embedded event manager (eem) - cisco · step 1 –register user directories register user policy...
TRANSCRIPT
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1
Embedded Event Manager (EEM)
Navid Molavi och Patrik Bagge
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 2
Embedded Event Manager
Agenda:
What is EEM?
What's the benefits? – Real world examples
EEM Demo
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 3
Embedded Event Manager
Goal of this partner update session:
Overview of EEM
EEM Information resources
Start using EEM
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 4
Thinking Inside the Box– The Future of Network Management
Networks are getting larger
Network management task more complex
Business critical application increasingly depend on net
High dependency means higher availability requirements
Reaction times must be shorter
Continuous cost pressures
All driving a need for automation and distributed/cooperative network management
==> EMBEDDED MANAGEMENT
SiSi SiSi
SiSiSiSiSiSi SiSiSiSiSiSi SiSiSiSiSiSi
SiSi SiSi
SiSiSiSiSiSi SiSiSiSiSiSi SiSiSiSiSiSi
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 5
Getting An Insider’s View with EEM
SiSi SiSi
SiSiSiSiSiSi SiSiSiSiSiSi SiSiSiSiSiSi
EEM
Interpret
from
outside
vs.
See from
within
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 6
What is Embedded Event Manager (EEM)?
Detect and generate events when certain conditions are met in the network devices
Gives in-box granular visibility and control oppose to external communication
Distributed automation with instant reaction
A tool that adapts devices to specific customer requirements
Beneficial for Cisco partners extending the service offerings
Supported on C3K, 4500, 6500, ISR, ASR, 7600, IOS-XR/NX-OS
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 7
Event Detector
Embedded Event
Manager
Policy
AppletsTCL
Scripts Policies (scripts)
Applets ( defined via CLI, simpler)
Tcl-based ( programmed in TCL as complex as you want)
EEM Server
The “brains” of the system
Event Detectors
“watch for events of interest”
All of this is internal to Cisco IOS
Embedded Event Manager (EEM)
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 8
*Not all available in all releasesEmbedded Event Manager (EEM)
2. An EEM Event Detector receives notification
3. An EEM Policy is activated that initiates a pre-
defined set of actions
1. Something happens on the causing an
Event to trigger
Event Detector
Embedded Event
Manager
Policy
AppletsTCL
Scripts
All of this is internal to Cisco IOS
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 9
*Not all available in all releasesEmbedded Event Manager (EEM)
For each incremental EEM version (1, 2.0, 3.0,
3.2) there in an increment of Event
Detectors Event Detector
Embedded Event
Manager
Policy
AppletsTCL
Scripts
All of this is internal to Cisco IOS
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 10
Availability of Event DetectorsEvent
DetectorDescription
(ED Triggers, based on ...)
EEM Version in IOS IOS XR IOS XE NX-OS
1.0 2.0 2.1 2.2 2.3 2.4 3.0 3.1 3.2 3.6 3.7 2.1 2.2 4.0 4.1
Syslog RegExp match of local syslog message
SNMP Notif SNMP MIB Variable Threshold
Watchdog IOS process or subsystem activity events
Interface Counter (Interface) Counter Threshold
Timer Designated Time or Interval
Counter Change of a designated counter value
Application specific An IOS subsystem or policy script
CLI RegExp match of input via command line interface
OIR Hardware online insertion and removal OIR
none No trigger, used in conjunction with exec command
ERM Embedded Resource Manager (ERM) events
EOT Enhanced Object Tracking variable (EOT) events
RF IOS Redundancy Facility (switchover)
GOLD Generic Online Diagnostics (GOLD) events
SNMP Proxy Incoming remote SNMP Notification
XML RPC Incoming XML message
Routing State change of Routing Protocols
Netflow Traffic Flow information from Netflow
IPSLA IPSLA events (supersedes EOT for EEM / IPSLA)
CLI enhanced Integrates CLI Ed with the XML PI
SNMP Object Intercept SNMP GET/SET requests
Neighbor Disco CDP, LLPD, Link up/down events
Identity 802.1x and MAB authentication events
MAC MAC Address Table entry changes
Hardware Register for environmentla monitoring hardware
Statistics Threshold crossing of a statistical counter
Fan (absent / bad) Presence and State of a Fan
Module failure Occurence of a Module Failure Event
Storm Control Occurence of a Storm Control Event
Temperature Temperature Sensor Thresholds
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 11
EEM 3.0 Event Detectors
EEM 3.0 Applet Actions
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 12
EEM for Real World Challenges
Challenge 1: Every few weeks a router is running low on memory around 2am, and I want to find out what’s happening
Solution: EEM script could be triggered based on the memory utilization, capture the memory information and send the output with Syslog or Email
Challenge 2: One of the (redundant) links has problems with occasionalhigh error rates, but does not go down. It causes service interruption for my customer.
Solution: EEM script could be triggered on the interface errors, remove the link to force the
use of the stable link and send a notification by Syslog
Challenge 3: my ACL configuration gets changed, I want to get notified, but I can’t sit there monitor it all the time
Solution: EEM script could be triggered by CLI command, take a snapshot of the logged in user, changed configuration, and send an email to you
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 13
EEM for Real World Challenges, cont.
Challenge 4: I want to save energy, but I can’t go around turn off everyone’s IP phone everyday
Solution: Timer ED can be used to trigger the execution of an EEM script to turn off your IP phone at 7pm everyday and turn it back on 7am the next day
Challenge 5: Collect data via SNMP, even if there is no MIB support currently available
Solution: Expression-MIB provides the capability to process data into more relevant
information via SNMP
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 14
EEM Support Resource
EEM
http://www.cisco.com/go/eem
Automated Diagnostics for Commercial Networks (ready to use Scripts)http://www.cisco.com/en/US/prod/iosswrel/ps6537/ps6555/ps9421/networking_solutions_products_genericcontent0900aecd80719ee6.html
Embedded Event Manager (EEM) Scripting Community
http://forums.cisco.com/eforum/servlet/EEM?page=main
- Open source scripts, share, upload, downloa, learn by examples
Categories include: Ntwk mgmt, Diagnostics, Routing, QoS, High availability, User interface, Security etc
- EEM related discussions, post your question to get answer from EEM experts
Email [email protected]
Embedded Packet Capture (EPC): www.cisco.com/go/epc
IPSLA: www.cisco.com/go/ipsla
NBAR: www.cisco.com/go/nbar
NetFlow: www.cisco.com/go/netflow and www.cisco.com/go/fnf
GOLD: http://www.cisco.com/en/US/products/ps7081/products_ios_protocol_group_home.html
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 15
EEM Demo
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 16
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 17
Buffer
Capture
Point
See: http://www.cisco.com/go/epc
Available from: IOS 12.4(20)T
Platforms: 8xx, 18xx, 28xx, 38xx ISRs, 72xx
Solution: Make use of IOS Embedded Packet Capture to capture PCAP format data and/or analyze on the device
Troubleshooting & Optimization
Embedded Packet Capture (EPC)
1. Defining a capture buffer on the device
Router# monitor capture buffer …
2. Defining a capture point
Router# monitor capture point …
3. Associate capture point to buffer
Router# monitor capture point associate …
5. Show and/or Export the content of the buffer
Router# monitor capture buffer <tracename> export
Problem: Sometimes a Packet Capture would be useful for Troubleshooting, Security or Application Analysis, Baselining, etc. BUT: deploying Packet Sniffers is slow, expensive and requires local skillsand equipment ...
4. Start / Stop capture points
Router# monitor capture point start …
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 18
Troubleshooting & Optimization
Example: process-switched traffic – 2/25. … or export as PCAP file and analyze externally
Router# monitor capture buffer my-buffer export tftp://10.10.10.10/mypcap
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 19
See: http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_cfg_snmp_sup.html
EASy
EASy – Adding a Custom MIB OID 1/2
Problem: Collect data via SNMP, even if there is no MIB support currently available.
Solution: Expression-MIB provides the capability to process data into more relevant information via SNMP
– Expression-MIB can be configured using SNMP directly since 12.0(5)T.
– Initially Cisco Implementation was based on OID 1.3.6.1.4.1.9.10.22 but current Cisco implementation is based on RFC2982-MIB, OID 1.3.6.1.2.1.90.
– In 12.4(20)T Expression-MIB feature is enhanced to add CLIs to configure expressions.
Expression-MIB can gather data from Command Line Interface (CLI show commands), even if there is no MIB support
EEM 3.1 will provide similar capability without the need to involve the Expression-MIB
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 20
Is a certain value from a
"CLI show command"
supported in your device via SNMP?
Reference:
http://www.cisco.com/go/mibs
•SNMP Object Navigator
•Cisco IOS MIB Locator
Yes
Is the
Expression-MIB(1)
Supported in your
Device?
NoEEM 3.1
Yes
Running
12.4(20)T or
higher?
No
YesScript #1 EEM policy based on CLI Expression-MIB
Script #2EEM policy based on the RFC2982-MIB
No
Script #3EEM policy based on the Expression-MIB
Support for
RFC2982-MIB?
Yes
No
See: This is available as an EASy package from CiscoBeyond
http://forums.cisco.com/eforum/servlet/EEM?page=eem&fn=script&scriptId=1961
Adding a Custom MIB OID 2/2
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 21
EEM Applet Policy
Step 1 – Configure Env Var
Configure necessary EEM environment variable
Step 2 -- Register Policy
register the policy with the applet policy engine
Step 3 -- Establish Event Trigger
Define the event that triggers the policy
Step 4 -- Define Action
Define the action to take upon detection of the event
event manager environment_email_server 172.27.121.177
event manager applet email_hsrp_state_change
event syslog pattern ".*%HSRP-5-STATECHANGE.*"
action 1.0 info type routername
action 1.1 cli command "enable"
action 1.3 cli command "show standby | append
hsrp_state_change"
action 1.4 cli command "show standby brief | append
hsrp_state_change“
………..
action 1.8 mail server "$_email_server" to
"$_email_to" from "$_email_from" subject
"HSRP_STATE_CHANGE Alert from
$_info_routername: $_syslog_msg" body "$_cli_result"
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 22
EEM TCL Policy
Step 1 – Register User Directories
Register user policy directory and user library directory
Step 2 – Code Policies Offline
No online editor available.
Step 3 – Download Policy
Download TCL policies using standard IOS file transfer mechanisms
Support script auto refresh from remote location
Step 4 – EEM Environment Variable Configuration
Step 5 – Register Policy
Register policy to TCL policy engine
mkdir disk2:/eem
event manager directory user policy disk2:/eem
event manager directory user library disk2:/eemlib
copy tftp disk2:/eem
Address or name of remote host []? 10.1.88.9
Source filename []? sl_cfgSaveRemT.tcl
Destination filename [sl_cfgSaveRemT.tcl]?
eem/sl_cfgSaveRemT.tcl
Accessing tftp://10.1.88.9/sl_cfgSaveRemT.tcl...!
1232 bytes copied in 0.620 secs (1987 bytes/sec)
event manager update user policy group “*.tcl”
repository tftp://2.2.2.2/users2/jpfeifer/eem_1
event manager policy sl_cfgSaveRemT.tcl type user
event manager environment _email_server
172.27.121.177