Example: Changing the Configuration Using an Event Policy
It might be necessary to modify the configuration in response to a particular event. Starting in Junos OS Release 12.1, you can configure an event policy to make and commit configuration changes when the event policy is triggered by one or more specific events.
This example simulates an SNMP_TRAP_LINK_DOWN event for a specific
interface. Upon receipt of the event, the event policy uses the change-configuration
action to modify the configuration of
a static route to use a new next-hop IP address through a different
exit interface.
Requirements
Routing, switching, or security device running Junos OS Release 12.1 or later.
Overview
You can configure an event policy action to modify the configuration when the policy is triggered by a single event or correlated events. Suppose you have a static route to the 10.1.10.0/24 network with a next-hop IP address of 10.1.2.1 through the exit interface ge-0/3/1. At some point, this interface goes down, triggering an SNMP_TRAP_LINK_DOWN event.
This example creates an event policy named update-on-snmp-trap-link-down. The event policy is configured so that the eventd process listens for an SNMP_TRAP_LINK_DOWN event associated with the interface ge-0/3/1.0. If the interface goes down, the event policy executes a change configuration action. The event policy configuration commands remove the static route through the ge-0/3/1 exit interface and create a new static route to the same target network with a next-hop IP address of 10.1.3.1 through the exit interface ge-0/2/1. The commands are executed in the order in which they appear in the event policy.
The event policy change configuration commit operation is executed under the username bsmith with a commit comment specifying that the change was made through the associated event policy. The retry count is set to 5 and the retry interval is set to 4 seconds. If the initial attempt to issue the configuration change fails, the system attempts the configuration change 5 additional times and waits 4 seconds between each attempt.
Although not presented here, you might have a second, similar event policy that executes a change configuration action to update the static route when the interface comes back up. In that case the policy would trigger on the SNMP_TRAP_LINK_UP event for the same interface.
Configuration
CLI Quick Configuration
To quickly configure this example, copy the following
commands, paste them in a text file, remove any line breaks, change
any details necessary to match your network configuration, and then
copy and paste the commands into the CLI at the [edit]
hierarchy
level:
set event-options policy update-on-snmp-trap-link-down events snmp_trap_link_down set event-options policy update-on-snmp-trap-link-down attributes-match snmp_trap_link_down.interface-name matches ge-0/3/1.0 set event-options policy update-on-snmp-trap-link-down then change-configuration retry count 5 set event-options policy update-on-snmp-trap-link-down then change-configuration retry interval 4 set event-options policy update-on-snmp-trap-link-down then change-configuration commands "delete routing-options static route 10.1.10.0/24 next-hop" set event-options policy update-on-snmp-trap-link-down then change-configuration commands "set routing-options static route 10.1.10.0/24 next-hop 10.1.3.1" set event-options policy update-on-snmp-trap-link-down then change-configuration user-name bsmith set event-options policy update-on-snmp-trap-link-down then change-configuration commit-options log "updating configuration from event policy update-on-snmp-trap-link-down" set routing-options static route 10.1.10.0/24 next-hop 10.1.2.1 set system syslog file syslog-event-daemon-warning daemon warning
Configuring the Event Policy
Step-by-Step Procedure
Create and name the event policy.
[edit] bsmith@R1# edit event-options policy update-on-snmp-trap-link-down
Configure the
events
statement so that the event policy triggers on the SNMP_TRAP_LINK_DOWN event.Set the
attributes-match
statement so that the policy triggers only if the SNMP_TRAP_LINK_DOWN event occurs for the ge-0/3/1.0 interface.[edit event-options policy update-on-snmp-trap-link-down] bsmith@R1# set events snmp_trap_link_down bsmith@R1# set attributes-match snmp_trap_link_down.interface-name matches ge-0/3/1.0
Specify the configuration mode commands that are executed if the ge-0/3/1 interface goes down.
Configure each command on a single line, enclose the command string in quotes, and specify the complete statement path.
[edit event-options policy update-on-snmp-trap-link-down then change-configuration] bsmith@R1# set commands "delete routing-options static route 10.1.10.0/24 next-hop" bsmith@R1# set commands "set routing-options static route 10.1.10.0/24 next-hop 10.1.3.1"
Configure the commit options.
Configure the
log
option with a comment describing the configuration changes. The comment is added to the commit logs after a successful commit operation is made through the associated event policy.[edit event-options policy update-on-snmp-trap-link-down then change-configuration] bsmith@R1# set commit-options log "updating configuration from event policy update-on-snmp-trap-link-down"
If you have dual Routing Engines, configure the
synchronize
option to commit the configuration on both Routing Engines. Include theforce
option to force the commit on the other Routing Engine, ignoring any warnings. This example does not configure thesynchronize
andforce
options.(Optional) Configure the retry count and retry interval.
In this example,
count
is set to 5 and theinterval
is 4 seconds.[edit event-options policy update-on-snmp-trap-link-down then change-configuration] bsmith@R1# set retry count 5 interval 4
(Optional) Configure the username under whose privileges the configuration changes and commit are made.
If you do not specify a username, the action is executed as user root.
[edit event-options policy update-on-snmp-trap-link-down then change-configuration] bsmith@R1# set user-name bsmith
Configure a new log file at the
[edit system syslog]
hierarchy level to record syslog events of facilitydaemon
and severitywarning
.This captures the SNMP_TRAP_LINK_DOWN events.
[edit system syslog] bsmith@R1# set file syslog-event-daemon-warning daemon warning
To test this example, configure a static route to the 10.1.10.0/24 network with a next hop IP address of 10.1.2.1.
[edit] bsmith@R1# set routing-options static route 10.1.10.0/24 next-hop 10.1.2.1
Commit the configuration.
bsmith@R1# commit
Review the
[edit routing-options static]
hierarchy level of the configuration before disabling the ge-0/3/1 interface, and note the next hop IP address.bsmith@R1> show configuration routing-options static ... route 10.1.10.0/24 next-hop 10.1.2.1; ...
To manually test the event policy, take the ge-0/3/1 interface temporarily offline to generate the SNMP_TRAP_LINK_DOWN event.
[edit] bsmith@R1# set interfaces ge-0/3/1 disable bsmith@R1# commit
Results
[edit] event-options { policy update-on-snmp-trap-link-down { events snmp_trap_link_down; attributes-match { snmp_trap_link_down.interface-name matches ge-0/3/1.0; } then { change-configuration { retry count 5 interval 4; commands { "delete routing-options static route 10.1.10.0/24 next-hop"; "set routing-options static route 10.1.10.0/24 next-hop 10.1.3.1"; } user-name bsmith; commit-options { log "updating configuration from event policy update-on-snmp-trap-link-down"; } } } } } routing-options { static { route 10.1.10.0/24 next-hop 10.1.2.1; } } system { syslog { file syslog-event-daemon-warning { daemon warning; } } }
Verification
Confirm that the configuration is working properly.
Verifying the Status of the Interface
Purpose
Verify that the ge-0/3/1 interface is down and that it triggered the SNMP_TRAP_LINK_DOWN event.
Action
Issue the show interfaces ge-0/3/1
operational
mode command. The command output shows that the interface is administratively
offline.
bsmith@R1> show interfaces ge-0/3/1 Physical interface: ge-0/3/1, Administratively down, Physical link is Down <output omitted>
Review the contents of the system log file configured in Step 7. The output shows that the ge-0/3/1.0 interface went down and generated an SNMP_TRAP_LINK_DOWN event.
bsmith@R1> show log syslog-event-daemon-warning Oct 10 18:00:57 R1 mib2d[1371]: SNMP_TRAP_LINK_DOWN: ifIndex 531, ifAdminStatus down(2), ifOperStatus down(2), ifName ge-0/3/1.0
Verifying the Commit
Purpose
Verify that the event policy commit operation was successful by reviewing the commit log and the messages log file.
Action
Issue the show system commit
operational
mode command to view the commit log. In this example, the log confirms
that the configuration was committed through the event policy under
the privileges of user bsmith at the given date and time.
bsmith@R1> show system commit 0 2011-10-10 18:01:03 PDT by bsmith via junoscript updating configuration from event policy update-on-snmp-trap-link-down 1 2011-09-02 14:16:44 PDT by admin via netconf 2 2011-07-08 14:33:46 PDT by root via other
Review the messages log file. Upon receipt of the SNMP_TRAP_LINK_DOWN event, Junos OS executed the configured event policy action to modify and commit the configuration. The commit operation occurred under the privileges of user bsmith.
bsmith@R1> show log messages | last 20 ... Oct 10 18:00:57 R1 mib2d[1371]: SNMP_TRAP_LINK_DOWN: ifIndex 531, ifAdminStatus down(2), ifOperStatus down(2), ifName ge-0/3/1.0 Oct 10 18:00:59 R1 file[17575]: UI_COMMIT: User 'bsmith' requested 'commit' operation (comment: updating configuration from event policy update-on-snmp-trap-link-down) Oct 10 18:01:03 R1 eventd: EVENTD_CONFIG_CHANGE_SUCCESS: Configuration change successful: while executing policy update-on-snmp-trap-link-down with user bsmith privileges
If you configure a different log file, review the file specific to your configuration.
Meaning
The output from the show system commit
operational
mode command and the messages log
file verify that the commit operation, which was made through the
event policy under the privileges of the user bsmith, was successful.
The show system commit
output and messages log file reference the commit comment specified in the log
statement at the [edit event-options policy update-on-snmp-trap-link-down then
change-configuration commit-options]
hierarchy level.
Verifying the Configuration Changes
Purpose
Verify the configuration changes by reviewing the [edit routing-options static]
hierarchy level of the configuration
after disabling the ge-0/3/1 interface.
Action
Issue the following operational mode command:
bsmith@R1> show configuration routing-options static ... route 10.1.10.0/24 next-hop 10.1.3.1; ...
Meaning
The configured next hop has been modified by the event policy to the new IP address 10.1.3.1, which has its route through the exit interface ge-0/2/1.
Troubleshooting
Troubleshooting Commit Errors
Problem
The triggered event policy does not make the specified configuration changes, and the logs verify that the commit was unsuccessful.
bsmith@R1> show log messages | last 20 ... Oct 10 17:48:59 R1 mib2d[1371]: SNMP_TRAP_LINK_DOWN: ifIndex 531, ifAdminStatus down(2), ifOperStatus down(2), ifName ge-0/3/1.0 Oct 10 17:49:01 R1 file[17142]: UI_LOAD_EVENT: User 'bsmith' is performing a 'rollback' Oct 10 17:49:01 R1 eventd: EVENTD_CONFIG_CHANGE_FAILED: Configuration change failed: rpc to management daemon failed while executing policy update-on-snmp-trap-link-down with user bsmith privileges
A failed commit might occur if the configuration is locked or if the configuration mode commands have the incorrect syntax or order.
Solution
Check the configuration mode commands at the [edit event-options policy update-on-snmp-trap-link-down then change-configuration
commands]
hierarchy level, and verify that the syntax and the
order of execution are correct.
Additionally, increase the retry count and interval options so that if the configuration is locked, the event policy attempts the configuration changes a specified number of times after the first failed instance.