cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1324
Views
5
Helpful
7
Replies

Time based Qos

netops044
Level 1
Level 1

Hello,

Trying to config time based policing for a customer, seems like there is no time-based ACL support in XR.

So trying through EEM. Below is the config,

 

event manager environment cron_entry 0 10-18 * * *
event manager directory user policy harddisk:
aaa authorization eventmanager default local

=======================================================================
::cisco::eem::event_register_timer cron tacl cron_entry "0 10-18 * * *"


namespace import ::cisco::eem::*
namespace import ::cisco::lib::*
if {[catch {cli_open} result]} {
    action_syslog priority info msg "CLI Open Failed: $result"
    exit
}
set t_acl "class-map test match access-group T_ACL
police 512000 !"

array set cli1 $result
action_syslog priority info msg "Starting ACl script"
cli_exec $cli1(fd) "conf t
                    interface gi0/0/1/1
                                    service-policy input $t_acl
                    commit"
action_syslog priority info msg "ACl ScriptEnd  "
if {[catch {cli_close $cli1(fd) $cli1(tty_id)} result]} {
    action_syslog priority info msg $result
}
=========================================================================

 

When we activate the policy the config is failing,

event manager policy tacl.tcl username cisco persist-time 3600 type user

 

Error:

!!% Embedded Event Manager configuration: failed to retrieve intermediate registration result for policy tacl.tcl

 

Is there any config issue in here?

 

Thanks in advance...

7 Replies 7

xthuijs
Cisco Employee
Cisco Employee

I dont think this script will work in terms of the cli actions it sends.

you probably want to apply a service policy to the interface regardless and based on time

like this:

policy-map WHATEVER

class LOWQOS

police rate percent X

class default

police rate percent Y

 

Then in these LOWQOS class definition define the ACL that needs to match this class,

eg permit ip any any to match any traffic in that class, vs the other time when you do a very specific permit say udp source port 1 or so (which never happens) so that all traffic matches the default on that ACL change of the class-map

when the script invokes change the class-map acl definition.

eyeballing the event trigger, I think I see a typo there I think.

look at the eem doc on the support forums to get some samples and ways to set it up.

cheers

xander

Hi Xander,

Thanks for pointing out the changes required.

The below is the configured script,

 

::cisco::eem::event_register_timer cron name tacl cron_entry "0 10-18 * * *"
 
 
namespace import ::cisco::eem::*
namespace import ::cisco::lib::*
if {[catch {cli_open} result]} {
    action_syslog priority info msg "CLI Open Failed: $result"
    exit
}
 
array set cli1 $result
action_syslog priority info msg "Starting ACl script"
cli_exec $cli1(fd) "conf t
                    interface gi0/0/1/1
   service-policy output tacl
                    commit"
action_syslog priority info msg "ACl ScriptEnd  "
if {[catch {cli_close $cli1(fd) $cli1(tty_id)} result]} {
    action_syslog priority info msg $result
}
 
Definition  of policy-map and class-map and ACL  inside it is done statically.
 
Now, the issue is from 10am to 6 pm every 1hr it updates the command in the interface.
And the requirement is everyday from 10 to 6 i need this policy-map and after that i need another policy-map to be configured(increasing or decreasing the police rate).
 
What is exact way of configuring it. 
 
Warm Regards.

you could either remove the policy and apply a new one

or you can edit the existing policy to reflect the rate you want.

 

in the first case you need to do a :

no serivce policy <whatever what was there>

commit

service policy <new one>

or in the second example you could

policy-map tacl

class <class>

police rate <desired rate>

 

xander

Hi Xander,

I would go with first option but is that the removal of the policy-map can be made using the same script or needs another separate script?

Can you please explain the timing parameters in the below command:

::cisco::eem::event_register_timer cron name tacl cron_entry "0 10-18 * * *"

 

 

Warm Regards

you could try to apply the solution explained in:

https://supportforums.cisco.com/document/12564786/bng-scripted-timed-based-acls-alternative-coa

"0 10-18 * * *" means every hour from 10:00 to 18:00.

/Aleksandar

Hi Alexander,

can u pls explain all 5 timing parameters in detail?

 

Warm Regards

if you google "cron entry" you'll get plenty of hits. Wikipedia has a nice entry on that. In our (Cisco) EEM/Tcl implementation we are not altering the standard cron implementation.

hth,

Aleksandar