cisco embedded event manager (eem): technical deep dive (ios advantage webinar)
DESCRIPTION
Embedded Event Manager (EEM) provides on-board event management and automation within Cisco IOS. Cisco EEM is supported on more than thirty Cisco IOS and IOS-XE based platforms. Using the latest features of EEM, network engineers have the tools and capabilities to reduce operational costs, simplify management tasks and configuration, and maximize ROI.TRANSCRIPT
© 2012 Cisco and/or its affiliates. All rights reserved. 1
Cisco IOS Advantage Webinars Network Automation Techniques Using Embedded Event Manager (EEM)
David Lin, Joe Clarke, Davra Networks
We’ll get started a few minutes past the top of the hour.
Note: you may not hear any audio until we get started.
© 2010 Cisco and/or its affiliates. All rights reserved. 2
Speakers
David Lin
Product Manager
Davra Networks
Paul Glynn, CEO
Joe Clarke
Distinguished Support Engineer
Panelists
Jason Pfeifer
Technical Leader
© 2010 Cisco and/or its affiliates. All rights reserved. 3
• Submit questions in Q&A panel and send to “All Panelists”
Avoid CHAT window for better access to panelists
• For Webex audio, select COMMUNICATE > Join Audio Broadcast
• For Webex call back, click ALLOW Phone button at the bottom of Participants side panel
• Where can I get the presentation?
https://communities.cisco.com/docs/DOC-28743
Or send email to: [email protected]
• Please fill in Survey at end of event
• Join us on May 2 for our next IOS Advantage Webinar:
Securing the Access Layer
© 2010 Cisco and/or its affiliates. All rights reserved. 4
• Real World Network Automation Techniques
• Recent Use Cases - a TAC Perspective
• What’s New in EEM 4.0
• Q&A
© 2010 Cisco and/or its affiliates. All rights reserved. 5
Use Case 1: Every few weeks a router is running low on memory around 2am, and I want to find out what’s happening
• Solution: EEM script could be triggered based on the memory utilization, capture the memory information and send the output with Syslog or Email
Use Case 2: If my ACL configuration gets changed, I want to get notified, but I can’t sit there monitor it all the time
• Solution: EEM script could be triggered by CLI command, take a snapshot of the logged in user, changed configuration, and send an email to you
Use Case 3: I want to save energy, but I can’t go around turn off everyone’s IP phone everyday
• Solution: Timer ED can be used to trigger the execution of an EEM script to turn off your IP phone at 7pm everyday and turn it back on 7am the next day
© 2010 Cisco and/or its affiliates. All rights reserved. 6
© 2010 Cisco and/or its affiliates. All rights reserved. 7
© 2010 Cisco and/or its affiliates. All rights reserved. 8
• Creating custom SNMP OIDs for polling
• Running CLI commands periodically
• Remote command invocation
• Bypassing AAA authorization
• Monitoring configuration changes
© 2010 Cisco and/or its affiliates. All rights reserved. 9
• Requirement: EEM needs to provide a way to poll results of the policies rather than simply send updates via syslog, trap, etc.
• Solution: Use the Cisco EASy package to create custom MIB objects based on the output within a CLI command.
• EXPRESSION-MIB plus the Embedded Event Manager provide a way to gather data only available via Command Line Interface (CLI), even if there is no MIB support currently available
© 2010 Cisco and/or its affiliates. All rights reserved. 10
1
• Is a certain value from a show command supported in a specific MIB?
SNMP
Manager SNMP
Agent
2 EXPRESSION-
MIB/RFC2982
support
CustomMIB EEM
policy
3
Polling request on our
“Custom-MIB” [MIB
Value - expExpression]
4
5
© 2010 Cisco and/or its affiliates. All rights reserved. 11
• EASy package is available at http://tools.cisco.com/squish/b35c5
• Modified version available at https://supportforums.cisco.com/docs/DOC-19587
Supports multiple show commands
Customizable expression names
• Custom solutions can be discussed at http://www.cisco.com/go/ciscobeyond
© 2010 Cisco and/or its affiliates. All rights reserved. 12
1. Run a CLI command periodically
2. Extract a value from the output
3. Check value
4. Perform actions based on results
5. Profit!!!
© 2010 Cisco and/or its affiliates. All rights reserved. 13
event manager applet periodic-cmd
event timer watchdog time 60
action 001 handle-error type ignore
action 002 context retrieve key PCMDCTX variable pauses
action 003 if $_error ne FH_EOK
action 004 set pauses 0
action 005 end
action 006 handle-error type exit
action 007 cli command "enable"
action 008 cli command "show interface FastEthernet0/0 | inc pause input"
action 009 regexp "([0-9]+) input pause" $_cli_result match rxpauses
action 010 if $rxpauses gt $pauses
action 011 subtract $rxpauses $pauses
action 012 action_syslog msg "Interface FastEthernet0/0 has seen $_result
input pauses in the past 60 seconds"
action 013 end
action 014 set pauses $rxpauses
action 015 context save key PCMDCTX variable pauses
Our command to run
periodically
© 2010 Cisco and/or its affiliates. All rights reserved. 14
::cisco::eem::event_register_timer watchdog time 60
namespace import ::cisco::eem::*
namespace import ::cisco::lib::*
array set arr_einfo [event_reqinfo]
if {[catch {
if {[catch {set pauses [context_retrieve PCMDCTX pauses]} errmsg]} {
puts "context_retrieve failed: "
}
if {$_error != FH_EOK} {
set pauses 0
}
} _catch_result]} {
# Errors have been ignored.
}
…
Easiest thing to do is go to http://www.marcuscom.com/convert_applet
and convert the applet to Tcl.
© 2010 Cisco and/or its affiliates. All rights reserved. 15
• Automate commands on another (maybe non-IOS) device using EEM from a remote device
• EEM can automate connections across multiple protocols
Telnet
Reverse telnet
Session
Remote console
Remote commands
SSH (15.1(4)T and 15.2(2)T and higher)
• EASy package exists to help with this
EASY Command Shell
Download from http://tools.cisco.com/squish/b35c5
© 2010 Cisco and/or its affiliates. All rights reserved. 16
array set cli [cli_open]
cli_exec $cli(fd) "enable"
cli_write $cli(fd) "send tty 11\r"
cli_read_pattern $cli(fd) "Enter message"
cli_write $cli(fd) "show version\r"
cli_read_pattern $cli(fd) "Send message”
set output [cli_exec $cli(fd) "\r”]
puts "Version is $output"
cli_close $cli(fd) $cli(tty_id)
Run “show version”
on remote device’s
console
Cisco IOS Software, C2900 (c2900-IPVOICE_IVS-M),
Version 15.2(2)T, DEVELOPMENT TEST SOFTWARE
Technical Support:
http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Fri 18-Nov-11 17:09 by prod_rel_team
© 2010 Cisco and/or its affiliates. All rights reserved. 17
• By default, all CLI interactions go through AAA command authorization (if configured)
• This can cause performance issues
• EEM 3.1 introduced the ability to bypass AAA authorization on a per-policy basis
Tcl:
::cisco::eem::event_register_syslog pattern “SYS-5-CONFIG_I”
authorization bypass
Applet:
event syslog pattern “SYS-5-CONFIG_I” authorization bypass
© 2010 Cisco and/or its affiliates. All rights reserved. 18
• Allow EEM to use VTY 0 all the time for CLI sessions (transport input none)
• VTY 0 will not do any command authorization
• CAVEAT: Only one EEM policy needing CLI can run at a time
• More details at http://tools.cisco.com/squish/943C1
aaa authentication login EEMScript none
aaa authentication login default group tacacs+ local
aaa authorization exec EEMScript none
!
aaa authorization command 0 EEMScript none
aaa authorization commands 1 EEMScript none
aaa authorization commands 15 EEMScript none
!
line vty 0
login authentication EEMScript
authorization exec EEMScript
authorization commands 0 EEMScript
authorization commands 1 EEMScript
authorization commands 15 EEMScript
transport input none
length 0
!
© 2010 Cisco and/or its affiliates. All rights reserved. 19
• When one leaves “config t” mode a SYS-5-CONFIG_I syslog
message is sent
Config may not have changed
Uninteresting parts of the config may have changed
• EEM can be used to build a “smarter” configuration change monitor
• The config archive feature of IOS will send every configuration message out as a syslog
© 2010 Cisco and/or its affiliates. All rights reserved. 20
archive
log config
logging enable
notify syslog contenttype plaintext
!
event manager applet smart-config-monitor
event syslog pattern "PARSER-5-CFGLOG_LOGGEDCMD.*logged
command:[a-zA-Z0-9].*"
action 1.0 regexp "User:([a-zA-Z0-9_\.'-]+).*logged
command:(snmp.*)" $_syslog_msg match user command
action 2.0 if $_regexp_result eq 1
action 2.1 info type routername
action 3.0 mail to "[email protected]" from "[email protected]"
subject "SNMP change on device $_info_routername" body "The
following config was changed by $user on $_info_routername:
$command" server 10.1.1.1
action 4.0 end
Config Archive logging
Only match configuration
changes (i.e., not the
enable EXEC command)
In this example, we only
care about SNMP
changes
© 2010 Cisco and/or its affiliates. All rights reserved. 21
© 2010 Cisco and/or its affiliates. All rights reserved. 22
© 2010 Cisco and/or its affiliates. All rights reserved. 23
Platform/OS Support
• ISRs 15.2(2)T Catalyst 6K Planned / CY’12
• ASR 1K IOS-XE 3.5 Catalyst 4K Planned / CY’13
© 2010 Cisco and/or its affiliates. All rights reserved. 24
EEM Security Enhancements
• Checksum based script integrity check
• 3rd party digital signature support
• Script owner identification
• Registration of remote Tcl policies
EEM Email Action Enhancements
• Custom port for SMTP mail actions
• TLS support for SMTP mail actions
© 2010 Cisco and/or its affiliates. All rights reserved. 25
EEM Usability Enhancements
• File operations in EEM applet actions
• New fields to track queue size, dropped events, and run-time
EEM Event Detector Enhancements
• CLI event detector enhancement
• Syslog event detector performance enhancement
EEM Resource Management
• Resource Consumption Throttling
• Rate limiting of events
© 2010 Cisco and/or its affiliates. All rights reserved. 26
http://www.cisco.com/go/ciscobeyond
Discussion forums
Ask questions, get answers
Video tutorials
Coming soon!
Cast your vote!
Which scripting language would you
like to see supported in the future?
Script repository
Over 130+ open source scripts,
learn by example
© 2010 Cisco and/or its affiliates. All rights reserved. 27
• “Living” document at
https://supportforums.cis
co.com/docs/DOC-12757
• Contains helpful tips and
tricks to get the most out
of EEM
• Great supplement to the
Cisco.com docs
© 2010 Cisco and/or its affiliates. All rights reserved. 28
• Cisco Embedded Automation Systems (EASy) unites Cisco IOS technologies and leverages embedded management for automation offering lower TCO for Cisco products
• Goal is to create well-tested, well-documented packages which are easy to install, easy to manage, and easy to service
• Contact [email protected] if you have challenges you would like help solving using Cisco automation
• http://www.cisco.com/go/easy/
© 2010 Cisco and/or its affiliates. All rights reserved. 29
Session ID Title Type
BRKCDN-1008 Getting network service and
device visibility via Cisco
ConnectedApps PathTrace
Service Set APIs
Technical breakout – 90
minutes
BRKCRS-3090 Implementing Network
Automations
Technical breakout – 90
minutes
LABNMS-4348 Implementing Network
Automation - The Basics
Walk-In Self-Paced Lab
LABNMS-4359 Implementing Network
Automation - Intermediate
Walk-In Self-Paced Lab
LABNMS-4360 Implementing Network
Automation - Advanced
Walk-In Self-Paced Lab
BRKNMS-2030 Onboard Automation with
Cisco IOS Embedded Event
Manager
Technical breakout – 2
hours
BRKNMS-3021 Advanced Cisco IOS
Device Instrumentation
Technical breakout – 2
hours
TECCRS-3000 Hands on Embedded Event
Manager in Catalyst
Switches
Technical seminar – 8
hours
TECARC-4434 Manage and Deploy
Borderless Network
Architectures using
Embedded IOS Features
Technical seminar – 4
hours
1. Go to
https://ciscolive201
2.com/scheduler/ca
talog.do
2. Log in
3. Sign up for the
sessions you want
4. We’ll see you there!
© 2010 Cisco and/or its affiliates. All rights reserved. 31
• EEM is a powerful tool embedded in Cisco routers and switches that provides real-time network event detection and onboard automation.
• EEM’s scripting community, Cisco Beyond, is an established open development community where customers can share scripts, get support, learn best practices, and collaborate with their peers and Cisco subject matter experts.
• EEM Cisco Partners add even more value to the power of EEM by simplifying deployments and improving ease of use.
© 2010 Cisco and/or its affiliates. All rights reserved. 32
© 2010 Cisco and/or its affiliates. All rights reserved. 33
• Thank you!
• Please complete the post-event survey.
• Join us May 2 for our next webinar:
Securing the Access Layer
To register, go to www.cisco.com/go/iosadvantage