Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Multipoint Failover Testing Events

Unanswered Question
Jul 17th, 2013
User Badges:

Background:  Our remoted location has two VPN tunnels ( public IP=.z1, z2) and if internal routes cannot route to either the 891 will kick on the V.92 modem, dial into a ISP and get a unknow public IP address.  Using a standard sla to monitor z1 and z2 with frequency of 10 sec works to ensure the internal routes fails back correctly when it restores, however brief ISP outages < 10 secs will not trigger the sla, yet the route can failover depending on what the remote clients are doing at the time. So we want to monitor two items before we make a decision to clear cry session and force routes back to their primary endpoint..

Two ways to skin the cat:

a) Use sla 1 on the private network and sla 2&3 on the public endpoints in nested if statements to make decsion on action needed

b) Use sla 1 and compare routes to known IP's (.z1&.z2)  and set Varible Route = ?, next inspect varible value to use in third if statement to determine action.

I gave up on option a) and the below code is for option b)

My only issue left is comparing my Varible named "Route" is not working..

event manager applet CheckPrivateRoute_z1

event track 1 state any

action 1.2 set Route "none"

action 2.1 syslog msg "PrivateRoute took hit, Checking Route"

action 2.2 cli command "sh ip route | inc 10.xx"

action 2.3 regexp "(.*) (ww\.xx\.yy\.z1) (.*)" "$_cli_result" _match _sub1 _sub2

action 2.4 if $_regexp_result eq 0

action 2.42 set Route "unknow"

action 2.43 else

action 2.44 set Route "Ok"

action 2.45 syslog msg "PrivateRoute took hit, still on z1"

action 2.46 end

action 2.5 regexp "(.*) (ww\.xx\.yy\.z2) (.*)" "$_cli_result"

action 2.62 if $_regexp_result eq 0

action 2.63 set Route "unknow"

action 2.64 syslog msg "PrivateRoute Route Unknown"

action 2.65 else

action 2.66 set Route "Ok"

action 2.67 syslog msg "PrivateRoute Failed to z2"

action 2.68 end

action 3 if Route eq "unknow"

action 3.2 cli command "ping 10.xx.yy.z source gi0/0.2"

action 3.3 regexp "(*) (Success) (*)" "$_cli_result"

action 3.4 if $_regexp_result eq 1

action 3.42 syslog msg "PrivateRoute Must have failed to DialBackup"

action 3.43 else

action 3.44 syslog msg "PrivateRoute Down, Refreshing Routes"

action 3.45 cli command "clear crypto sess remote ww.xx.yy.z1"

action 3.46 cli command "clear crypto sess remote ww.xx.yy.z2"

action 3.47 syslog msg "Routes Rebuilding"

action 3.48 end

action 3.5 end

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Joe Clarke Wed, 07/17/2013 - 09:09
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

The most fundamental problems I see are that action 3 needs to be:

action 3 if $Route eq "unknow"

And you need to add:

action 1.1 cli command "enable"

GSCiscoSP Wed, 07/17/2013 - 11:28
User Badges:

I'm using tacacs and have the command

event manager session cli username "xyz"

which throw in in en mode already.

Changed action 3, got...

019359: Jul 17 13:23:29: %TRACKING-5-STATE: 3 ip sla 2 reachability Up->Down

019360: Jul 17 13:23:29.474 summer: %HA_EM-6-LOG: CheckGV1Pvt: GV1pvt took hit, Checking Route

019361: Jul 17 13:23:29.490 summer: %HA_EM-6-LOG: CheckGV1Pvt: Gv1Pvt Route Unknown

019362: Jul 17 13:23:29: %HA_EM-6-FMPD_REGCOMP: Error compiling regular expression: *** unknown regexp error code ***

019363: Jul 17 13:23:29: %HA_EM-3-FMPD_ERROR: Error executing applet CheckGV1Pvt statement 3.3

GSCiscoSP Wed, 07/17/2013 - 12:43
User Badges:

I was missing the .'s in line action 3.3 and changed to

action 3.3 regexp "(.*Success.*) " "$_cli_result"

seems to be working better now....

GSCiscoSP Thu, 07/18/2013 - 07:09
User Badges:

Although this technically works, the results cause conflicts with the other event manager applets, so I need a example of an applet as senerio a) with nested if statements checking multiple ip sla states, before determing which action to take.

Joe Clarke Thu, 07/18/2013 - 07:55
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

I'm not clear on exactly what you're looking for.  If you're looking to get track states for other objects, you can use the "track read" action to pull in those states.  But you clearly have some notion of the code flow in your head that I don't see.

GSCiscoSP Thu, 07/18/2013 - 10:36
User Badges:

how do I read from multiple tracks and set them to different variable?

action 1.0 set VaribleA track read 1

action 2.0 set VaribleB track read 2

is not working..

Joe Clarke Thu, 07/18/2013 - 12:29
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

You need to do it this way:

track read 1

set t1 $_track_state

track read 2

set t2 $_track_state

GSCiscoSP Wed, 07/24/2013 - 09:08
User Badges:

I found you can also use "cli command "sh ip sla statistics 10 | inc code" which gives you the same value.  Unfortunately however when I get to line 3.3 to reuse the regexp after a different cli command, I'm getting a blank line just showing the command prompt.....

Is there a way to clear "regexp" and "$_cli_result" value(s) so they can be used again within the same applet ?

Joe Clarke Wed, 07/24/2013 - 09:24
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

The value of _cli_result will always reflect the last CLI command executed.  If you need to cache this, use set to store the value in an intermediate vairable:

set clires $_cli_result

The same works for _regexp_result.

GSCiscoSP Wed, 07/24/2013 - 10:05
User Badges:

If that is case than 3.2 is not being executed, which does working directly at cli.....  Is there syntax for using the return char with a cli command ?

action 3.1 cli command " return? "

GSCiscoSP Wed, 07/24/2013 - 11:06
User Badges:

needing a return is not the issue, debug shows the following when trying line 3.2

cli_history_entry_add: free_hist_list size=0, hist_list size=7

eem_no_scan flag set, skipping scan of command_string=check_eem_cli_policy_handler

Joe Clarke Wed, 07/24/2013 - 20:42
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

There's nothing wrong with this.  But if "debug event manager action cli" is enabled, then you should see the actual command being written to the VTY.

GSCiscoSP Thu, 07/25/2013 - 06:53
User Badges:

So I played with the command and "sh ip route" shows correctly in debug, however "sh ip route | inc xyz" does not. 

Which is really odd because "sh ip sla statistics 10 | inc code" works just fine.

So it's just related to "| inc" and sh ip route command.

I even reserved my xyz to be my static public IP vs the private and still don't work.

So I have event that only fires when my private network sla comes up and I can't verify which route it's taking...

Joe Clarke Thu, 07/25/2013 - 11:29
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

What is the exact command you're using that is not executing?


This Discussion