onboard automation with eem
TRANSCRIPT
![Page 1: Onboard Automation with EEM](https://reader031.vdocuments.us/reader031/viewer/2022031922/588057621a28ab22088b6ee1/html5/thumbnails/1.jpg)
OnboardAutomationwithEmbeddedEventManager
ShailaSharminSeniorEngineer,Core&IPNetworkBanglalion CommunicationsLTD
![Page 2: Onboard Automation with EEM](https://reader031.vdocuments.us/reader031/viewer/2022031922/588057621a28ab22088b6ee1/html5/thumbnails/2.jpg)
Index
• EmbeddedEventManager(EEM)Overview• UnderstandingEEMEventDetectors• EEMPolicieswithsamplescripts• EEMDemos
![Page 3: Onboard Automation with EEM](https://reader031.vdocuments.us/reader031/viewer/2022031922/588057621a28ab22088b6ee1/html5/thumbnails/3.jpg)
Introduction:EEM(EmbeddedEventmanager)EEMisasoftwarecomponentofciscoIOS,XR,andNX-OSthatallowsyoutorunascriptorasetofcommandsuponaneventandmakeslifeeasierforadministratorsbytrackingandclassifyingeventsthattakeplaceonarouterandprovidingnotificationoptionsforthoseevents..
Therearetwoindependentpieces:AppletsandScripting->AppletsareacollectionofCLIcommands->ScriptsareactionscodedupinTCL(interpreterlanguage)
![Page 4: Onboard Automation with EEM](https://reader031.vdocuments.us/reader031/viewer/2022031922/588057621a28ab22088b6ee1/html5/thumbnails/4.jpg)
EEMCoreEventDetectors&Components
EEMdetectorscanbe1)Syslog2)CLIevents3)Counter4)Timers5)SNMP6)IPSLAandNetflows events.7)None:simply"eventmanagerrun"command.
EEMComponents:EEMserverEEMpublisher(detector)EEMsubscriber(policy)
![Page 5: Onboard Automation with EEM](https://reader031.vdocuments.us/reader031/viewer/2022031922/588057621a28ab22088b6ee1/html5/thumbnails/5.jpg)
DeterminingtheVersionofEEMCISCOACCESSROUTERS- CurrentModels
CISCOACCESSROUTERS- OldModels
![Page 6: Onboard Automation with EEM](https://reader031.vdocuments.us/reader031/viewer/2022031922/588057621a28ab22088b6ee1/html5/thumbnails/6.jpg)
DeterminingtheVersionofEEMCISCOSERVICEAGGREGATION/COREROUTERS
CISCOCATALYSTSWITCHES
![Page 7: Onboard Automation with EEM](https://reader031.vdocuments.us/reader031/viewer/2022031922/588057621a28ab22088b6ee1/html5/thumbnails/7.jpg)
CreatinganEEMapplet
TherearethreestepstocreatingthisEEMapplet.1:CreatetheappletandgiveitanameR6(config)#eventmanagerappletIntf_Management
2:TelltheappletwhattolookoutforR6(config-applet)#eventsyslogpattern"%LINK-5-CHANGED:InterfaceLoopback0,changedstatetoadministrativelydown“
3:Whatdoyouwanttheroutertodowhenitseeswhatyouhavedefined instep2– simple!R6(config-applet)#action1.0clicommand“enable”R6(config-applet)#action2.0clicommand“conf t”R6(config-applet)#action3.0clicommand"interfaceloopback0"R6(config-applet)#action4.0clicommand“noshut”R6(config-applet)#action5.0clicommand"end"R6(config-applet)#action6.0clicommand"who"R6(config-applet)#action7.0mailserver"58.97.254.49"to"[email protected]"from "[email protected]"subject"ISP1_Interface_loopback0SHUTDOWN" body"Currentusers$_cli_result"R6(config-applet)#end
![Page 8: Onboard Automation with EEM](https://reader031.vdocuments.us/reader031/viewer/2022031922/588057621a28ab22088b6ee1/html5/thumbnails/8.jpg)
SampleEEMapplet
![Page 9: Onboard Automation with EEM](https://reader031.vdocuments.us/reader031/viewer/2022031922/588057621a28ab22088b6ee1/html5/thumbnails/9.jpg)
EEMEventDetector– SyslogED
FunctionalityTriggersEventonMatchesforSyslogMessagesBasedonRegularExpression
Exampleeventsyslogpattern"%LINK-5-CHANGED:InterfaceLoopback0,changedstatetoadministrativelydown“
UseCaseTroubleshooting,AutomaticFaultDetectionandAlert
![Page 10: Onboard Automation with EEM](https://reader031.vdocuments.us/reader031/viewer/2022031922/588057621a28ab22088b6ee1/html5/thumbnails/10.jpg)
SyslogEDExampleSyslogmessagesarethemessagesthatshowupbydefaultonconsole.Thisexampleshowsthesyslogeventdetector.Configuration:
SMTPServerisreachable,Loopback0isup.
![Page 11: Onboard Automation with EEM](https://reader031.vdocuments.us/reader031/viewer/2022031922/588057621a28ab22088b6ee1/html5/thumbnails/11.jpg)
SyslogEDExamplecontinue..WhentheLoopback0 interfacehasbeenshutdown,thebelowappletautomaticallyrunstoturnontheinterfaceandsendthealerttospecificemailaddressincludingloggedinuserinformation.
Todisplay theEmbedded EventManagereventsthathavebeentriggeredinR1,usethefollowing command:
Samplemailreceivedbynetworkadministrator
![Page 12: Onboard Automation with EEM](https://reader031.vdocuments.us/reader031/viewer/2022031922/588057621a28ab22088b6ee1/html5/thumbnails/12.jpg)
EEMEventDetector– CLIED
FunctionalityTriggersSynchronousorAsynchronousEventsWhenCertainCLIIsExecuted.AllowCustomCLICreation(EEM3.0).
Exampleeventclipattern"reload"syncnoskipyesoccurs1
UseCaseConfigManagement,Security,FeatureCustomization
![Page 13: Onboard Automation with EEM](https://reader031.vdocuments.us/reader031/viewer/2022031922/588057621a28ab22088b6ee1/html5/thumbnails/13.jpg)
CLIED EDExampleItcantakeactionbasedoncommandsthatareusedontheCLIConfiguration:
Insteadoflookingforapatterninsyslog,thistimewe’rewaitingforapatternenteredontotheCLI.breakdown:eventclipattern:DefinestheeventcriteriatoinitializetheEEMapplet.sync: SpecifiesifthepolicyshouldbeexecutedsynchronouslybeforetheCLIcommandsexecutesskip: IndicatesiftheCLIcommandsshouldbeexecutedoccurs:IndicatesthenumberofoccurrencesbeforetheEEMappletistriggers.
Whenweattempttoreloadtherouter,theresultsareasexpected
![Page 14: Onboard Automation with EEM](https://reader031.vdocuments.us/reader031/viewer/2022031922/588057621a28ab22088b6ee1/html5/thumbnails/14.jpg)
EEMEventDetector– InterfaceEDFunctionalityTriggersEventWhenInterfaceCountersCrossThreshold.22CountersSupported,Includinginput_error,interface_reset,transmit_rate,etc.
Exampleeventtagif_1interfacenameFa0/0parameterinput_errors_crc entry-opge entry-val 10entry-typeincrementpoll-interval60
UseCaseRealTimeAlertandRecoveryofInterfaceError
![Page 15: Onboard Automation with EEM](https://reader031.vdocuments.us/reader031/viewer/2022031922/588057621a28ab22088b6ee1/html5/thumbnails/15.jpg)
InterfaceEDExampleMonitorCRCerrorsonmultipleWANinterfacesandnotifytheoperator(viae-mail) whenaninterfacehasmorethantwoerrorsperminute.Configuration:
eventmanagerappletmultiple_ifeventtagif_1interfacenameFa0/0parameterinput_errors_crc entry-opge entry-val 2entry-typeincrementpoll-interval60eventtagif_2interfacenameGi01/0parameterinput_errors_crc entry-opge entry-val 2entry-typeincrementpoll-interval60triggercorrelateeventif_1oreventif_2action1.0syslogmsg "CRCfailureleasedline$_interface_name"action2.0mailserver"58.97.254.49"to"[email protected]"from"[email protected]"subject"CRCproblemson
$_info_routername interface$_interface_name"body"CRCfailureshaveexceededthethreshold“
ToviewtheregisteredpoliciesonrouterR1,youcanusethefollowingcommand:
![Page 16: Onboard Automation with EEM](https://reader031.vdocuments.us/reader031/viewer/2022031922/588057621a28ab22088b6ee1/html5/thumbnails/16.jpg)
EEMEventDetector– TimerED
FunctionalityTriggersEventsonWatchdog,CountDown,cron andAbsoluteTimer
Exampleeventtimercron cron-entry"019**0-7"eventtimerwatchdogtime300
UseCaseSystemMonitoringviaPeriodicAction,PeriodicDataCollectionandReporting
![Page 17: Onboard Automation with EEM](https://reader031.vdocuments.us/reader031/viewer/2022031922/588057621a28ab22088b6ee1/html5/thumbnails/17.jpg)
TimerEDExampleThisappletisputintoCron,whichwillbetriggeredattheexactspecifictime.Itiscomposedof5valuesseparatedbyaspace.Minuteshoursdaymonth{dayofweek(0-6,0isSunday)}Configuration:
![Page 18: Onboard Automation with EEM](https://reader031.vdocuments.us/reader031/viewer/2022031922/588057621a28ab22088b6ee1/html5/thumbnails/18.jpg)
EEMEventDetector– SNMPEDFunctionalityTriggersEventBasedonSNMPOIDValueCrossingPredefinedThreshold
Exampleeventsnmp oid " 1.3.6.1.4.1.9.9.109.1.1.1.1.5"get-typeexactentry-opge entry-val50exit-opleexit-val 5poll-interval5
UseCaseSystemStatsMonitoringandAlerting,e.g.CPUandMemoryUtilization
![Page 19: Onboard Automation with EEM](https://reader031.vdocuments.us/reader031/viewer/2022031922/588057621a28ab22088b6ee1/html5/thumbnails/19.jpg)
SNMPEDExampleFollowingEEMscriptrunthecommandwhentheCPUgoesaboveacertainvalue.Configuration:eventmanagerapplethighcpueventsnmp oid " 1.3.6.1.4.1.9.9.109.1.1.1.1.5"get-typeexactentry-opge entry-val 50exit-opleexit-val 5poll-interval5action1.0clicommand"enable"action2.0clicommand"showproc cpu sorted"action3.0mailserver"58.97.254.49"to"[email protected]" from"[email protected]" subject "HighCPUAlert"body"$_cli_result"End
ThiswillpollthefivesecondCPUutilizationoftherouteprocessoreveryfiveseconds.Iftheutilizationisatorabove50%,theeventwillfire.TheeventwillnotfireagainuntiltheCPUdropsbelow5%,thengoesbackto50%.Thedefinitionsofvariablesare:highcpu - nameoftheeventmanagerapplet/script1.3.6.1.4.1.9.9.109.1.1.1.1.5 /cpmCPUTotal5min- Objectidentifier(OID)forpollingthetotalCPUutilizationoftherouteprocessor(RP)entry-val 50 - CPUutilizationthattriggersthescriptpoll-interval0.5- Frequency(every0.5seconds)thescriptmonitorstheCPU
![Page 20: Onboard Automation with EEM](https://reader031.vdocuments.us/reader031/viewer/2022031922/588057621a28ab22088b6ee1/html5/thumbnails/20.jpg)
EEMEventDetector– IPSLAEDFunctionalityTriggerEventsWhenIPSLATestResultsCrossCertainThreshold.IntegratedwithAutoIPSLAGrouptoMonitorLargeNumberofIPSLAOperationResults
Exampleeventmanagerappletwatch-jittereventipsla operation-id1reaction-type jitterAvgaction001cli command"enable"action002if$_ipsla_measured_threshold_value >$_ipsla_threshold_risingaction003cli command"config t"action004cli command"iproute10.10.20.0255.255.255.0192.168.15.1"action005cli command"end“
UseCaseLinkFailureDetection,DiagnosticsandRecovery
Thedefinitionsofvariablesare:operation-id - SpecifiestheIPSLAsoperationID.
operation-id-value- Numberintherangefrom1to2147483647.
reaction-type- SpecifiesthereactiontobetakenforthespecifiedIPSLAsoperation.
jitterAvg JitterAverageinboth thedirections
![Page 21: Onboard Automation with EEM](https://reader031.vdocuments.us/reader031/viewer/2022031922/588057621a28ab22088b6ee1/html5/thumbnails/21.jpg)
EEMTCL-BasedPolicyExample
EEMscriptsarewrittenusingTCL.TCL(ToolControlLanguage)isascriptinglanguageused byCiscofortestingandautomatingofvariousfunctionsintheIOS.Inthisexample,smallTCLscriptconfiguredtocheckreachabilityoffewIPfromtheCorerouter.
![Page 22: Onboard Automation with EEM](https://reader031.vdocuments.us/reader031/viewer/2022031922/588057621a28ab22088b6ee1/html5/thumbnails/22.jpg)
EEMDemos
![Page 23: Onboard Automation with EEM](https://reader031.vdocuments.us/reader031/viewer/2022031922/588057621a28ab22088b6ee1/html5/thumbnails/23.jpg)
TheProblem: AnEnterprisenetworkconnectedwithtwoISP.WhileloadsharingtrafficwithbothISP,ifonelinktoISPfailsthentrafficshouldshifttoanotherISP.ButNATtranslationsarenotclearingaftertheprimarylinkfails.Whentheprimarylinkrecovers,trafficstillgoingovertheback-up link.
TheSolution:UsingIPSLAandEEMapplettofailoverthetrafficusingNAT.
1. DualISP:NATProblem
![Page 24: Onboard Automation with EEM](https://reader031.vdocuments.us/reader031/viewer/2022031922/588057621a28ab22088b6ee1/html5/thumbnails/24.jpg)
Topology
![Page 25: Onboard Automation with EEM](https://reader031.vdocuments.us/reader031/viewer/2022031922/588057621a28ab22088b6ee1/html5/thumbnails/25.jpg)
EEMActioneventmanagerappletlink-ISP-1-Downeventsyslogpattern"1ip sla 1reachability Up->Down"action1.0cli command"enable"action1.1cli command"configureterminal"action1.2cli command"noip nat insidesourcelist101interfaceGigabitEthernet1/0overload"action1.3cli command"noip nat insidesourcelist102interfaceGigabitEthernet2/0overload"action1.4cli command"ip nat insidesourcelist100interfaceGigabitEthernet2/0overload"eventmanagerappletlink-ISP-1-UPeventsyslogpattern"1ip sla 1reachability Down->Up"action1.0cli command"enable"action1.1cli command"configureterminal"action1.2cli command"noip nat insidesourcelist100interfaceGigabitEthernet2/0overload"action1.3cli command"ip nat insidesourcelist102interfaceGigabitEthernet2/0overload"action1.4cli command"ip nat insidesourcelist101interfaceGigabitEthernet1/0overload"eventmanagerappletlink-ISP-2-Downeventsyslogpattern"2ip sla 2reachability Up->Down"action1.0cli command"enable"action1.1cli command"configureterminal"action1.2cli command"noip nat insidesourcelist101interfaceGigabitEthernet1/0overload"action1.3cli command"noip nat insidesourcelist102interfaceGigabitEthernet2/0overload"action1.4cli command"ip nat insidesourcelist100interfaceGigabitEthernet1/0overload"eventmanagerappletlink-ISP-2-UPeventsyslogpattern"2ip sla 2reachability Down->Up"action1.0cli command"enable"action1.1cli command"configureterminal"action1.2cli command"noip nat insidesourcelist100interfaceGigabitEthernet1/0overload"action1.3cli command"ip nat insidesourcelist102interfaceGigabitEthernet2/0overload"action1.4cli command"ip nat insidesourcelist101interfaceGigabitEthernet1/0overload"!
![Page 26: Onboard Automation with EEM](https://reader031.vdocuments.us/reader031/viewer/2022031922/588057621a28ab22088b6ee1/html5/thumbnails/26.jpg)
Resources
• Support forums for this technology are GREAT• “Living” document at https://supportforums.cisco.com/docs/DOC-12757 Contains helpful tips
and tricks to get the most out of EEM . • For reading material and further resources for this session, visit www.pearson-
books.com/CLMilan2014. • https://networklessons.com/network-management/cisco-ios-embedded-event-manager/. • http://www.techtutsonline.com/cisco-ios-embedded-event-manager/• http://www.cisco.com/c/en/us/td/docs/ios/netmgmt/configuration/guide/12_2sx/nm_12_2sx_bo
ok/nm_eem_overview.html for basic info• http://www.cisco.com/c/en/us/td/docs/ios/netmgmt/configuration/guide/12_2sx/nm_12_2sx_bo
ok/nm_eem_policy_cli.html for Policies Using the Cisco IOS CLI• http://www.cisco.com/c/en/us/td/docs/ios/netmgmt/configuration/guide/12_2sx/nm_12_2sx_bo
ok/nm_eem_policy_tcl.html for Policies Using Tcl
![Page 27: Onboard Automation with EEM](https://reader031.vdocuments.us/reader031/viewer/2022031922/588057621a28ab22088b6ee1/html5/thumbnails/27.jpg)
Questions?