Use of EEM Scripting for Special Hot Backup Solutions

In this blog I would like to share some information about some special Hot backup solutions that we are forced to deal with due to customer requirements.

EEM.jpg

In the above figure, we have a customer that’s connected to the ISP through 2 Links, the Main link is a Pre-WiMax connection that’s carrying customer’s Internet and VPN traffic and configuration on the PE router is as below.

PE#show run int Fast1/0.100
Building configuration…
Current configuration : 184 bytes
!
interface FastEthernet1/0.100
description “Main Internet Link Pre-WiMax”
encapsulation dot1Q 100
ip address 190.200.200.1 255.255.255.0 secondary
ip address 172.16.1.1 255.255.255.252
end

PE#show run int Fast1/0.200
Building configuration…

Current configuration : 156 bytes
!
interface FastEthernet1/0.200
description “Main VPN Link Pre-WiMax”
encapsulation dot1Q 200
ip vrf forwarding VPN-A
ip address 172.17.1.1 255.255.255.252
end

And the Backup link is a standard local loop link through DSLAM with below configuration.

PE#show run int Fast0/0.300
Building configuration…

Current configuration : 156 bytes
!
interface FastEthernet0/0.300
description “Backup Internet Link LL”
encapsulation dot1Q 300
ip address 172.16.2.1 255.255.255.252
end

PE#show run | i ip route
ip route 190.200.200.0 255.255.255.0 172.16.2.2 250

The main problem in this solution is that when Main Pre-WiMax connection goes down, PE router can’t detect that and though backup link can’t be operational. Also IP SLA here would be useless as customer LAN is advertised as a directly connected network as PE’s sub interface has the customer’s LAN as a secondary IP address ” which is a customer request ”

Our solution here is to use EEM scripting to shut down main sub interface of the internet when Pre-WiMax connection goes down

1)    To achieve this first we need to find something to track the WiMAX Operational status and we’ll use IP SLA on VPN connection at our PE to do so.

PE#show run | s track|ip sla
track 1 ip sla 1 reachability
delay down 30
ip sla 1
icmp-echo 172.17.1.2 source-ip 172.17.1.1
timeout 4000
threshold 2000
vrf VPN-A
frequency 10
ip sla schedule 1 life forever start-time now

2)   Then we need to enable EEM to create a script in which everytime track goes down, the Internet subinterface is shutdown and when the track goes up, the interface is unshut.

event manager session cli username “ipsla”

event manager applet VPN_Down
event track 1 state down
action 1.0 cli command “enable”
action 2.0 cli command “configure terminal”
action 3.0 cli command “interface FastEthernet1/0.100”
action 4.0 cli command “shutdown”
action 5.0 syslog priority notifications msg “Main Connection down”

event manager applet VPN_Up
event track 1 state up
action 1.0 cli command “enable”
action 2.0 cli command “configure terminal”
action 3.0 cli command “interface FastEthernet1/0.100”
action 4.0 cli command “no shutdown”
action 5.0 syslog priority notifications msg “Main Connection up”

 Verifying our Script

When Pre-WiMax connection is down, track will be down

PE#show track
Track 1
IP SLA 1 reachability
  Reachability is Down
2 changes, last change 00:01:15
Delay down 30 secs
Latest operation return code: Timeout
Tracked by:
    EEM applet VPN_Up
    EEM applet VPN_Down

and EEM will trigger configuration as follow

*Mar 11 09:40:27.651: Track: 1 Down change delay expired
*Mar 11 09:40:27.651: Track: 1 Change #2 ip sla 1, reachability Up->Down
*Mar 11 09:40:27.651: %TRACKING-5-STATE: 1 ip sla 1 reachability Up->Down
*Mar 11 09:40:27.687: %HA_EM-6-LOG: VPN_Down : DEBUG(cli_lib) : : CTL : cli_open called.
*Mar 11 09:40:27.695: %HA_EM-6-LOG: VPN_Down : DEBUG(cli_lib) : : OUT : PE>
*Mar 11 09:40:27.695: %HA_EM-6-LOG: VPN_Down : DEBUG(cli_lib) : : IN  : PE>enable
*Mar 11 09:40:27.711: %HA_EM-6-LOG: VPN_Down : DEBUG(cli_lib) : : OUT : PE#
*Mar 11 09:40:27.715: %HA_EM-6-LOG: VPN_Down : DEBUG(cli_lib) : : IN  : PE#configure terminal
*Mar 11 09:40:27.735: %HA_EM-6-LOG: VPN_Down : DEBUG(cli_lib) : : OUT : Enter configuration commands, one per line.  End with CNTL/Z.
*Mar 11 09:40:27.735: %HA_EM-6-LOG: VPN_Down : DEBUG(cli_lib) : : OUT : PE(config)#
*Mar 11 09:40:27.739: %HA_EM-6-LOG: VPN_Down : DEBUG(cli_lib) : : IN  : PE(config)#interface FastEthernet1/0.100
*Mar 11 09:40:27.859: %HA_EM-6-LOG: VPN_Down : DEBUG(cli_lib) : : IN  : PE(config-subif)#shutdown
*Mar 11 09:40:27.899: %HA_EM-5-LOG: VPN_Down: Main Connection down
*Mar 11 09:40:27.903: %HA_EM-6-LOG: VPN_Down : DEBUG(cli_lib) : : CTL : cli_close called.

Now the floating static route is used and Main sub-interface is shut down

PE#show run int Fast1/0.100
Building configuration…

Current configuration : 194 bytes
!
interface FastEthernet1/0.100
description “Main Internet Link Pre-WiMax”
encapsulation dot1Q 100
ip address 190.200.200.1 255.255.255.0 secondary
ip address 172.16.1.1 255.255.255.252
shutdown
end

PE#show ip route 190.200.200.2
Routing entry for 190.200.200.0/24
Known via “static“, distance 250, metric 0
Routing Descriptor Blocks:
* 172.16.2.2
Route metric is 0, traffic share count is 1

PE#ping 190.200.200.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 190.200.200.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/34/64 ms

When Pre-WiMax comes back up the reverse operation is performed

*Mar 11 09:47:42.659: Track: 1 Change #3 ip sla 1, reachability Down->Up
*Mar 11 09:47:42.659: %TRACKING-5-STATE: 1 ip sla 1 reachability Down->Up
*Mar 11 09:47:42.707: %HA_EM-6-LOG: VPN_Up : DEBUG(cli_lib) : : CTL : cli_open called.
*Mar 11 09:47:42.715: %HA_EM-6-LOG: VPN_Up : DEBUG(cli_lib) : : OUT : PE>
*Mar 11 09:47:42.715: %HA_EM-6-LOG: VPN_Up : DEBUG(cli_lib) : : IN  : PE>enable
*Mar 11 09:47:42.731: %HA_EM-6-LOG: VPN_Up : DEBUG(cli_lib) : : OUT : PE#
*Mar 11 09:47:42.735: %HA_EM-6-LOG: VPN_Up : DEBUG(cli_lib) : : IN  : PE#configure terminal
*Mar 11 09:47:42.747: %HA_EM-6-LOG: VPN_Up : DEBUG(cli_lib) : : OUT : Enter configuration commands, one per line.  End with CNTL/Z.
*Mar 11 09:47:42.747: %HA_EM-6-LOG: VPN_Up : DEBUG(cli_lib) : : OUT : PE(config)#
*Mar 11 09:47:42.747: %HA_EM-6-LOG: VPN_Up : DEBUG(cli_lib) : : IN  : PE(config)#interface FastEthernet1/0.100
*Mar 11 09:47:42.767: %HA_EM-6-LOG: VPN_Up : DEBUG(cli_lib) : : OUT : PE(config-subif)#
*Mar 11 09:47:42.7
PE#67: %HA_EM-6-LOG: VPN_Up : DEBUG(cli_lib) : : IN  : PE(config-subif)#no shutdown
*Mar 11 09:47:42.887: %HA_EM-6-LOG: VPN_Up : DEBUG(cli_lib) : : OUT : PE(config-subif)#
*Mar 11 09:47:42.887: %HA_EM-5-LOG: VPN_Up: Main Connection up
*Mar 11 09:47:42.891: %HA_EM-6-LOG: VPN_Up : DEBUG(cli_lib) : : CTL : cli_close called.
*Mar 11 09:47:42.911: %SYS-5-CONFIG_I: Configured from console by vty0
PE#

PE#show ip route 190.200.200.2
Routing entry for 190.200.200.0/24
Known via “connected“, distance 0, metric 0 (connected, via interface)
Routing Descriptor Blocks:
* directly connected, via FastEthernet1/0.100
Route metric is 0, traffic share count is 1

 

Wish this was informative for you and thank you for viewing.

 

Advertisements

Posted on January 25, 2016, in Cisco and tagged , , . Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: