Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Multipoint Failover Testing Events

Background:  Our remoted location has two VPN tunnels ( public IP=.z1, z2) and if internal routes cannot route to either the 891 will kick on the V.92 modem, dial into a ISP and get a unknow public IP address.  Using a standard sla to monitor z1 and z2 with frequency of 10 sec works to ensure the internal routes fails back correctly when it restores, however brief ISP outages < 10 secs will not trigger the sla, yet the route can failover depending on what the remote clients are doing at the time. So we want to monitor two items before we make a decision to clear cry session and force routes back to their primary endpoint..

Two ways to skin the cat:

a) Use sla 1 on the private network and sla 2&3 on the public endpoints in nested if statements to make decsion on action needed

b) Use sla 1 and compare routes to known IP's (.z1&.z2)  and set Varible Route = ?, next inspect varible value to use in third if statement to determine action.

I gave up on option a) and the below code is for option b)

My only issue left is comparing my Varible named "Route" is not working..

event manager applet CheckPrivateRoute_z1

event track 1 state any

action 1.2 set Route "none"

action 2.1 syslog msg "PrivateRoute took hit, Checking Route"

action 2.2 cli command "sh ip route | inc 10.xx"

action 2.3 regexp "(.*) (ww\.xx\.yy\.z1) (.*)" "$_cli_result" _match _sub1 _sub2

action 2.4 if $_regexp_result eq 0

action 2.42 set Route "unknow"

action 2.43 else

action 2.44 set Route "Ok"

action 2.45 syslog msg "PrivateRoute took hit, still on z1"

action 2.46 end

action 2.5 regexp "(.*) (ww\.xx\.yy\.z2) (.*)" "$_cli_result"

action 2.62 if $_regexp_result eq 0

action 2.63 set Route "unknow"

action 2.64 syslog msg "PrivateRoute Route Unknown"

action 2.65 else

action 2.66 set Route "Ok"

action 2.67 syslog msg "PrivateRoute Failed to z2"

action 2.68 end

action 3 if Route eq "unknow"

action 3.2 cli command "ping 10.xx.yy.z source gi0/0.2"

action 3.3 regexp "(*) (Success) (*)" "$_cli_result"

action 3.4 if $_regexp_result eq 1

action 3.42 syslog msg "PrivateRoute Must have failed to DialBackup"

action 3.43 else

action 3.44 syslog msg "PrivateRoute Down, Refreshing Routes"

action 3.45 cli command "clear crypto sess remote ww.xx.yy.z1"

action 3.46 cli command "clear crypto sess remote ww.xx.yy.z2"

action 3.47 syslog msg "Routes Rebuilding"

action 3.48 end

action 3.5 end

14 REPLIES
Cisco Employee

Multipoint Failover Testing Events

The most fundamental problems I see are that action 3 needs to be:

action 3 if $Route eq "unknow"

And you need to add:

action 1.1 cli command "enable"

New Member

Multipoint Failover Testing Events

I'm using tacacs and have the command

event manager session cli username "xyz"

which throw in in en mode already.

Changed action 3, got...

019359: Jul 17 13:23:29: %TRACKING-5-STATE: 3 ip sla 2 reachability Up->Down

019360: Jul 17 13:23:29.474 summer: %HA_EM-6-LOG: CheckGV1Pvt: GV1pvt took hit, Checking Route

019361: Jul 17 13:23:29.490 summer: %HA_EM-6-LOG: CheckGV1Pvt: Gv1Pvt Route Unknown

019362: Jul 17 13:23:29: %HA_EM-6-FMPD_REGCOMP: Error compiling regular expression: *** unknown regexp error code ***

019363: Jul 17 13:23:29: %HA_EM-3-FMPD_ERROR: Error executing applet CheckGV1Pvt statement 3.3

New Member

Multipoint Failover Testing Events

I was missing the .'s in line action 3.3 and changed to

action 3.3 regexp "(.*Success.*) " "$_cli_result"

seems to be working better now....

New Member

Multipoint Failover Testing Events

Although this technically works, the results cause conflicts with the other event manager applets, so I need a example of an applet as senerio a) with nested if statements checking multiple ip sla states, before determing which action to take.

Cisco Employee

Multipoint Failover Testing Events

I'm not clear on exactly what you're looking for.  If you're looking to get track states for other objects, you can use the "track read" action to pull in those states.  But you clearly have some notion of the code flow in your head that I don't see.

New Member

Multipoint Failover Testing Events

how do I read from multiple tracks and set them to different variable?

action 1.0 set VaribleA track read 1

action 2.0 set VaribleB track read 2

is not working..

Cisco Employee

Multipoint Failover Testing Events

You need to do it this way:

track read 1

set t1 $_track_state

track read 2

set t2 $_track_state

New Member

Multipoint Failover Testing Events

I found you can also use "cli command "sh ip sla statistics 10 | inc code" which gives you the same value.  Unfortunately however when I get to line 3.3 to reuse the regexp after a different cli command, I'm getting a blank line just showing the command prompt.....

Is there a way to clear "regexp" and "$_cli_result" value(s) so they can be used again within the same applet ?

Cisco Employee

Multipoint Failover Testing Events

The value of _cli_result will always reflect the last CLI command executed.  If you need to cache this, use set to store the value in an intermediate vairable:

set clires $_cli_result

The same works for _regexp_result.

New Member

Multipoint Failover Testing Events

If that is case than 3.2 is not being executed, which does working directly at cli.....  Is there syntax for using the return char with a cli command ?

action 3.1 cli command " return? "

New Member

Multipoint Failover Testing Events

needing a return is not the issue, debug shows the following when trying line 3.2

cli_history_entry_add: free_hist_list size=0, hist_list size=7

eem_no_scan flag set, skipping scan of command_string=check_eem_cli_policy_handler

Cisco Employee

Multipoint Failover Testing Events

There's nothing wrong with this.  But if "debug event manager action cli" is enabled, then you should see the actual command being written to the VTY.

New Member

Multipoint Failover Testing Events

So I played with the command and "sh ip route" shows correctly in debug, however "sh ip route | inc xyz" does not. 

Which is really odd because "sh ip sla statistics 10 | inc code" works just fine.

So it's just related to "| inc" and sh ip route command.

I even reserved my xyz to be my static public IP vs the private and still don't work.

So I have event that only fires when my private network sla comes up and I can't verify which route it's taking...

Cisco Employee

Multipoint Failover Testing Events

What is the exact command you're using that is not executing?

623
Views
0
Helpful
14
Replies
CreatePlease to create content