Solved: How can EEM act only after x time since last event ?

HummusChipsSalat · ‎10-26-2011

Hi !

i would appriciate any help with this one :

i have an ipsla that pings a host .

if syslog message "%TRACKING-5-STATE: 222 ip sla 333 reachability Up->Down" has happened 2 times in 3 minutes, its putting a null route .

what i would like to know is how can i make it that this Null route would be removed only if its been 30 Minutes since the last syslog message "%TRACKING-5-STATE: 222 ip sla 333 reachability Down->Up" .

track 222 ip sla 223 reachability

ip sla 223

icmp-echo x.x.x.x source-ip y.y.y.y

threshold 500

frequency 5

ip sla schedule 223 life forever start-time now

ip sla reaction-configuration 223 react timeout threshold-type xOfy 2 5 action-type trapOnly

!

event manager applet IPSEC_TUNNEL_2_FAIL

event syslog pattern "%TRACKING-5-STATE: 222 ip sla 223 reachability Up->Down"

trigger occurs 2 period 180

action 1.0 cli command "enable"

action 2.0 cli command "config t"

action 3.0 cli command "ip route 192.168.255.5 255.255.255.255 Null0 name NULL_WHEN_IPSLA223_FAIL"

action 3.1 cli command "exit"

action 4.0 syslog msg "IPSEC_VPN_TUNNEL2 TIMEOUT - MOVING TO IPSEC_TUNNEL1"

i was thinking on using watchdog timer but i understand it counts down from the time of a trigger . thats great , but if the sla is flapping and i get two "Down->Up" - i think it would initiate multiple times the specific eem , no ? if yes - then in case of a continouse flapping ill get into trouble ...

Thank you

Joe Clarke · ‎10-27-2011

I just provided a similar example on CSC. Have a look at https://supportforums.cisco.com/thread/2111403?tstart=30 . In your case, you want to configure a nested applet from your up applet. The down applet will remove the nested applet if the tracked object goes back down. So, in addition to the null route you're adding in your current down applet, you will add another action to remove the nested countdown applet from the config.

If you get a flapping condition, you won't have to worry. The up applet will reconfigure the nested countdown applet, but that applet will not execute until the timer counts down to 0. So the link will have to have stabilized for the full timer time (e.g. 30 minutes) before the null route will be removed.

View solution in original post

Joe Clarke · ‎10-29-2011

Your trigger is a no-op. You're not using it correctly. Instead, change your event line to:

event syslog pattern "%TRACKING-5-STATE: 112 ip sla 102 reachability Up->Down" occurs 2 period 180

That will prevent the down applet from running unless it sees two down syslog messages within a 180 second window. In any event, if the link is flapping, it's okay to keep disabling the timer applet since you do not want that to run unless the link has stabilized for 30 minutes.

View solution in original post

Joe Clarke · ‎10-27-2011

I just provided a similar example on CSC. Have a look at https://supportforums.cisco.com/thread/2111403?tstart=30 . In your case, you want to configure a nested applet from your up applet. The down applet will remove the nested applet if the tracked object goes back down. So, in addition to the null route you're adding in your current down applet, you will add another action to remove the nested countdown applet from the config.

If you get a flapping condition, you won't have to worry. The up applet will reconfigure the nested countdown applet, but that applet will not execute until the timer counts down to 0. So the link will have to have stabilized for the full timer time (e.g. 30 minutes) before the null route will be removed.

HummusChipsSalat · ‎10-29-2011

Hi Josef -

Thank you for your Kind Help ,

i did as you recommended and put the variable in and its working as planned . you can see the config down .

but i see that i have under the eem config:

event manager applet IPSEC_TUNNEL_2_FAIL

"trigger occurs 2 period 180"

this command together with my ipsla would create a situaton where i would have the eem run every 25 seconds in case of a contigeous flapping ... not good : i need somehow to be able to stop the eem also in a case of a Down flapping , not only a Up flapping ... so i would not overload the router with eem ..

track 112 ip sla 102 reachability

ip sla 102

icmp-echo 192.168.255.2 source-ip 192.168.255.1

threshold 500

frequency 5

ip sla schedule 102 life forever start-time now

ip sla reaction-configuration 102 react timeout threshold-type xOfy 2 5 action-type trapOnly

ROUTER#sh logg | i ip route|reachability|MOV

Oct 29 07:38:16.565 EST: %TRACKING-5-STATE: 112 ip sla 102 reachability Up->Down

Oct 29 07:38:21.565 EST: %TRACKING-5-STATE: 112 ip sla 102 reachability Down->Up

Oct 29 07:38:31.565 EST: %TRACKING-5-STATE: 112 ip sla 102 reachability Up->Down

Oct 29 07:38:34.091 EST: %HA_EM-6-LOG: IPSEC_TUNNEL_2_FAIL : DEBUG(cli_lib) : : IN : ROUTER(config)#ip route 192.168.255.5 255.255.255.255 Null0 name NULL_WHEN_IPSLA102_FAIL

Oct 29 07:38:36.565 EST: %TRACKING-5-STATE: 112 ip sla 102 reachability Down->Up

Oct 29 07:38:51.565 EST: %TRACKING-5-STATE: 112 ip sla 102 reachability Up->Down

Oct 29 07:38:56.565 EST: %TRACKING-5-STATE: 112 ip sla 102 reachability Down->Up

Oct 29 07:39:06.564 EST: %TRACKING-5-STATE: 112 ip sla 102 reachability Up->Down

Oct 29 07:39:07.190 EST: %HA_EM-6-LOG: IPSEC_TUNNEL_2_FAIL : DEBUG(cli_lib) : : IN : ROUTER(config)#ip route 192.168.255.5 255.255.255.255 Null0 name NULL_WHEN_IPSLA102_FAIL

event manager environment variable1 "

event manager applet IPSEC_TUNNEL_2_FAIL

description ### IF IPSLA102 IS DOWN 2 TIMES IN ANY 180 SEC, MOVE TO ALTERNATIVE PEER [ISP2] ###

event syslog pattern "%TRACKING-5-STATE: 112 ip sla 102 reachability Up->Down"

trigger occurs 2 period 180

action 1.0 syslog msg "RESET RECOVERY TIMER"

action 2.0 cli command "enable"

action 3.0 cli command "config t"

action 4.0 cli command "no event manager applet IPSEC_TUNNEL_RECOVERY_TIMER"

action 5.0 cli command "ip route 192.168.255.5 255.255.255.255 Null0 name NULL_WHEN_IPSLA102_FAIL"

action 5.1 cli command "exit"

action 6.0 syslog msg "IPSEC_VPN_TUNNEL2 ISP1 TIMEOUT - MOVING TO IPSEC_TUNNEL1 ISP2"

event manager applet IPSEC_TUNNEL_RECOVERY_TIMER

description ### IF IPSLA102 IS UP 1800 SEC, THEN RECOVER THE PEER ###

event timer countdown time 1800

action 1.0 cli command "enable"

action 2.0 cli command "config t"

action 3.0 cli command "no ip route 192.168.255.5 255.255.255.255 Null0 name NULL_WHEN_IPSLA102_FAIL"

action 3.1 cli command "exit"

action 4.0 syslog msg "IPSEC_VPN_TUNNEL2 ISP1 RECOVERED - NOW PRIMARY TUNNEL AGAIN"

event manager applet IPSEC_TUNNEL_2_RECOVERED

description ### IF IPSLA102 IS UP CREATE RECOVERY TIMER FOR EEM:IPSEC_TUNNEL_RECOVERY_TIMER ###

event syslog pattern "%TRACKING-5-STATE: 112 ip sla 102 reachability Down->Up"

action 1.0 cli command "enable"

action 2.0 cli command "config t"

action 3.0 cli command "event manager applet IPSEC_TUNNEL_RECOVERY_TIMER"

action 4.0 cli command "event timer countdown time 1800"

action 5.0 cli command "action 1.0 cli command $variable1 enable$variable1 "

action 6.0 cli command "action 2.0 cli command $variable1 config t$variable1 "

action 7.0 cli command "action 3.0 cli command $variable1 no ip route 192.168.255.5 255.255.255.255 Null0 name NULL_WHEN_IPSLA102_FAIL$variable1"

action 7.1 cli command "action 3.1 cli command $variable1 exit$variable1"

action 8.0 cli command "action 4.0 syslog msg $variable1 IPSEC_VPN_TUNNEL2 ISP1 RECOVERED - NOW PRIMARY TUNNEL AGAIN$variable1"

action 9.0 cli command "exit"

!

end

Joe Clarke · ‎10-29-2011

Your trigger is a no-op. You're not using it correctly. Instead, change your event line to:

event syslog pattern "%TRACKING-5-STATE: 112 ip sla 102 reachability Up->Down" occurs 2 period 180

That will prevent the down applet from running unless it sees two down syslog messages within a 180 second window. In any event, if the link is flapping, it's okay to keep disabling the timer applet since you do not want that to run unless the link has stabilized for 30 minutes.

HummusChipsSalat · ‎10-29-2011

Thank you very much Joseph !