09-30-2013 10:08 PM
Hi
Total n00b on EEM here. Background - we have an inline transparent L2 firewall sitting between our Nexus core switch and our UCS. If the physical interfaces on one of the firewalls go down, our UCS virtual hosts can detect that and will automatically fail over to their other NIC and network connectivity is restored. However if theres a software or process problem on the firewall we can lose connectivity to half of the UCS because all the links are physically staying up but the server traffic is getting blackholed.
If the L2 firewall stops passing traffic we will lose the CDP neighbor entry for the UCS on the N5K. If that happens I want to shut down the port channel interface that connects the Nexus to the firewall, triggering the virtual hosts to fail over to their second NIC.
Basically
1) Check for presence of CDP neighbor on e1/17
2) If there is an entry there do nothing
3) If there is no entry there then issue the following cli commands "conf t, interface port-channel 17, shutdown"
I would like the switch to execute the script once per minute all day every day.
NEXUS-SW1# sh cdp ne int e1/17
Capability Codes: R - Router, T - Trans-Bridge, B - Source-Route-Bridge
S - Switch, H - Host, I - IGMP, r - Repeater,
V - VoIP-Phone, D - Remotely-Managed-Device,
s - Supports-STP-Dispute
Device-ID Local Intrfce Hldtme Capability Platform Port ID
UCS-FABRIC-A(SSI171402MC)
Eth1/17 173 S I s UCS-FI-6248UP Eth1/17
NEXUS-SW1#
Could anyone give me a hand on a script to do this please? Looks like there is EEM neighbor discovery stuff in IOS but not NX-OS on the 5K, so I think this script will have to use the CLI to detect failure. Thanks
Solved! Go to Solution.
10-02-2013 09:33 AM
At least for now, it likely would be. NX-OS 7.0 is going to provided tested support for executing scheduled scripts, which would give you more control over the conditions and the actions.
10-01-2013 12:39 PM
I do not think the N5K supports EEM at all yet. Even if it did, there is no neighbor-discovery or timer event detector yet to be able to do what you want. In fact, given that the port doesn't go down, I can't think of any event that will work for you. I suppose you could use the scheduler to run a Tcl script, but that is not officially supported, and I'm not sure if Tcl exists on the N5K yet, either.
10-01-2013 04:00 PM
I'm running the latest 6.0(2)N2(1) NX-OS on the 5548 with the Layer 3 daughtercard and LAN Enterprise Services license. There is some EEM stuff in the CLI but it appears basic compared to what is in IOS.
NEXUS-SW1(config-applet)# event ?
cli Create a cli event specification
counter Create a counter event
fanabsent Create fanabsent event specification
fanbad Create fanbad event specification
oir Create Online-Insertion-Removal event specification
policy-default Use the event in the system policy being overridden
snmp Create a 'snmp' event specification.
storm-control Create a storm control event specification
syslog Create a syslog event specification
sysmgr System manager related events
temperature Create temperature event specification
track Create a 'track' event specification
NEXUXS-SW1(config-applet)# event cli ?
match Enter cli regex to be used for matching
tag Event tag identifier
I was hoping I could use the "event cli match" or something like that to detect the loss of the cdp neighbor. And then shut down the interface if it is not there.
10-01-2013 04:26 PM
Ah, good. This is consistent with 6.0(2) for N3K. I still don't see how you're going to use the CLI ED for this. This ED will match on commands being run, not on command output. The scheduler feature would allow you to schedule something like a Tcl or Python script, but neither would be officially supported.
10-01-2013 11:40 PM
Ok thanks, dont want to waste any time on it if its not going to work. If it doesnt look at cli output then I would probably need the neighbor discovery cdp stuff thats not available in NX-OS.
Looks like UDLD feature will be available in the next version of UCS manager, hopefully we can use that to detect a firewall failure instead of trying to keep track of the CDP neighbor through the firewall with an EEM script. Would probably be a much better way to do it anyway.
10-02-2013 09:33 AM
At least for now, it likely would be. NX-OS 7.0 is going to provided tested support for executing scheduled scripts, which would give you more control over the conditions and the actions.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide