EEM Script for shutdown interface for Packet Drop

network_geek · ‎01-14-2020

Hi All,

I wish to implement EEM Tracking and IP SLA on my IOS XR router. Can anyone please guide me?

The scenario is as follows:

I want to ping the remote link(same network) continuously and if there are a certain number of ICMP packets dropped then I would want to shut the interface.
Thanks in advance.

Georg Pauwen · ‎01-14-2020

Hello,

below is a very basic IP SLA that triggers an EEM script in case of failure and success:

track 1 ip sla 1 reachability
!
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.252
duplex auto
speed auto
media-type rj45
!
ip sla 1
icmp-echo 192.168.1.2 source-ip 192.168.1.1
threshold 500
timeout 1000
frequency 2
!
ip sla schedule 1 life forever start-time now
!
event manager applet SHUT_IF
event track 1 state down
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "interface GigabitEthernet0/1"
action 4.0 cli command "shut"
action 5.0 cli command "end"
!
event manager applet UNSHUT_IF
event track 1 state up
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "interface GigabitEthernet0/1"
action 4.0 cli command "no shut"
action 5.0 cli command "end"

network_geek · ‎01-14-2020

Hi George,

Thank you for your reply. If I am correct, the script you have pasted is for IOS-XE. I am looking specifically for IOS-XR. Could you help me with that? Thanks in advance.

Georg Pauwen · ‎01-15-2020

Hello,

I thought it would work on XE...I'll check that. XR doesn't support ICMP jitter, so you can only use ICMP echo...

network_geek · ‎01-15-2020

Hi,

I can make do with echo only. But any help would be appreciated. I would post exactly my problem later and then we'll see if we can find another way around.

Georg Pauwen · ‎01-15-2020

Hello,

the syntax seems to be different in XR. Below is the IP SLA. There is no applet manager apparently, so this has to be done from within a policy. I am currently looking into this...will get back with you (unless somebody else beats me to it of course...:).

ip sla operation 1
type icmp echo
destination address 192.168.1.2
frequency 2
!
ip sla schedule operation 1
life forever
start-time now
commit

Jaderson Pessoa · ‎01-15-2020

@network_geek Hello,

ip sla 10
icmp-echo 192.168.1.1 source-ip 192.168.1.2
threshold 1000
frequency 5
ip sla schedule 10 life forever start-time now

event manager applet ISP1
event track 10 state down
action 0.5 syslog msg "remote address 192.168.112.1 stopped responding. Shutting down gi0/1"
action 1.0 cli command "enable"
action 2.0 cli command "configure terminal"
action 3.0 cli command "interface gi 0/1"
action 4.0 cli command "shutdown"
action 5.0 cli command "end"
action 6.0 syslog msg "gigabitethernet0/1 is now disabled. It will be re-enabled manually after an expert review."

Jaderson Pessoa
*** Rate All Helpful Responses ***

Georg Pauwen · ‎01-15-2020

How is that script different from the one already posted ?

lucasfreitas83 · ‎01-15-2020

Hello,

If not possible monitor event down in tracking or IP SLA, try monitor event logs of router system.

EX:

event manager applet Monitor_DOWN
event syslog occurs 1 pattern "TRACKING-5-STATE: 10 rtr 10 reachability Up->Down"
action 1.0 syslog msg "Track DOWN"

event manager applet Monitor_UP
event syslog occurs 1 pattern "TRACKING-5-STATE: 10 rtr 10 reachability Down->Up"
action 1.0 syslog msg "Track DOWN"

Other commands equal examples in other posts.

Test and verify correct log on system - show logging and put after 1 pattern " LOGS"

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future.

Best regards,
Lucas Freitas

network_geek · ‎01-17-2020

Hi All,

Just a quick insight into the scenario. I have a router that connects to the switch and through layer 2 I traverse it through multiple switches and at last reaching the other end. The script shared for down might not help me because the link physically stays up and the link in between the switches goes down, hence my initial idea of using ICMP to trigger the script.

I hope now the situation is much more clear and you would be able to provide me with a better solution.

Thanks in advance.

@lucasfreitas83 wrote:
Hello,

If not possible monitor event down in tracking or IP SLA, try monitor event logs of router system.

EX:

event manager applet Monitor_DOWN
event syslog occurs 1 pattern "TRACKING-5-STATE: 10 rtr 10 reachability Up->Down"
action 1.0 syslog msg "Track DOWN"

event manager applet Monitor_UP
event syslog occurs 1 pattern "TRACKING-5-STATE: 10 rtr 10 reachability Down->Up"
action 1.0 syslog msg "Track DOWN"

Other commands equal examples in other posts.

Test and verify correct log on system - show logging and put after 1 pattern " LOGS"

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future.

Best regards,
Lucas Freitas

lucasfreitas83 · ‎01-17-2020

Hello,

You need uses IPS SLA with ping, the difference of other solutions is a monitor event log in router.

Configure IP SLA as the above examples.

ip sla 10
icmp-echo 192.168.1.1 source-ip 192.168.1.2
threshold 1000
frequency 5
ip sla schedule 10 life forever start-time now

event manager applet ISP1
event track 10 state down (change this line per line bellow).

event syslog occurs 1 pattern "TRACKING-5-STATE: 10 rtr 10 reachability Up->Down"
action 0.5 syslog msg "remote address 192.168.112.1 stopped responding. Shutting down gi0/1"
action 1.0 cli command "enable"
action 2.0 cli command "configure terminal"
action 3.0 cli command "interface gi 0/1"
action 4.0 cli command "shutdown"
action 5.0 cli command "end"
action 6.0 syslog msg "gigabitethernet0/1 is now disabled. It will be re-enabled manually after an expert review.

When the router can't ping another side, he puts a log in the system log.

This log probably "TRACKING-5-STATE: 10 rtr 10 reachability Up->Down"

But, verify correct log in router - show log and change string in " "

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future.

Best regards,
Lucas Freitas

Georg Pauwen · ‎01-17-2020

Hello,

I have come up with two TCL scripts (attached as zipped files), you need to unzip these and copy them to your flash or disk0 directory (check which one your router uses):

Your IP SLA would look like this:

track 1
type rtr 1 reachability
!
ip sla operation 1
type icmp echo
destination address 192.168.1.2
frequency 2
!
ip sla schedule operation 1
life forever
start-time now
commit

You need to configure the below parameters (again, check if your router uses flash0 or disk0 and change that parameter accordingly):

event manager environment _syslog_pattern .*(track 1 state Track_Down)
event manager directory user policy flash0:
event manager policy LINK_DOWN.tcl username eem persist-time 3600
!
event manager environment _syslog_pattern .*(track 1 state Track_Up)
event manager directory user policy flash0:
event manager policy LINK_UP.tcl username eem persist-time 3600

These are the scripts:

Script 1 LINK_DOWN.tcl

::cisco::eem::event_register_syslog pattern {.*track 1 state Track_Down.*} maxrun 80

namespace import ::cisco::eem::*
namespace import ::cisco::lib::*

array set arr_einfo [event_reqinfo]

if [catch {cli_open} result] {
error $result $errorInfo
} else {
array set cli1 $result
}

if [catch {cli_exec $cli1(fd) "enable"} _cli_result] {
error $_cli_result $errorInfo
}

if [catch {cli_exec $cli1(fd) "conf t"} _cli_result] {
error $_cli_result $errorInfo
}

if [catch {cli_exec $cli1(fd) "int Gi0/1"} _cli_result] {
error $_cli_result $errorInfo
}

if [catch {cli_exec $cli1(fd) "shut"} _cli_result] {
error $_cli_result $errorInfo
}

if [catch {cli_exec $cli1(fd) "commit"} _cli_result] {
error $_cli_result $errorInfo
}

if [catch {cli_exec $cli1(fd) "end"} _cli_result] {
error $_cli_result $errorInfo
}

# Close open cli before exit.
catch {cli_close $cli1(fd) $cli1(tty_id)} result

----------

Script 2 LINK_UP.tcl

::cisco::eem::event_register_syslog pattern {.*track 1 state Track_Up.*} maxrun 80

namespace import ::cisco::eem::*
namespace import ::cisco::lib::*

array set arr_einfo [event_reqinfo]

if [catch {cli_open} result] {
error $result $errorInfo
} else {
array set cli1 $result
}

if [catch {cli_exec $cli1(fd) "enable"} _cli_result] {
error $_cli_result $errorInfo
}

if [catch {cli_exec $cli1(fd) "conf t"} _cli_result] {
error $_cli_result $errorInfo
}

if [catch {cli_exec $cli1(fd) "int Gi0/1"} _cli_result] {
error $_cli_result $errorInfo
}

if [catch {cli_exec $cli1(fd) "no shut"} _cli_result] {
error $_cli_result $errorInfo
}

if [catch {cli_exec $cli1(fd) "commit"} _cli_result] {
error $_cli_result $errorInfo
}

if [catch {cli_exec $cli1(fd) "end"} _cli_result] {
error $_cli_result $errorInfo
}

# Close open cli before exit.
catch {cli_close $cli1(fd) $cli1(tty_id)} result