g., enable).
3. That all depends on your AAA config. Of course, if you use "auth bypass" on your EEM policies AAA is moot.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: