Solved: Re: EEM to disable/enable dummy loopback on NHRP connection/disconnection

Nadav · ‎05-02-2018

Hi everyone,

I have a few ASR-1001x's with some up to date software.

I'm interested in being able to monitor using my NMS whether or not a DMVPN tunnel is up or down. The topology is hub and spoke so I'm able to monitor NHRP connections on the hub to know whether or not the DMVPN is up or not between any spoke (named S1001...S1004) and the hub (named H1).

I imagine that the script will run H1. I would appreciate it if someone could help me with a script that does the following:

1) If a DMVPN goes up between H1 and S%d (%d=1001,1002,1003 or 1004)

1.1) Make Loopback%d go up with "no shutdown"

2) If a DMVPN goes down between H1 and S%d (%d=1001,1002,1003 or 1004)

2.1) Make Loopback%d go down with "shutdown"

On the NMS side I'll be making a logical connection between each remote spoke router's DMVPN tunnel and these dummy loopbacks on H1. Once the relevant Loopback goes down on H1, it will drop the logical connection within the NMS so that the technican on call will know that the DMVPN is down.

When the Loopback goes back up, the logical connection will be back up.

Any ideas how this can be accomplished?

Thanks for your time!

Joe Clarke · ‎05-11-2018

Something like this will do then:

event manager applet spoke-down

event syslog pattern "DMVPN-5-NHRP_NHC_DOWN"

action 1.0 regexp "Next Hop Client : .Tunnel: [0-9]+\.[0-9]+\.[0-9]+\.([0-9]+)" "$_syslog_msg" match spoke

action 2.0 cli command "enable"

action 3.0 cli command "config t"

action 4.0 cli command "int lo$spoke"

action 5.0 cli command "shut"

action 6.0 cli command "end"

And up:

event manager applet spoke-up

event syslog pattern "DMVPN-5-NHRP_NHC_UP"

action 1.0 regexp "Next Hop Client : .Tunnel: [0-9]+\.[0-9]+\.[0-9]+\.([0-9]+)" "$_syslog_msg" match spoke

action 2.0 cli command "enable"

action 3.0 cli command "config t"

action 4.0 cli command "int lo$spoke"

action 5.0 cli command "no shut"

action 6.0 cli command "end"

View solution in original post

Joe Clarke · ‎05-02-2018

What trigger would you use to detect the DMVPN spoke coming up or going down? Is there a syslog message that is generated that has the requisite data?

Nadav · ‎05-02-2018

Could this be relevant?

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dmvpn/configuration/15-mt/sec-conn-dmvpn-15-mt-book/sec-conn-dmvpn-nhrp-event-publisher.html

Joe Clarke · ‎05-02-2018

I do know that the DMVPN team added an event detector for NHRP a while ago. I have not personally experimented with it. But perhaps this would work for you. What isn't clear to me is what parameters are passed to the ED.

I was thinking there might be a syslog message that you can use that will have the spoke's name, which can be extracted.

Nadav · ‎05-02-2018

As far as I'm aware there are syslog messages, I'll look over the exact ones later this week.

Let's assume that if NHRP peer is disconnected then the syslog string is "DISCONNECTED" and connected is "ESTABLISHED".

Any chance you can help me with the EEM script?

Joe Clarke · ‎05-03-2018

The status is only part of what you need. You need the identifier for the spoke. Without that key piece of data, you will not be able to automate this solution. So guessing what's in the syslog isn't going to work. If there's a syslog message, you need to provide the exact message. If there is another event, you need to provide those details.

Nadav · ‎05-03-2018

Alright, I'll check this on Sunday.
Thanks :)

Nadav · ‎05-10-2018

Hi Joe,

Sorry for the delay.
I found that you have to add the following command explicitly to enable syslog messages for DMVPN: logging dmvpn

=====================

For this setup I have a Hub (H1) and Spoke (S1).
H1's NBMA address is 1.1.1.1/30. H1's tunnel address is 3.3.3.1/24.
S1's NBMA address is 2.2.2.1/30. H2's tunnel address is 3.3.3.2/24.

The following are the syslog events received on H1:

When DMVPN goes up:

%DMVPN-5-NHRP_NHC_UP: Tunnel10: Next Hop Client : (Tunnel: 3.3.3.2 NBMA: 2.2.2.1) for (Tunnel: 3.3.3.1 NBMA: 1.1.1.1) is UP

When DMVPN goes down:

%DMVPN-5-NHRP_NHC_DOWN: Tunnel10: Next Hop Client : (Tunnel: 3.3.3.2 NBMA: 2.2.2.1) for (Tunnel: 3.3.3.1 NBMA: 1.1.1.1) is DOWN, Reason: Expiry(NHRP: no error)

==========================================

Thanks again!

Joe Clarke · ‎05-10-2018

So what is the %d you need from these syslog messages?

Nadav · ‎05-10-2018

Hi,

The last octet of the spoke's tunnel IP address. So for 3.3.3.2 the %d would be 2.

Joe Clarke · ‎05-11-2018

Something like this will do then:

event manager applet spoke-down

event syslog pattern "DMVPN-5-NHRP_NHC_DOWN"

action 1.0 regexp "Next Hop Client : .Tunnel: [0-9]+\.[0-9]+\.[0-9]+\.([0-9]+)" "$_syslog_msg" match spoke

action 2.0 cli command "enable"

action 3.0 cli command "config t"

action 4.0 cli command "int lo$spoke"

action 5.0 cli command "shut"

action 6.0 cli command "end"

And up:

event manager applet spoke-up

event syslog pattern "DMVPN-5-NHRP_NHC_UP"

action 1.0 regexp "Next Hop Client : .Tunnel: [0-9]+\.[0-9]+\.[0-9]+\.([0-9]+)" "$_syslog_msg" match spoke

action 2.0 cli command "enable"

action 3.0 cli command "config t"

action 4.0 cli command "int lo$spoke"

action 5.0 cli command "no shut"

action 6.0 cli command "end"

Nadav · ‎05-11-2018

Thanks!

I'll check it out in a few days and update you if it's a working solution
for DMVPN monitoring.

Nadav · ‎05-28-2018

Hi there,

Sorry about the delay. The solution works very well!

Thanks for your help.