- play_arrow Overview
- play_arrow Junos Automation Scripts Overview
- play_arrow Junos XML Management Protocol and Junos XML API Overview
-
- play_arrow Automation Scripting Using XSLT
- play_arrow XSLT Overview
- play_arrow Standard XPath and XSLT Functions Used in Automation Scripts
- play_arrow Standard XSLT Elements and Attributes Used in Automation Scripts
-
- play_arrow Automation Scripting Using SLAX
- play_arrow SLAX Overview
- SLAX Overview
- SLAX Syntax Rules Overview
- SLAX Elements and Element Attributes Overview
- SLAX Elements as Function Arguments
- Understanding SLAX Default Namespaces
- XPath Expressions Overview for SLAX
- SLAX Templates Overview
- SLAX Functions Overview
- SLAX Parameters Overview
- SLAX Variables Overview
- SLAX Statements Overview
- XSLT Elements Without SLAX Equivalents
- SLAX Operators
- play_arrow SLAX Statements
- append
- apply-imports
- apply-templates
- attribute
- attribute-set
- call
- copy-node
- copy-of
- decimal-format
- element
- else
- else if
- expr
- fallback
- for
- for-each
- function
- if
- import
- key
- match
- message
- mode
- mvar
- number
- output-method
- param
- preserve-space
- priority
- processing-instruction
- result
- set
- sort
- strip-space
- template
- terminate
- trace
- uexpr
- use-attribute-sets
- var
- version
- while
- with
- play_arrow The libslax Distribution for Automation Scripting
- libslax Distribution Overview
- libslax Library and Extension Libraries Overview
- Download and Install the libslax Distribution
- libslax Default Extension Libraries: bit, curl, db, os, and xutil
- Understanding the SLAX Processor (slaxproc)
- How to Use the SLAX Processor (slaxproc)
- SLAX Debugger, Profiler, and callflow
-
- play_arrow Automation Scripting Using Python
- play_arrow Python Overview
- Understanding Python Automation Scripts for Junos Devices
- Requirements for Executing Python Automation Scripts on Junos Devices
- Overview of Python Modules on Junos Devices
- How to Use Python Interactive Mode on Devices Running Junos OS
- How to Use the psutil Module to Retrieve Process and System Information on Devices Running Junos OS
- How to Use the Requests Library for Python on Devices Running Junos OS
- IPv6 Support in Python Automation Scripts
- How to Specify the Routing Instance in Python 3 Applications on Devices Running Junos OS Evolved
-
- play_arrow Automation Script Input
- play_arrow Global Parameters in Automation Scripts
-
- play_arrow Extension Functions and Named Templates for Automation Scripts
- play_arrow Extension Functions for Automation Scripting
- play_arrow Extension Functions in the jcs and slax Namespaces
- base64-decode() Function (SLAX)
- base64-encode() Function (SLAX)
- break-lines() Function (SLAX and XSLT)
- close() Function (SLAX and XSLT)
- dampen() Function (Python, SLAX, and XSLT)
- document() Function (SLAX)
- emit_error() Function (Python)
- emit_snmp_attributes Function (Python)
- emit_warning() Function (Python)
- empty() Function (SLAX and XSLT)
- evaluate() Function (SLAX)
- execute() Function (SLAX and XSLT)
- first-of() Function (SLAX and XSLT)
- get-command() Function (SLAX)
- get-hello() Function (SLAX and XSLT)
- get-input() Function (SLAX and XSLT) and get_input() (Python)
- get-protocol() Function (SLAX and XSLT)
- get-secret() Function (SLAX and XSLT) and get_secret() (Python)
- get_snmp_action() Function (Python)
- get_snmp_oid() Function (Python)
- hostname() Function (Python, SLAX, and XSLT)
- invoke() Function (SLAX and XSLT)
- open() Function (SLAX and XSLT)
- output() Function (Python, SLAX, and XSLT)
- parse-ip() Function (SLAX and XSLT) and parse_ip() (Python)
- printf() Function (Python, SLAX, and XSLT)
- progress() Function (Python, SLAX, and XSLT)
- regex() Function (SLAX and XSLT)
- set_routing_instance() Function (Python)
- sleep() Function (SLAX and XSLT)
- split() Function (SLAX and XSLT)
- sysctl() Function (Python, SLAX, and XSLT)
- syslog() Function (Python, SLAX, and XSLT)
- trace() Function (Python, SLAX, and XSLT)
- play_arrow Named Templates for Automation Scripting
- play_arrow Named Templates in the jcs Namespace
-
- play_arrow Manage Automation Scripts
- play_arrow Store and Enable Scripts
- play_arrow Configure a Remote Source for Scripts
- play_arrow Configure the Session Protocol for Scripts
- play_arrow Control Execution of Scripts
- play_arrow Synchronize Scripts Between Routing Engines
- play_arrow Convert Scripts Between SLAX and XSLT
-
- play_arrow Commit Scripts
- play_arrow Commit Scripts Overview
- play_arrow Create and Execute Commit Scripts
- Required Boilerplate for Commit Scripts
- XML Syntax for Common Commit Script Tasks
- Design Considerations for Commit Scripts
- How to Avoid Potential Conflicts When Using Multiple Commit Scripts
- Line-by-Line Explanation of Sample Commit Scripts
- Control the Execution of Commit Scripts During Commit Operations
- Control the Execution of Commit Scripts in the QFabric System
- Configure Checksum Hashes for a Commit Script
- How to Process Large Configurations Against Commit Scripts
- Example: Retrieve the Pre-Inheritance Candidate Configuration in a Commit Script
- play_arrow Generate a Custom Warning, Error, or System Log Message Using Commit Scripts
- Overview of Generating Custom Warning, Error, and System Log Messages
- Generate a Custom Warning, Error, or System Log Message in Commit Scripts
- SLAX and XSLT Commit Script Tag Elements to Use When Generating Messages
- Example: Generate a Custom Warning Message
- Example: Generate a Custom Error Message
- Example: Generate a Custom System Log Message
- play_arrow Generate Persistent or Transient Configuration Changes Using Commit Scripts
- Overview of Generating Persistent or Transient Configuration Changes Using Commit Scripts
- Generate a Persistent or Transient Configuration Change in SLAX and XSLT Commit Scripts
- Generate a Persistent or Transient Configuration Change in Python Commit Scripts
- SLAX and XSLT Commit Script Tag Elements to Use When Generating Persistent and Transient Configuration Changes
- Remove a Persistent or Transient Configuration Change Using Commit Scripts
- Example: Generate Persistent and Transient Configuration Changes Using Commit Scripts
- play_arrow Create Custom Configuration Syntax with Commit Script Macros
- Overview of Creating Custom Configuration Syntax with Commit Script Macros
- Create Custom Configuration Syntax with Commit Script Macros
- Create a Commit Script Macro to Read the Custom Syntax and Generate Related Configuration Statements
- Example: Creating Custom Configuration Syntax with Commit Script Macros
- play_arrow Commit Script Examples
- Example: Adding a Final then accept Term to a Firewall
- Example: Adding T1 Interfaces to a RIP Group
- Example: Assign a Classifier Using a Commit Script
- Example: Automatically Configure Logical Interfaces and IP Addresses
- Example: Configure Administrative Groups for LSPs
- Example: Configure a Default Encapsulation Type
- Example: Configure Dual Routing Engines
- Example: Configure an Interior Gateway Protocol on an Interface
- Example: Control IS-IS and MPLS Interfaces
- Example: Control LDP Configuration
- Example: Create a Complex Configuration Based on a Simple Interface Configuration
- Example: Impose a Minimum MTU Setting
- Example: Limit the Number of ATM Virtual Circuits
- Example: Limit the Number of E1 Interfaces
- Example: Load a Base Configuration
- Example: Prepend a Global Policy
- Example: Prevent Import of the Full Routing Table
- Example: Require Internal Clocking on T1 Interfaces
- Example: Require and Restrict Configuration Statements
- play_arrow Junos XML and XSLT Tag Elements Used in Commit Scripts
- play_arrow Troubleshoot Commit Scripts
-
- play_arrow Op Scripts
- play_arrow Op Scripts Overview
- play_arrow Create and Execute Op Scripts
- Required Boilerplate for Op Scripts
- Map Operational Mode Commands and Output Fields to Junos XML Notation
- How to Use RPCs and Operational Mode Commands in Op Scripts
- Declare and Use Command-Line Arguments in Op Scripts
- Configure Help Text for Op Scripts
- Define Operational Mode Commands to Allow in an Op Script
- Enable an Op Script and Define a Script Alias
- Configure Checksum Hashes for an Op Script
- Execute an Op Script on the Local Device
- Execute an Op Script from a Remote Site
- Disable an Op Script
- play_arrow Op Script Examples
- Change the Configuration Using SLAX and XSLT Scripts
- Example: Change the Configuration Using SLAX and XSLT Op Scripts
- Example: Change the Configuration Using Python Op Scripts
- Example: Customize Output of the show interfaces terse Command Using an Op Script
- Example: Display DNS Hostname Information Using an Op Script
- Example: Find LSPs to Multiple Destinations Using an Op Script
- Example: Restart an FPC Using an Op Script
- Example: Export Files Using an Op Script
- Example: Import Files Using an Op Script
- Example: Search Files Using an Op Script
- play_arrow Provision Services Using Service Template Automation
- play_arrow Troubleshoot Op Scripts
-
- play_arrow SNMP Scripts
- play_arrow SNMP Scripts Overview
- play_arrow Create and Execute SNMP Scripts
- play_arrow SNMP Script Example
- play_arrow Troubleshoot SNMP Scripts
-
- play_arrow Configuration Statements and Operational Commands
ON THIS PAGE
Example: Changing the Interface Configuration in Response to an Event
It might be necessary to modify the configuration in response to a particular event. Starting in Junos OS Release 12.1, you can configure an event policy to make and commit configuration changes when the event policy is triggered by one or more specific events.
This example uses a real-time performance monitoring (RPM) probe to generate PING_TEST_FAILED events for a given interface. Upon receipt of the first instance of three PING_TEST_FAILED events within a 60-second period from the configured RPM probe, the event policy executes a change configuration event policy action that modifies the configuration to administratively disable the specified interface. This type of action might be necessary if you have an unstable, flapping interface that is consistently affecting network performance.
Overview
This example creates an event policy named disable-interface-on-ping-failure. The event policy is configured so that the eventd process listens for PING_TEST_FAILED events generated by a specific RPM probe and associated with the ge-0/3/1 interface. If three PING_TEST_FAILED events occur for the given interface within a 60-second interval, the event policy executes a change configuration action. The event policy configuration commands administratively disable the interface.
To test the event policy, the example configures an RPM probe
that pings the IP address associated with the ge-0/3/1 interface.
In this example, the ge-0/3/1.0 interface is configured with the IPv4
address 10.1.4.1/26. By default, one probe is sent per test, and the
example uses a 5-second pause between tests. After three successive
probe losses, the RPM probe generates a PING_TEST_FAILED event. Because
multiple RPM tests could be running simultaneously, the event policy
matches the owner-name and test-name attributes of the received PING_TEST_FAILED
events to the RPM probe owner name and test name. When the RPM probe
generates three PING_TEST_FAILED events in a 60-second interval, it
triggers the event policy, which disables the interface.
This event policy also demonstrates how to restrict the execution
of the same configuration change multiple times because of occurrences
of the same event or correlated events. In this example, the within 60 trigger on 3 statement specifies that the configuration
change is only triggered on the third occurrence of a PING_TEST_FAILED
event within a 60-second interval. The trigger until 4 statement
specifies that subsequent occurrences of the PING_TEST_FAILED event
should not cause the event policy to re-trigger.
If you only configure the trigger on 3 condition,
the commit operation might go into a loop. The combination of trigger on 3 and trigger until 4 prevents the event
policy from repeatedly making the same configuration change.
Configuration
Configuring the RPM Probe
CLI Quick Configuration
To quickly configure this section of the example, copy
the following commands, paste them into a text file, remove any line
breaks, change any details necessary to match your network configuration,
copy and paste the commands into the CLI at the [edit] hierarchy
level, and then enter commit from configuration mode.
set services rpm probe icmp-ping-probe test ping-probe-test probe-type icmp-ping set services rpm probe icmp-ping-probe test ping-probe-test target address 10.1.4.1 set services rpm probe icmp-ping-probe test ping-probe-test test-interval 5 set services rpm probe icmp-ping-probe test ping-probe-test thresholds successive-loss 3 set system syslog file syslog-event-daemon-info daemon info
Step-by-Step Procedure
To configure the RPM probe, which creates the PING_TEST_FAILED events for this example:
Create an RPM probe named ping-probe-test with owner icmp-ping-probe.
content_copy zoom_out_map[edit services rpm] bsmith@R1# set probe icmp-ping-probe test ping-probe-test
Configure the RPM probe to send ICMP echo requests.
content_copy zoom_out_map[edit services rpm probe icmp-ping-probe test ping-probe-test] bsmith@R1# set probe-type icmp-ping
Configure the RPM probe to send the ICMP echo requests to the ge-0/3/1 interface at IP address 10.1.4.1.
content_copy zoom_out_map[edit services rpm probe icmp-ping-probe test ping-probe-test] bsmith@R1# set target address 10.1.4.1
Configure a 5-second pause between test windows.
content_copy zoom_out_map[edit services rpm probe icmp-ping-probe test ping-probe-test] bsmith@R1# set test-interval 5
Configure the RPM probe threshold so that the PING_TEST_FAILED event is triggered after three successive probe losses.
content_copy zoom_out_map[edit services rpm probe icmp-ping-probe test ping-probe-test] bsmith@R1# set thresholds successive-loss 3
Configure a new log file at the
[edit system syslog]hierarchy level to record syslog events of facilitydaemonand severityinfo.This captures the events sent during the probe tests.
content_copy zoom_out_map[edit system syslog] bsmith@R1# set file syslog-event-daemon-info daemon info
Commit the configuration.
content_copy zoom_out_mapbsmith@R1# commit
Results
From configuration mode, confirm your configuration
by entering the show services and show system syslog commands. If the output does not display the intended configuration,
repeat the instructions in this example to correct the configuration.
[edit]
services {
rpm {
probe icmp-ping-probe {
test ping-probe-test {
probe-type icmp-ping;
target address 10.1.4.1;
test-interval 5;
thresholds {
successive-loss 3;
}
}
}
}
}
system {
syslog {
file syslog-event-daemon-info {
daemon info;
}
}
}
Configuring the Event Policy
CLI Quick Configuration
To quickly configure this section of the example, copy
the following commands, paste them into a text file, remove any line
breaks, change any details necessary to match your network configuration,
copy and paste the commands into the CLI at the [edit] hierarchy
level, and then enter commit from configuration mode.
set event-options policy disable-on-ping-failure events ping_test_failed set event-options policy disable-on-ping-failure within 60 trigger on set event-options policy disable-on-ping-failure within 60 trigger 3 set event-options policy disable-on-ping-failure within 65 trigger until set event-options policy disable-on-ping-failure within 65 trigger 4 set event-options policy disable-on-ping-failure attributes-match ping_test_failed.test-owner matches icmp-ping-probe set event-options policy disable-on-ping-failure attributes-match ping_test_failed.test-name matches ping-probe-test set event-options policy disable-on-ping-failure then change-configuration commands "set interfaces ge-0/3/1 disable" set event-options policy disable-on-ping-failure then change-configuration user-name bsmith set event-options policy disable-on-ping-failure then change-configuration commit-options log "updating configuration from event policy disable-on-ping-failure"
Step-by-Step Procedure
Create and name the event-policy.
content_copy zoom_out_map[edit] bsmith@R1# edit event-options policy disable-interface-on-ping-failure
Configure the event policy to match on the PING_TEST_FAILED event.
content_copy zoom_out_map[edit event-options policy disable-interface-on-ping-failure] bsmith@R1# set events ping_test_failed
Configure the policy to trigger when three PING_TEST_FAILED events occur within 60 seconds.
content_copy zoom_out_map[edit event-options policy disable-interface-on-ping-failure] bsmith@R1# set within 60 trigger on 3
Configure the
within 65 trigger until 4statement to prevent the policy from re-triggering if more than three PING_TEST_FAILED events occur.content_copy zoom_out_map[edit event-options policy disable-interface-on-ping-failure] bsmith@R1# set within 65 trigger until 4
Configure the
attributes-matchstatement so that the event policy is only triggered by the PING_TEST_FAILED events generated by the associated RPM probe.content_copy zoom_out_map[edit event-options policy disable-interface-on-ping-failure] bsmith@R1# set attributes-match ping_test_failed.test-owner matches icmp-ping-probe bsmith@R1# set attributes-match ping_test_failed.test-name matches ping-probe-test
Specify the configuration mode commands that are executed if the event policy is triggered.
Configure each command on a single line, enclose the command string in quotes, and specify the complete statement path.
content_copy zoom_out_map[edit event-options policy disable-interface-on-ping-failure then change-configuration] bsmith@R1# set commands "set interfaces ge-0/3/1 disable"
Configure the
logoption with a comment describing the configuration changes.The comment is added to the commit logs after a successful commit operation is made through the associated event policy.
content_copy zoom_out_map[edit event-options policy disable-interface-on-ping-failure then change-configuration] bsmith@R1# set commit-options log "updating configuration from event policy disable-interface-on-ping-failure"
(Optional) If you have dual Routing Engines, configure the
synchronizeoption to commit the configuration on both Routing Engines. Include theforceoption to force the commit on the other Routing Engine, ignoring any warnings. This example does not configure thesynchronizeandforceoptions.(Optional) Configure the username under whose privileges the configuration changes and commit are made.
If you do not specify a username, the action is executed as user
root.content_copy zoom_out_map[edit event-options policy disable-interface-on-ping-failure then change-configuration] bsmith@R1# set user-name bsmith
Review the output of the
show interfaces ge-0/3/1operational mode command before the configuration change takes place.Note:The interface should be enabled.
content_copy zoom_out_mapbsmith@R1> show interfaces ge-0/3/1 Physical interface: ge-0/3/1, Enabled, Physical link is Up Interface index: 142, SNMP ifIndex: 531 ...
Commit the configuration.
content_copy zoom_out_mapbsmith@R1# commit
Results
From configuration mode, confirm your configuration
by entering the show event-options command. If the output
does not display the intended configuration, repeat the instructions
in this example to correct the configuration.
[edit event-options]
policy disable-interface-on-ping-failure {
events ping_test_failed;
within 60 {
trigger on 3;
}
within 65 {
trigger until 4;
}
attributes-match {
ping_test_failed.test-owner matches icmp-ping-probe;
ping_test_failed.test-name matches ping-probe-test;
}
then {
change-configuration {
commands {
"set interfaces ge-0/3/1 disable";
}
user-name bsmith;
commit-options {
log "updating configuration from event policy disable-interface-on-ping-failure";
}
}
}
}
Verification
Confirm that the configuration is working properly.
- Verifying the Events
- Verifying the Commit
- Verifying the Configuration Changes
- Verifying the Status of the Interface
Verifying the Events
Purpose
To manually test the event policy, take the ge-0/3/1 interface offline until three PING_TEST_FAILED events are generated.
Action
Review the configured syslog file. Verify that the RPM probe generates a PING_TEST_FAILED event after successive lost probes.
bsmith@R1> show log syslog-event-daemon-info Oct 7 15:48:54 R1 rmopd[1345]: PING_TEST_COMPLETED: pingCtlOwnerIndex = icmp-ping-probe, pingCtlTestName = ping-probe-test Oct 7 15:49:54 R1 rmopd[1345]: PING_TEST_COMPLETED: pingCtlOwnerIndex = icmp-ping-probe, pingCtlTestName = ping-probe-test ... Oct 7 15:52:54 R1 rmopd[1345]: RMOPD_ICMP_SENDMSG_FAILURE: sendmsg(ICMP): No route to host Oct 7 15:52:54 R1 rmopd[1345]: PING_PROBE_FAILED: pingCtlOwnerIndex = icmp-ping-probe, pingCtlTestName = ping-probe-test Oct 7 15:52:54 R1 rmopd[1345]: PING_TEST_FAILED: pingCtlOwnerIndex = icmp-ping-probe, pingCtlTestName = ping-probe-test Oct 7 15:52:57 R1 rmopd[1345]: PING_TEST_FAILED: pingCtlOwnerIndex = icmp-ping-probe, pingCtlTestName = ping-probe-test Oct 7 15:53:00 R1 rmopd[1345]: PING_TEST_FAILED: pingCtlOwnerIndex = icmp-ping-probe, pingCtlTestName = ping-probe-test
Verifying the Commit
Purpose
Verify that the event policy commit operation was successful by reviewing the commit log and the messages log file.
Action
Issue the show system commit operational
mode command to view the commit log.
bsmith@R1> show system commit
0 2011-10-07 15:53:00 PDT by bsmith via junoscript
updating configuration from event policy disable-interface-on-ping-failure
1 2011-09-02 14:16:44 PDT by admin via netconf
2 2011-07-08 14:33:46 PDT by root via other
Review the messages log file.
bsmith@R1> show log messages | last 20 Oct 7 15:52:54 R1 rmopd[1345]: RMOPD_ICMP_SENDMSG_FAILURE: sendmsg(ICMP): No route to host Oct 7 15:53:00 R1 file[9972]: UI_COMMIT: User 'bsmith' requested 'commit' operation (comment: updating configuration from event policy disable-interface-on-ping-failure) Oct 7 15:53:02 R1 eventd: EVENTD_CONFIG_CHANGE_SUCCESS: Configuration change successful: while executing policy disable-interface-on-ping-failure with user bsmith privileges
Meaning
The output from the show system commit operational
mode command and the messages log
file verify that Junos OS executed the configured event policy action
to modify and commit the configuration. The commit operation, which
was made through the event policy under the privileges of the user
bsmith at the given date and time, was successful. The show system
commit output and messages log
file reference the commit comment specified in the log statement
at the [edit event-options policy disable-interface-on-ping-failure then change-configuration
commit-options] hierarchy level.
Verifying the Configuration Changes
Purpose
Verify the configuration changes by reviewing the [edit interfaces ge-0/3/1] hierarchy level of the configuration.
Action
bsmith@R1> show configuration interfaces ge-0/3/1
disable;
unit 0 {
family inet {
address 10.1.4.1/26;
}
}
Meaning
The ge-0/3/1 configuration hierarchy was modified through
the event policy to add the disable statement.
Verifying the Status of the Interface
Purpose
Review the output of the show interfaces ge-0/3/1 operational mode command after the configuration change takes place.
Action
Issue the show interfaces ge-0/3/1 operational
mode command. After the event policy configuration change action disables
the interface, the status changes from "Enabled" to "Administratively
down".
bsmith@R1> show interfaces ge-0/3/1 Physical interface: ge-0/3/1, Administratively down, Physical link is Down Interface index: 142, SNMP ifIndex: 531
