Catalyst 6500 Bootcamp: Catalyst 6500 Embedded Event Manager

Catalyst 6500
Bootcamp
Chapter 14
Catalyst 6500 Embedded Event Manager
© 2006 Cisco Systems, Inc. All rights reserved. CISCO PARTNER CONFIDENTIAL 1
Embedded Event Manager
Introduction
EEM is an IOS technology that runs on the Catalyst 6500’s control plane. It is a combination of
processes designed to monitor key system parameters such as CPU utilization, interface errors,
counters, SNMP and SYSLOG events, and act on specific events or thresholds/counters that are
exceeded…
The
Thefirst
firstrelease
releaseofofthe
theEEM
EEM
implementation
implementation(in (inIOS
IOSwith
with
Software
Software Modularity) is basedon
Modularity) is based on
V2.1.5
V2.1.5
© 2006 Cisco Systems, Inc. All rights reserved. Cisco Partner Confidential 2
How can it be used?
These are a few of the many uses

that EEM can be applied to…
Bring a backup link up Send a page message

when a packet drop to operations if any
threshold has been unauthorized hardware
exceeded… in installed/removed
Send an email alert Run specific

when a configuration commands at set time
change is made in intervals to assist in
production hours… capacity planning
Generate custom
SYSLOG on scheduled Generate custom login
GOLD diagnostic run message based on
highlighting H/W issue.. user-id that logs in
Basic EEM Architecture
Detailed Architecture
Event Detectors
Event Detectors
Will allow IOS Applications or EEM Policies to publish application
specific events
Parses CLI commands for regular expression matches and

published an event on a successful match
Provides persistent EEM counters that can be set by policies - a

policy can be triggered when a specific counter crosses a
threshold…
Provides a generic HW fault detection framework for customers to
define their own fault coverage and corrective action(Catalyst 6500
Only Event Detector available in 12.2SXH IOS release)…
Generates an event when a specific IDB port generic statistics

counter crosses a threshold (above or below).
This detector is used to generate an event when IOS memory

leaks occur, deadlocks or infinite loops are detected in IOS
Event Detectors
Used as a placeholder for policies that are manually triggered via
the “event manager run <policy-name>” command
This will publish an event when either a linecard is inserted or

removed from the chassis
Generates an event for all Redundancy Framework notifications

and state transitions
Generates an event when a specific SNMP counter crosses a

threshold - either above or below
Generates an event for IOS modularity process start,

normal/abnormal stop and restart events
This detector is used to generate an event when IOS memory

leaks occur, deadlocks or infinite loops are detected in IOS tasks
(processes)
Event Detectors
Generates an event when a specific SYSLOG message is
generated - match is determined using a regular expression
Generates an event at a specific time or after a specific period (I.e.

countdown).
Event Policy Director and Policies
EEM Policies
Policies can be defined either via the CLI (known as an applet) or via a TCL script that can be
loaded onto the local Compact Flash card - Policies can generate a variety of actions that
include executing a CLI command, sending an email, generating SYSLOG or SNMP Traps and
many more…
EEM Applet Policies
Configuration mode must be entered on the switch to both register the applet and create
the contents of the applet…
C6500(config)#event manager applet nov2005_rsvt

C6500(config-applet)#event syslog pattern count
C6500(config-applet)#action 1.0 syslog msg "Hello R&S VT Attendees"
C6500(config-applet)#exit
C6500(config)#exit
C6500#
C6500#show run | begin event
event manager applet nov2005_rsvt
event syslog pattern "count"
action 1.0 syslog msg "Hello R&S VT Attendees"
!
end
Note - the command “event manager applet” not only places you into the config mode
where you can enter applet commands, but also registers the “named” applet (in the case
above it registers applet “nov2005_rsvt” with the EEM policy director)…
EEM Applet Policies
Confirm the applet has been registered with the system then invoke an action to activate
the event…
C6500#show event manager policy registered
No. Class Type Event Type Trap Time Registered Name
…snip
11 applet system syslog Off Tue Oct 18 02:50:06 2005 nov2005_rsvt
pattern {count}
action 1.0 syslog msg "Hello R&S VT Attendees”
C6500#
C6500#
C6500#clear counters
Clear "show interface" counters on all interfaces [confirm]
C6500#
00:09:38: %CLEAR-5-COUNTERS: Clear counter on all interfaces by console
00:09:38: %HA_EM-6-LOG: nov2005_rsvt: Hello R&S VT Attendees
C6500#
EEM TCL Modes
The Cat6K supports TCL v8.3.4 which is the same TCLSH environment found in router IOS - a
range of environment variables can be set that are referenced within the TCL script…
EEM Tcl Policy Structure
§ Begin with EEM Event
Register keyword
§ Next is any input
Required
variables or required
environment variables
to control the script
§ Names space imports
Required
§ Entry criteria for the
policy
§ Body (logic of the
Required script)
§ Exit status
Example of Tcl Policy Structure
§ Registration command (Tcl
extension)
§ Tcl namespace (namespace
import)
::cisco::eem
This namespace includes all
Tcl commands closely
related to Embedded Event
Manager
::cisco::lib
This namespace includes
auxiliary library commands
that are not necessarily
specific to the Embedded
Event Manager
§ Body
EEM TCL Script Policy Example
In this example, we are going to setup the system with a user scripted TCL script - the
process for enabling this is shown below - create a directory to hold the scripts and
register this directory with EEM…
C6500#mkdir USER_TCL
Create directory filename [USER_TCL]? Create
Create User
User TCL
TCL Directory
Directory
Created dir disk0:USER_TCL
C6500#dir disk0:
Directory of disk0:/
1 drw- 1 Oct 18 2005 01:14:07 +00:00 USER_TCL
47843328 bytes total (47843327 bytes free)
C6500#conf t
Enter configuration commands, one per line. End with CNTL/Z.
C6500(config)#event manager directory user policy disk0:/USER_TCL
C6500(config)#^Z Register
Register User
User TCL
TCL
C6500#show event man dir user policy Directory
Directory with
with EEM
EEM
disk0:/USER_TCL Policy
Policy Director
Director
Copy the TCL Script file onto the local CF Flash (into the registered script directory) and
then register the TCL script with the Event Manager…
C6500#copy tftp disk0:

Address or name of remote host []? 10.66.240.46 Load
Load in
in TCP
TCP Script
Script
Source filename []? sl_cfgSaveRemT.tcl
Destination filename [cfgSave.tcl]? USER_TCL/cfgSave.tcl
Accessing tftp://10.66.240.46/sl_cfgSaveRemT.tcl...!
1232 bytes copied in 0.620 secs (1987 bytes/sec)
C6500#
C6500#conf t
C6500(config)#event manager policy cfgSave.tcl type user Register
C6500(config)# Register TCL
TCL Script
Script
C6500 #show event manager policy registered
No. Type Event Type Trap Time Registered Name
1 user syslog Off Tue Oct18 01:15:22 2005 cfgSave.tcl
occurs 1 pattern
nice 0 priority normal maxrun 90.000
Display the TCL script - Script is used to demonstrate how to save a switch configuration
to NVRAM when a system administrator exits configuration mode…
C6500#show event manager policy available detailed cfgSave.tcl
::cisco::eem::event_register_syslog occurs 1 pattern "\%SYS-5-CONFIG_I:
Configured" maxrun_sec 90
<…snip…>
if $u_cfgSave_on==1 {
action_syslog msg "Config save mode set, saving configuration to nvram"
if [catch {cli_open} result] {
error $result $errorInfo
} else {
array set cli $result
}
if [catch {cli_exec $cli(fd) "enable"} result] {
}
if [catch {cli_write $cli(fd) "copy run start"} result] {
}
if [catch {cli_read_pattern $cli(fd) "Destination filename"} result] {
}
if [catch {cli_write $cli(fd) "\n"} result] {
}
if [catch {cli_read_drain $cli(fd)} result] {
} else {
set cmd_output $result
action_syslog msg "copy command reponse - $cmd_output"
}
if [catch {cli_close $cli(fd) $cli(tty_id)} result] {
}
} else {
action_syslog msg "Config save mode not set, remember to save your
configuration to nvram"
}
action_syslog msg "done"
exit 0
C6500#
The script executes on exiting config mode - the results of this script can be seen as
follows…
C6500#conf t
C6500(config)#interface f3/1
C6500(config-if)#description test
C6500(config-if)#^Z
C6500#
02:08:13: %SYS-5-CONFIG_I: Configured from console by consoleUpdateStringProc
should not be invoked for type
02:08:15: %HA_EM-6-LOG: system:/lib/tcl/eem_scripts_registered/cfgSave.tcl :

Config save mode not set, remember to save your configuration to nvram
02:08:15: %HA_EM-6-LOG: system:/lib/tcl/eem_scripts_registered/ cfgSave.tcl :
done
Hmmm
Hmmm -- itit didn’t
didn’t work
work -- what
what did
did we
we miss????
miss????
What we missed was setting an environment variable the the script parses before being able
to save the configuration to NVRAM - lets set the environment variable and try again…
C6500#conf t
C6500(config)#event manager environment u_cfgSave_on 1
C6500(config)#interface f3/1
C6500(config-if)#description test Variable
Variable set
set here!!!
here!!!
C6500(config-if)#^Z
C6500#
02:31:39: %SYS-5-CONFIG_I: Configured from console by consoleUpdateStringProc
should not be invoked for type cmdName

Config save mode set, saving configuration to nvram
ItIt works!!!
works!!!
copy command reponse -
done
EEM in Action
EEM in Action
EEM in Action
EEM in Action
EEM in Action
EEM TCL Script
Force FWSM Context Failover
ACCESS DISTRIBUTION
CORE
•Configure an IP SLA probe to monitor

adjacent peers
•Create a TCL-based policy to be triggered
when IP SLA probe fails
•The policy can change HSRP priority and
also force a failover on the firewall context
Peer failover means

sub-optimal routing
FWSM used on the
distribution layer,
active/standby model
EEM Applet
Send max_metrix if FIB disabled (cont)
ACCESS DISTRIBUTION
CORE
OSPF
EEM policy configures

%FIB-3-FIBDISABLE: Fatal error … OSPF to announce
(or similar error which forces max_metrics
software switching)
Scalability - The Scenario
How to determine the impact on the switch control plane from the one script being
invoked multiple times ?
Here is a sample script - EEM script runs to monitor for “Link Down” - upon
detection of event, generate custom SYSLOG message and insert a configuration
command for that port
Scalability - The Twist
The twist to this test is that the entire module is disabled resulting in the event being
triggered once for each of the ports on the module…
For a 48 port module, this script will be invoked 48 times - how does this impact the
switch control plane?
Scalability - The Result
The test showed that the script is invoked for each port in a sequential fashion (i.e.
runs for one port, finishes then is run for the next port and so on)…
30%
CPU 3%
Time
6d01h:
6d01h: % %HA_EM
HA_EM-- 6-
6- LOG:
LOG: // eem
eem_pol
_pol ii cy/
cy/ tt est
est tt cl
cl .. tt cl
cl :: II nt
nt er
er ff ace
ace Gi
Gi gabi
gabi tt Et
Et her
her net
net 3/
3/ 11 was
was
rr eset – conf i gur at i on updat
eset – conf i gur at i on updat ed ed
6d01h:
6d01h: % %HA_EM
HA_EM-- 6-
6- LOG:
LOG: // eem
eem_pol
_pol ii cy/
cy/ tt est
est tt cl
cl .. tt cl
cl :: II nt
nt er
er ff ace
ace Gi
Gi gabi
gabi tt Et
Et her
her net
net 3/
3/ 22 was
was
6d01h:
6d01h: % %HA_EM
HA_EM-- 6-
6- LOG:
LOG: // eem
eem_pol
_pol ii cy/
cy/ tt est
est tt cl
cl .. tt cl
cl :: II nt
nt er
er ff ace
ace Gi
Gi gabi
gabi tt Et
Et her
her net
net 3/
3/ 33 was
was
<.
<. .. >>
<.
<. .. >>
6d01h:
6d01h: % %HA_EM
HA_EM-- 6-
6- LOG:
LOG: // eem
eem_pol
_pol ii cy/
cy/ tt est
est tt cl
cl .. tt cl
cl :: II nt
nt er
er ff ace
ace Gi
Gi gabi
gabi tt Et
Et her
her net
net 3/
3/ 46
46 was
was
6d01h:
6d01h: % %HA_EM
HA_EM-- 6-
6- LOG:
LOG: // eem
eem_pol
_pol ii cy/
cy/ tt est
est tt cl
cl .. tt cl
cl :: II nt
nt er
er ff ace
ace Gi
Gi gabi
gabi tt Et
Et her
her net
net 3/
3/ 47
47 was
was
6d01h:
6d01h: % %HA_EM
HA_EM-- 6-
6- LOG:
LOG: // eem
eem_pol
_pol ii cy/
cy/ tt est
est tt cl
cl .. tt cl
cl :: II nt
nt er
er ff ace
ace Gi
Gi gabi
gabi tt Et
Et her
her net
net 3/
3/ 47
47 was
was
In this example the CPU peaked at ~30%. The actual CPU will be dependent on the
actions invoked by the EEM Script…
Tool Command Language (TCL)
Additional References
§ General language resources:
http://www.tcl.tk/
§ Cisco IOS scripting with TCL:

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/produ
cts_feature_guide09186a00801a75a7.html
§ Email Alias for EEM specific questions:

askabouteem@external.cisco.com
Cisco Beyond,
A Scripting Community for EEM
§ Cisco IOS
Extremely flexible and
powerful onboard, event
driven, scripting facility
§ Cisco Beyond
A place to share scripts,
upload, download, get
examples
§ Live on cisco.com
Pre-populated with over a
dozen scripts
More details:
http://cisco.com/go/eem
http://www.cisco.com/en/US/products/ps6441/products_configuration_guide_book09186a008054dddf.html

Catalyst 6500 Bootcamp: Catalyst 6500 Embedded Event Manager

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Catalyst 6500 Bootcamp: Catalyst 6500 Embedded Event Manager

Transféré par

Droits d'auteur :

Formats disponibles

Catalyst 6500

These are a few of the many uses

Bring a backup link up Send a page message

Send an email alert Run specific

Parses CLI commands for regular expression matches and

Provides persistent EEM counters that can be set by policies - a

Generates an event when a specific IDB port generic statistics

This detector is used to generate an event when IOS memory

This will publish an event when either a linecard is inserted or

Generates an event for all Redundancy Framework notifications

Generates an event when a specific SNMP counter crosses a

Generates an event for IOS modularity process start,

This detector is used to generate an event when IOS memory

Generates an event at a specific time or after a specific period (I.e.

C6500(config)#event manager applet nov2005_rsvt

C6500#copy tftp disk0:

02:08:15: %HA_EM-6-LOG: system:/lib/tcl/eem_scripts_registered/cfgSave.tcl :

02:31:40: %HA_EM-6-LOG: system:/lib/tcl/eem_scripts_registered/cfgSave.tcl :

•Configure an IP SLA probe to monitor

Peer failover means

EEM policy configures

§ Cisco IOS scripting with TCL:

§ Email Alias for EEM specific questions:

Vous aimerez peut-être aussi