RE: EEM to keep BGP peer shut during an interface flap

Hello,

We have used EEM with IPSLA to change the route map used for a bgp peer. I'm sure you could do something similar and just shut down the peer.

ip sla 10
 icmp-echo 1.1.1.1 source-interface InterfaceXX
 request-data-size 64
 timeout 300
 threshold 250
 tag blah-SITEXX-PL-SMALL
 frequency 1
ip sla schedule 10 life forever start-time now
!
ip sla 20
 icmp-echo 1.1.1.1 source-interface InterfaceXX
 request-data-size 500
 timeout 300
 threshold 250
 tag blah-SITEXX-PL-MEDIUM
 frequency 1
ip sla schedule 20 life forever start-time now
!
ip sla 30
 icmp-echo 1.1.1.1 source-interface InterfaceXX
 request-data-size 1000
 timeout 300
 threshold 250
 tag something
 frequency 3
ip sla schedule 30 life forever start-time now
!
!
!
event manager directory user policy "flash:/"
event manager session cli username "XXXXX"
event manager applet 11
 event timer watchdog time 20
 action 1 cli command "enable"
 action 2 cli command "conf t"
 action 3 cli command "ip sla restart 10"
event manager applet 21
 event timer watchdog time 20
 action 1 cli command "enable"
 action 2 cli command "conf t"
 action 3 cli command "ip sla restart 20"
event manager applet 31
 event timer watchdog time 30
 action 1 cli command "enable"
 action 2 cli command "conf t"
 action 3 cli command "ip sla restart 30"
event manager applet 10
 event snmp oid "1.3.6.1.4.1.9.9.42.1.3.2.1.2.10" get-type next entry-op ge entry-val "4" poll-interval 1
 action 10 cli command "enable"
 action 11 cli command "conf t"
 action 12 cli command "router bgp 65494"
 action 13 cli command "neighbor 1.1.1.1 route-map receive-from-SITEXX--maint in"
 action 14 cli command " neighbor 1.1.1.1 route-map announce-to-SITEXX--maint out"
 action 15 cli command " do cle ip b * so in"
 action 16 cli command "do cle ip b * sou out"
 action 20 mail server "mail.XXXXX.com" to "corp-net-monitor_at_XXXXX.com" from "corp-net-monitor_at_XXXXX.com" cc "corp-net-primary_at_XXXXX.com" subject "page from

EEM" body "High packet loss (>20% 64B Packet) XXXX-rtr-xxx, traffic moved from router!"
 action 21 syslog msg "Syslog_By_EEM: Warning!! More than 4 packets lost within the last 20 packets, EEM will shift the traffic two another data path! "
event manager applet 20
 event snmp oid "1.3.6.1.4.1.9.9.42.1.3.2.1.2.20" get-type next entry-op ge entry-val "4" poll-interval 1
 action 10 cli command "enable"
 action 11 cli command "conf t"
 action 12 cli command "router bgp 65494"
 action 13 cli command "neighbor 1.1.1.1 route-map receive-from-SITEXX--maint in"
 action 14 cli command " neighbor 1.1.1.1 route-map announce-to-SITEXX--maint out"
 action 15 cli command " do cle ip b * so in"
 action 16 cli command "do cle ip b * sou out"
 action 20 mail server "mail.XXXXX.com" to "something_at_XXXXX.com" from "corp-net-monitor_at_XXXXX.com" cc "corp-net-primary_at_XXXXX.com" subject "page from

EEM" body "High packet loss (>20% 500B Packet) on XXXX-rtr-xxx, traffic moved from router!"
 action 21 syslog msg "Syslog_By_EEM: Warning!! More than 4 packets lost within the last 20 packets, EEM will shift the traffic two another data path! "
event manager applet 30
 event snmp oid "1.3.6.1.4.1.9.9.42.1.3.2.1.2.30" get-type next entry-op ge entry-val "4" poll-interval 1
 action 10 cli command "enable"
 action 11 cli command "conf t"
 action 12 cli command "router bgp 65494"
 action 13 cli command "neighbor 1.1.1.1 route-map receive-from-SITEXX--maint in"
 action 14 cli command " neighbor 1.1.1.1 route-map announce-to-SITEXX--maint out"
 action 15 cli command " do cle ip b * so in"
 action 16 cli command "do cle ip b * sou out"
 action 20 mail server "mail.XXXXX.com" to "corp-net-monitor_at_XXXXX.com" from "corp-net-monitor_at_XXXXX.com" cc "corp-net-primary_at_XXXXX.com" subject "page from

EEM" body "High packet loss (>20% 1K Packet) on XXXX-rtr-xxx, traffic moved away router!"
 action 21 syslog msg "Syslog_By_EEM: Warning!! More than 4 packets lost within the last 20 packets, EEM will shift the traffic two another data path! "
event manager policy monitor.tcl

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Mathew
Sent: Tuesday, August 13, 2013 4:52 AM
To: Cisco certification
Subject: EEM to keep BGP peer shut during an interface flap

Hi,

I tested two EEM applet configs:

- One check for syslog for an interface down and CLI to shut down BGP peer.
- Second one to no shut the BGP peer when syslog entry is seen with interface up.

In fact the interface that I want check is NOT being used for this BGP peering so there is no way to do it with BGP configuration.

The above two EEM configs works but the issue is that when this interface start to flap, EEM keep shutting and no-shutting BGP peer. I want to avoid this as it results in BGP flap.

Has any body tried an EEM solution to keep the BGP peer shut during an interface flap?

I do not mind keeping the BGP shut till interface flapping is over but how do we do/detect it with EEM?

Thanks in advance for your replies.

Mathew

--
Thanks
Mathew
Blogs and organic groups at http://www.ccie.net