Track the presence of a mroute and generate alert if it's not there?

Answered Question
May 22nd, 2009

Hi, is there a way to track the presence of a mroute and generate alert if it's not in the mroute table? Thanks.

I have this problem too.
0 votes
Correct Answer by Joe Clarke about 7 years 6 months ago

These traps are sent using the CISCO-EMBEDDED-EVENT-MGR-MIB. That MIB can be found at ftp://ftp.cisco.com/pub/mibs/v2/ .

Correct Answer by Joe Clarke about 7 years 6 months ago

Here is a policy which should do what you want. Before registering it, you will need to define two EEM environment variables, mroute_route and mroute_schedule. For example, to run the policy every Monday through Friday at 0700 local time, and check for the mroute 10.0.0.1 239.1.1.225, configure:

event manager environment mroute_schedule 0 7 * * 1-5

event manager environment mroute_route 10.0.0.1 2239.1.1.225

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Joe Clarke Fri, 05/22/2009 - 07:17

You could do this with the Embedded Event Manager. What version of IOS are you running?

nethgwrts Fri, 05/22/2009 - 07:28

12.2(33)SRD1

event ?

application Application specific event

cli CLI event

config Configuration policy event

counter Counter event

env Environmental event

gold GOLD event

interface Interface event

ioswdsysmon IOS WDSysMon event

none Manually run policy event

oir OIR event

resource Resource event

rf Redundancy Facility event

snmp SNMP event

syslog Syslog event

timer Timer event

track Tracking object event

I can only find command to track unicast route...

Thanks!

Joe Clarke Fri, 05/22/2009 - 10:13

There is no specific ED for this, but you could use the timer or syslog EDs to accomplish what you want. Since you're asking for some kind of event, it sounds like syslog is out of the question. So a timer is probably the way to go.

The idea is you run a show command periodically, and parse it to determine if there was a route change. If there is, then a syslog, trap, or email is sent from the EEM policy. This would require a Tcl policy given your version of IOS. This guide should help get you started:

http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_policy_tcl_ps6441_TSD_Products_Configuration_Guide_Chapter.html

I can also provide help if you need it.

nethgwrts Fri, 05/22/2009 - 11:14

That sounds great. I want to track the following mroute 7:00am Mon-Friday:

sh ip mroute 10.0.0.1 239.1.1.225

(10.0.0.1, 239.1.1.225), 10:42:02/00:03:27, flags: MT

Incoming interface: VlanXXXX, RPF nbr X.X.X.X, RPF-MFD

Outgoing interface list:

VlanXXXX, Forward/Sparse, 10:42:02/00:03:10, H

If the upstream firewall hits the multicast bug, the result will be:

(*, 239.1.1.225), 1w2d/00:02:59, RP X.X.X.X, flags: S

Incoming interface: Null, RPF nbr 0.0.0.0

Outgoing interface list:

VlanXXXX, Forward/Sparse, 1w1d/00:02:59

Could you provide some help on the config of TCL with EEM since I am not familiar with it? Like a sample config showing how to track the key words from the reult of show ip mroute using tcl and eem. Thanks a lot.

Joe Clarke Fri, 05/22/2009 - 11:16

What will the output of the command be if the route doesn't exist? What in this good output do you want to trigger on to know the route is installed and functional?

nethgwrts Fri, 05/22/2009 - 11:28

I believe a good way is to check "sh ip mroute 10.0.0.1 239.1.1.225" If it shows 'Incoming Interface: Null' or "not found", a snmp trap should be generated reporting a problem. Otherwise, it should be good.

Output when the mrouter doesn't exist:

(*, 239.1.1.225), 1w2d/00:02:59, RP X.X.X.X, flags: S

"Incoming interface: Null", RPF nbr 0.0.0.0

Or "Group 239.1.1.225 not found"

Correct Answer
Joe Clarke Fri, 05/22/2009 - 20:19

Here is a policy which should do what you want. Before registering it, you will need to define two EEM environment variables, mroute_route and mroute_schedule. For example, to run the policy every Monday through Friday at 0700 local time, and check for the mroute 10.0.0.1 239.1.1.225, configure:

event manager environment mroute_schedule 0 7 * * 1-5

event manager environment mroute_route 10.0.0.1 2239.1.1.225

nethgwrts Tue, 05/26/2009 - 07:22

Thanks Joe! I am going to put the following commands into the routers.

event manager environment mroute_schedule 0 7 * * 1-5

event manager environment mroute_route x.x.x.x x.x.x.x

event manager policy tm_mroute_watch.tcl type user

Do I need to put the script into tmpsys:eem_policy?

Joe Clarke Tue, 05/26/2009 - 09:07

No. The script will need to go into your locally configured EEM policy directory. I typically create a directory on flash called policies to hold my EEM Tcl policies. Then I configure:

event manager directory user policy flash:/policies

This must be done before registering the EEM policy.

nethgwrts Thu, 05/28/2009 - 07:03

Hi, the script works fine. I could see snmp trap generated and sent to CiscoWorks. But it didn't show up in the DFM monitoring console. There were some link updown entries. But not the trap the router sent. It's DFM 1.2. How to make DFM pick up the trap? Thanks again!

Joe Clarke Thu, 05/28/2009 - 08:27

DFM will not pick up the trap. DFM only handles a few set traps, and this is not one of them. FYI, DFM 1.2 is obsolete, and no longer supported. You should upgrade to LMS 2.6 or higher (DFM 2.0 or higher). That said, there is no version of DFM that can understand these traps. The most DFM can do with them is forward them to another trap manager.

nethgwrts Thu, 05/28/2009 - 09:48

We can send the trap to another snmp trap server or forward the trap from DFM to anotehr trap server. What MIB does this trap use? And where can I find the MIB file? Thanks!

nethgwrts Thu, 05/28/2009 - 09:48

We can send the trap to another snmp trap server or forward the trap from DFM to anotehr trap server. What MIB does this trap use? And where can I find the MIB file? Thanks!

Actions

This Discussion