Sunday, April 6, 2008

EEM - Layer 3 Path Failure Detection

This example will track the availability of a route using Embedded Object Tracking (EOT) with EEM applet to email an alert as soon as the route is withdrawn from the routing table.

1. Configure your router to tracks 1.1.1.1/32 using the Cisco IOS Embedded Object Tracking (EOT) feature:

track 400 ip route 1.1.1.1/32 reachability
delay down 10 up 10

2. Verify reachability to 1.1.1.1/32 is UP
R4#sh track
Track 400
IP route 1.1.1.1 255.255.255.255 reachability
Reachability is Up (EIGRP)
1 change, last change 00:02:15
Delay up 10 secs, down 10 secs
First-hop interface is FastEthernet0/0

3. Configure the appropriate email environment variables. Refer to other EEM examples.

4. Configured the following environment variable to define the ip prefix wished to be tracked.
R4(config)#event manager environment iproute 1.1.1.1/32

5. On R4, configure the following EEM applet below named “email_track_iproute” so an alarm (in the form of a syslog and email) will be sent when the prefix 1.1.1.1/32 is withdrawn from R4’s routing table:

event manager applet email_track_iproute
event track 400 state down
action 1.0 syslog msg "Prefix to remote site [$iproute] has been withdrawn!"
action 1.1 mail server "$_email_server" to "$_email_to" from "$_email_from" subject "Layer 3 Path Failure: Prefix to Remote Site [$iproute] is DOWN" body ""
action 1.2 syslog msg "Layer 3 Path Failure alert has been sent to email server!"

6. Verify that the EEM applet has been registered and the required environment variables have been set properly:
R4#sh event manager policy registered
No. Class Type Event Type Trap Time Registered Name
1 applet system track Off Fri Sep 14 21:16:43 2007 email_track_iproute
track 400 state down
action 1.0 syslog msg "Prefix to remote site [$iproute] has been withdrawn!"
action 1.1 mail server "$mailserver" to "$mailto" from "$mailfrom" subject "Layer 3 Path Failure: Prefix to Remote Site [$iproute] is DOWN"
action 1.2 syslog msg "Layer 3 Path Failure alert has been sent to email server!"

R4#sh event manager environment


No. Name Value
1 _email_server 50.50.50.1
2 _email_from router-abc@customer.com
3 _email_to attach@cisco.com
4 iproute 1.1.1.1/32

7. Shutdown R1’s Loopback0 interface to trigger the EEM applet on R4 .

R1#config t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int loop0
R1(config-if)#shut

8. Go to R4 and issue ‘show track’ several times to watch the state of the 1.1.1.1/32 go DOWN which will cause the EEM applet to trigger.

R4#sh track
Track 400
IP route 1.1.1.1 255.255.255.255 reachability
Reachability is Up (EIGRP), delayed Down (1 sec remaining) (no route)
3 changes, last change 00:00:29
Delay up 10 secs, down 10 secs
First-hop interface is GigabitEthernet0/0 (was unknown)
Tracked by:
EEM applet email_track_iproute

R4#sh track
Track 400
IP route 1.1.1.1 255.255.255.255 reachability
Reachability is Down (no route)
4 changes, last change 00:00:00
Delay up 10 secs, down 10 secs
First-hop interface is unknown
Tracked by:
EEM applet email_track_iproute

1 comment:

Xave said...

I'm 2 and a half years late but this post is exactly what I'm looking for...thanks a lot for the easy explanations!