cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4728
Views
0
Helpful
23
Replies

TCL script to monitor BGP Neighbor or 0.0.0.0 to call EEM event

alesyshyn
Level 1
Level 1

We were trying to use EEM 2.2 to monitor 4 BGP neighbors and if they all went down to remove eigrp from the configuration. Apparently this type of monitor is not available using EEM so it was suggested that TCL would be able to do this. Currently this would be for a 7200VXR running 12.4.24T1 but may need to be able to be ported to the ASR 1000 series if this makes any difference. Any assistance with this would be greatly appreciated.

Regards,

-Adam

23 Replies 23

Joe Clarke
Cisco Employee
Cisco Employee

First, IOS 12.4(24)T has EEM 3.0, so you have a lot more flexibility here. However, if you will need the same policy to run on IOS-XE, that limits things as the best you will have there is EEM 2.3.

When the BGP neighbors go down, what syslog messages do you get? It would be much easier to trigger off of these then having EEM periodically run show commands. Additionally, what needs to happen when one of them comes back up? that is, assuming all are down, when do you recover from the loss of EIGRP (or will that be a manual recovery)?

When the BGP neighbor goes down the following is seen in the log:

%BGP-5-ADJCHANGE: neighbor x.x.x.x Down Neighbor deleted

Oct 21 16:27:26.706: %BGP-5-ADJCHANGE: neighbor x.x.x.x Up

ideal when one of the neighbors come back up would be when EEM would be trigger the reconfiguration of EIGRP.

Thank you very much for your response.

Let me know if there is any other information that I can provide.

Regards,

-A

I think this policy should do what you want. It requires three environment variables to be set before you can register it, though:

bgp_watch_neighbors : Comma-separated list of BGP neighbors to watch (as they appear in the syslog messages)

bgp_watch_eigrp_as : AS number of the EIGRP processes to unconfigure.

bgp_watch_eigrp_cfg : EIGRP configuration which will be reconfigured when one of the BGP neighbors comes back up (each line must be separated by commas).

For example:

event manager environment bgp_watch_neighbors 10.1.1.1,192.168.1.1,172.16.1.1

event manager environment bgp_watch_eigrp_as 29

event manager environment bgp_watch_eigrp_cfg router eigrp 29,network 20.0.0.0,auto-summary

Thank you very much. It sounds like this will do what we need however, I have registered the script and we am getting the errors shown on the attached file. I have provided the sh event policy registered, appropriate config and log errors.

Any further assistance you can offer with this would be greatly appreciated.

-Adam

sh event manager policy registered

No. Class Type Event Type Trap Time Registered Name

1 script user syslog Off Tue Oct 27 13:57:51 2009 sl_bgp_neighbor_watch.tcl

pattern {BGP-5-ADJCHANGE: neighbor.*(Down|Up)}

nice 0 queue-priority normal maxrun 20.000 scheduler rp_primary

event manager environment bgp_watch_eigrp_as 10

event manager environment bgp_watch_eigrp_cfg router eigrp 10,network x.x.x.x,no autosummary,distribution list 10 in,distribution list 10 out

event manager environment bgp_watch_neighbors x.x.x.x,x.x.x.x,x.x.x.x,x.x.x.x

event manager directory user policy "disk2:/"

event manager policy sl_bgp_neighbor_watch.tcl type user

The log was not attached.

sorry deleted error file by mistake.

Sorry, I had a typo. Try this version.

Unfortunately still seeing still getting error messages.

Thank you very much for you quick response.

You didn't re-register the policy. Simply copying into the policy directory is not enough. You have to do:

no event manager policy sl_bgp_neighbor_watch.tcl

event manager policy sl_bgp_neighbor_watch.tcl

Still seeing errors after registering. Log attached with commands.

Thanks!

You must have copied the old script. Check line 96 of your script. It should say:

array set arr_einfo [event_reqinfo]

You are absolutely correct about the old script being copied up. I copied the new one up and however it looks like we now get a new error.

Thanks for your patience in this matter.

There appears to be some strange truncation going on in this log output. However, I think this version should do what you want.

We are unfortunately still see an issue. I am attaching the complete log file as well as a more of the file on flash for you to confirm that I have put up the right one (try not to make the same mistake twice, if possible). Also I am making sure to register the policy after each revision.

Sorry that I have to keep coming back to you on this, but your assistance has been greatly appreciated.

Review Cisco Networking for a $25 gift card