Best way to change config then change it back after a while.

I spent some time today trying a couple approaches to this, but they all seemed a little klunky.
I'm looking for the best way to change the BGP prefixes which are advertised out to an ISP, based on some check.  I want to set a timeout so the router won't attempt to send the route again for say 30 minutes after it is triggered, but then will start advertising it again, and monitor to see if the trigger condition returns.  If the trigger condition returns then again withdrawl the route for 30 minutes and so on.
I'm using a prefix-list already to limit outbound route advertisments, so it seems simplest to just make a config change to remove one line in the prefix-list, then a few minutes later put it back.
I tried just using the "cli command wait", but if I set the wait period too long, the applet seemed to die, and never ran the later cli commands to put the prefix-list line back.  There is also a exit-time clause for the event, but I couldn't figure out how to put the line back after the exit-time expired.  Lastly I tried doing an event with a watchdog timer, but also couldn't get that to work either.  Before I spend too much time working on differant options, I wanted to see if anyone had any recommendations.
I've done some TCL scripting on Cisco routers, but that seemed to be overkill for this, and I wanted to keep the config easy to manage for peers who might not be as proficient in TCL scripting.
This is intended for ASR-1002X routers if it matters.
Any suggestions would be much appreciated.
Thanks
Derek

Thanks for all your help Joe. 
Ok, so here is my current script, which seems to be working pretty well (changing to entry-type "value" fixed the variability in detection times).  For testing in the script below, I'm using a 30 second timeout for when the line gets put back, and a 60 second timeout for when monitoring should resume after the event is triggered. The script checks the value of the OID every 5 seconds.
The only other thing I would like to do with it that I can't figure out, is how to use an environment variable for the exit-time.  Ideally, I would just add a value, like 10 seconds, to the ATimeout variable.  However I can't figure out the syntax to just use a var for the exit-time.  Anyone know the secret (or if it is possible?)
event manager environment ATimeout 30
event manager environment q "
no event manager applet DDOS_RESPONSE01
event manager applet DDOS_RESPONSE01
event snmp oid 1.3.6.1.4.1.9.9.166.1.17.1.1.21.80.65538 get-type exact entry-op gt entry-val "0" entry-type value exit-time 60 poll-interval 5
trigger
action 001 cli command "enable"
action 002 cli command "config term"
action 003 cli command "no ip prefix-list PUBLIC_NETWORKS seq 140 permit 10.4.1.0/24 le 32"
action 004 syslog msg "DDoS Attack Detected. Removing Web Srvr Subnet from PUBLIC_NETWORKS for ($ATimeout) seconds."
action 005 cli command "event manager applet RESTORE_PREFIX"
action 006 cli command "event timer countdown time $ATimeout "
action 007 cli command "action 101 cli command $q enable $q"
action 008 cli command "action 102 cli command $q config term $q"
action 009 cli command "action 103 cli command $q no event manager applet RESTORE_PREFIX $q"
action 010 cli command "action 104 cli command $q ip prefix-list PUBLIC_NETWORKS seq 140 permit 10.4.1.0/24 le 32$q"
action 011 cli command "action 105 syslog msg $q DDoS Attack Timeout ($ATimeout) reached. Re-adding Web Srvr Subnet to PUBLIC_NETWORKS. $q "
action 012 cli command "action 106 cli command $q no event manager applet RESTORE_PREFIX $q"
exit
event manager environment ATimeout 30
event manager environment q "
event manager applet DDOS_RESPONSE01
event snmp oid 1.3.6.1.4.1.9.9.166.1.17.1.1.21.80.65538 get-type exact entry-op gt entry-val "0" entry-type value exit-time 60 poll-interval 5
trigger
action 001 cli command "enable"
action 002 cli command "config term"
action 003 cli command "no ip prefix-list PUBLIC_NETWORKS seq 140 permit 10.4.1.0/24 le 32"
action 004 syslog msg "DDoS Attack Detected. Removing Web Srvr Subnet from PUBLIC_NETWORKS for ($ATimeout) seconds."
action 005 cli command "event manager applet RESTORE_PREFIX"
action 006 cli command "event timer countdown time $ATimeout "
action 007 cli command "action 101 cli command $q enable $q"
action 008 cli command "action 102 cli command $q config term $q"
action 009 cli command "action 103 cli command $q no event manager applet RESTORE_PREFIX $q"
action 010 cli command "action 104 cli command $q ip prefix-list PUBLIC_NETWORKS seq 140 permit 10.4.1.0/24 le 32$q"
action 011 cli command "action 105 syslog msg $q DDoS Attack Timeout ($ATimeout) reached. Re-adding Web Srvr Subnet to PUBLIC_NETWORKS. $q "
action 012 cli command "action 106 cli command $q no event manager applet RESTORE_PREFIX $q"
exit

Similar Messages

  • I formatted my ext hard drive and changed it to mac os x extended(journaled). then i put in all my data back. after a while, i insert the hard drive but my macbook cannot read it. plz help

    i formatted my ext hard drive and changed it to mac os x extended(journaled). then i put in all my data back. after a while, i insert the hard drive but my macbook cannot read it. plz help

    SanandaDutta 
    tried on a different mac. The same problem exists.
    If that is the case, its extremely unlikely you have a bad USB cable on the seagate, rather as I mentioned earlier a bad SATA bridge card.
    If the Seagate 1TB USB external wont open on either Mac and youve verified same (try a diff. USB cable if you have one however this is nearly never the case),....then to get the data off that HD (unless it is dead which is also extremely unlikely),......then you would need to extract the HD from its case and insert same into either a HD dock or USB HD enclosure.
    8 out of 10  seemingly dead inopperable 1-3+ year old external HD are perfectly fine, rather the cheap 50 cent SATA bridge card fries and dies (alas)
    reply back if you need help in extracting same. 

  • Am I correct that Photos does not support external editors? i.e., in Aperture, I click Photos Edit with.... and can open in Photoshop or various plug-ins. Changes are then automatically saved back to Aperture. Nonexistent in Photos?

    Am I correct that Photos does not support external editors? i.e., in Aperture, I click Photos > Edit with.... and can open in Photoshop or various plug-ins. Changes are then automatically saved back to Aperture. Nonexistent in Photos?

    Thanks Larry. That certainly gives me some understanding. Can't imagine I'm the only Aperture user with that concern, so I certainly hope Adobe and others will fill the void. Without that feature, Photos is pretty much a non-started for me.

  • Best way for LWAPs to learn changed WLC IP address?

    Hello!
    I'm implementing subnets at a customer's network, and one of these changes is to give a unique subnet to the WLAN users. 
    Since the APs store the WLC's IP address in NVRAM, I'm wondering what the best way is to get them to know its changed IP addres.  (I see that I can give the APs themselves new static IPs to use from within the WLC, but I don't see a clear way to tell them a new IP to contact for their controller.  After a reboot, they still are trying to associate to the original IP address of the WLC.)
    I know we can go onto the console of each one and change it that way, but since these are mounted high up, that is not a particularly desirable solution...  ;^)
    Thanks for any suggestions on the best way to go about making this change! 
    Deb

    If you have two wlc in redundancy configuration, you could always change one wlc address and make changes to the mobility groups and then move AP's over to the new ip wlc. Then change the other one and modify the wlc address in the mobility group again.
    If you have one wlc and you don't want to use option 43 or DNS, you can always set the AP's high availability primary wlc info reflecting the new IP address. Even though you haven't changed the wlc management up yet, the AP's are still joined and known of that ip. So when you change the wlc IP address, the APs will already know the new IP address. I have just done this about a month ago with around 300+ AP's with no issues. You can use WCS/NCS or Prime if you have it, I just script the commands and paste it I tot he wlc CLI to make all the changes.
    Just another option.
    Sent from Cisco Technical Support iPhone App

  • Best way to allow user to change text and image

    Hi,
    A friend wants to change his product images and pricing etc.,
    on his static web pages.
    At the moment each product is within a cell in a table and
    the cell below is where the text for details and pricing is. This
    is the only area he will need to be in. Each product and edtails in
    each cell of a table on each page.
    He does not know anything about web design, Dreamweaver etc.,
    but wants to do update himself.
    I would like to know the best way for me to go about this
    using DW CS3. Maybe there is another script or program that will
    allow this.
    Thanks
    oz

    ozstar wrote:
    > Hi,
    >
    > A friend wants to change his product images and pricing
    etc., on his static
    > web pages.
    >
    > At the moment each product is within a cell in a table
    and the cell below is
    > where the text for details and pricing is. This is the
    only area he will need
    > to be in. Each product and edtails in each cell of a
    table on each page.
    >
    > He does not know anything about web design, Dreamweaver
    etc., but wants to do
    > update himself.
    >
    > I would like to know the best way for me to go about
    this using DW CS3. Maybe
    > there is another script or program that will allow this.
    >
    > Thanks
    >
    >
    > oz
    >
    Hi,
    You could use....
    An easy CMS like -
    http://www.cushycms.com/
    Contentseed -
    http://contentseed.com/
    Contribute -
    http://www.adobe.com/products/contribute/
    HTH
    chin chin
    Sinclair

  • Best way to be advised of changes to a single cached Entry?

    To be advised of all adds/modifies/deletes to a single entry in a cache based on one specific key, what's the best way? create a continuous query with a InKeySetFilter?
    Thanks,
    Andrew

    I believe you can add a MapListener with a specific key, don't need a CQC for that.

  • Changed appleid, then changed back and now apps don't update

    I recently changed my appleid to a new email address, resulting in me not being able to update any of my apps from the previous appleid, (and trust me i tried everything), but now i switch it back to the old appleid(after hours of problem solving) but now the old apps ask for my old appleid but when i try to update them nothing happens, i enter my password then nothing happens. litterally goes back the saying an update is availible but everytime i try to update the app it doesnt. Please help

    Please provide more detail. How was your account changed? What changed? What errors do you get (if any) when trying to update an app? We are kind of going blind here with such vague description of your issue.

  • My apps have all moved on top of each other in the top left corner if I drag them back every time I change page then change back they go back to the corner .what have I done

    My apps have all moved on top of each other in the top left hand corner of the page.every time I drag them back to where they are ghosting on the page ,then change page and back again they r back in the corner again help what have I done

    Try a Reset... press the home and sleep/lock buttons until you see the Apple logo, ignoring the slider. Takes about 5-15 secs of button holding and you won't lose any data or settings.

  • Which one is the best way to collect config and performance details in azure

    Hi ,
    I want to collect the information of both configuration and performance of cloud, virtual machine and web role .I am going to collect all these details using
    java.  so Please suggest which one is the best way. 
    1) REST API
    2) Azure SDK for java
    Regards
    Rathidevi
    rathidevi

    Hi,
    There are four main tasks to use Azure Diagnostics:
    Setup WAD
    Configuring data collection
    Instrumenting your code
    Viewing data
    The original Azure SDK 1.0 included functionality to collect diagnostics and store them in Azure storage collectively known as Azure Diagnostics (WAD). This software, built upon the Event Tracing for Windows (ETW) framework, fulfills two design requirements
    introduced by Azure scale-out architecture:
    Save diagnostic data that would be lost during a reimaging of the instance..
    Provide a central repository for diagnostics from multiple instances.
    After including Azure Diagnostics in the role (ServiceConfiguration.cscfg and ServiceDefinition.csdef), WAD collects diagnostic data from all the instances of that particular role. The diagnostic data can be used for debugging and troubleshooting, measuring
    performance, monitoring resource usage, traffic analysis and capacity planning, and auditing. Transfers to Azure storage account for persistence can either be scheduled or on-demand.
    To know more about Azure Diagnostics, please refer to the below article ( Section : Designing More Supportable Azure Services > Azure Diagnostics )
    https://msdn.microsoft.com/en-us/library/azure/hh771389.aspx?f=255&MSPPError=-2147217396
    https://msdn.microsoft.com/en-us/library/azure/dn186185.aspx
    https://msdn.microsoft.com/en-us/library/azure/gg433048.aspx
    Hope this helps !
    Regards,
    Sowmya

  • Best way to sync data from temp database back to primary one?

    Hello all!!
    I'm trying to figure the best way to remedy this situation.
    I have a RAC cluster...and one instance went down...some problems with all nodes running, etc. Anyway, while working with Oracle support, I was able to get one node up with sqlplus, and I ran a datapump export, and move that file to a test server I have...as that this was the quickest solution, and I was able to get my developers up and running again on the new server.
    I've been working with Oracle support for weeks now...and now all instances on the main RAC cluster all seem to be up and running now.
    The trouble is...the instance that was 'moved' to the test server...has had a LOT of work on it in many of the schemas it contains. I need to move the developers back to the main unit where backups are taken and more horsepower for load testing, etc.
    What is the best way for me to sync the main server up with the changes made in these weeks on the test server.
    Would it be best to take a datapump export from the test box.....move it over to the main server, and basically then....truncate all non-system schemas and just import from the test server (with changes) back onto the main server?
    Any other suggestions?
    Thank you in advance,
    cayenne
    ps. Both main and test servers are same version of Oracle 11Gr2 RAC. No rman backups currently being taken on test server, not in archive log mode on test server.

    The trouble is...the instance that was 'moved' to the test server...has had a LOT of work on it in many of the schemas it contains. I need to move the developers back to the main unit where backups are taken and more horsepower for load testing, etc.What is the nature of the work? Cleaned and filtered data? New code/stored procedures/triggers/metadata?

  • Best way to port photos? mac harddrive back to mac

    I want to save my iPhoto library to my hard drive, wipe my macbook clean, and then re-import the photos. What's the best way? I want to preserve order, events, etc. Also, in the finder, when I look at iPhoto library, there is not a folder that holds these photos...it points me to the iPhoto application. My library is about 73GB.
    Thanks,
    Nile.

    The iPhoto library is now a unix styled folder like applications. Just drag the library package to the EHD. After dragging your library to the external hard drive open it by launching iPhoto with the option key depressed and, when asked, choose the library on the EHD to make sure it's working before you wipe clean your boot drive.

  • Best way to restore game app data to iPad after rebuild

    I rebuilt my UMBP over the weekend. Before doing so I took a copy of my documents, movies etc, and the entire iTunes library folder and placed it onto an external HDD. This was not a Time Machine backup, but a straight copy. After rebuilding, reinstalled latest iTunes and copied just the songs back across and re-authorized the library. I didn't copy the entire folder into the new place, but I still have all the items.
    When I went to connect the wifes iPad for sync, it begins the whole "new device" process and must be "erased to sync." Problem with this is she has one or two apps on there with significant game data (Bejeweled for instance) that she doesn't want to loose.
    Any advice on best way to resolve this, i.e. able to connect the iPad and sync to rebuilt machine without losing the data? Can I obtain the old backup(s) from the folder and use that or am I better just copying the entire folder across from the external drive onto the rebuilt machine. I did have a search and while there is plenty of backup / restore advice, nothing seems to match my situation 100%.
    Thanks in advance.
    Message was edited by: MalMcA - Spelling correction

    Try to backup manually. Disable autosync in iTunes, connect your device, right click on it in the device list and choose backup. This will copy all settings, photos and 3rd party data including your game settings to iTunes. Do the same thing to transfer your purchases to be sure to have the latest apps and media copied over.
    Set up at least one contact and event on the computer, so that calendars and contacts are being merged during the first sync.
    Since all data will be erased during this first sync, use this backup to restore your settings afterwards.
    See what's stored in the backup here: http://support.apple.com/kb/HT1766
    Restoring: http://support.apple.com/kb/HT1414

  • Upgrading from 10.1 to Tiger. Best way to keep OS9 and delete 10.1 after

    I have just bought Tiger to upgrade my current g4 10.1.3 set up. I'd like to do an erase and intall on the disk ( I understand that you can't upgrade 10.1 to 10.4 anyway), and I would also like to have OS9 installed on my machine.
    My software restore CDs are my only copy of 9.2.2, which I am warned will erase my drive when used.
    Should I use these disks first to perform an erase and fresh install of OS9, then install Tiger afterwards ?
    If so, what would be the correct way to remove the restored 10.1 system after installing Tiger ?
    Is there another way to re- install OS9 after installing Tiger without erasing the disk ?
    any help very much appreciated
    Simo Bogdanovic

    Hello Simo.
    Perform an Erase & Install with the Tiger retail install package and afterwards, you can install OS 9.2.2 from your restore CDs. Using the restore CDs to re-install 9.2.2 after installing Tiger will not erase the hard drive unless you erase the drive using Disk Utility from the restore CD.
    Check Mac OS X: Reinstalling Mac OS 9 or recovering from a software restore selecting Installation of Mac OS 9 after Mac OS X for instructions.

  • What is the best way to make a temporary change to my home page?

    I plan to make a change to my home page that will last about a month. I will include information about a current exhibition I am having. Then I will revert back to my current page. My planned approach is to copy and save my current "domain" file, make changes to the copy, publish, then in a month revert backed to the saved original.
    Does this sound like a good approach? Anyone see any problems in doing it this way or better ideas?
    Thanks, David http://web.mac.com/phelpssculpture/iWeb/

    That's should be fine. Making a copy of your "Domain" files will backup your actual site that could be used to publish it again later on.

  • Best way to get the customer changes - CDHDR or IDOC

    Hi All,
    We have a new requirement to get the changes done for a customer/Material on everyday. We would like to know which way is better.
    Is it better to get the changes documents from CDHDR and CDPOS or generate IDOC's through change pointers and get the data from IDOC's. We want to know which one has a better performance ?
    Regards,
    Phanindra

    Hi,
    If you just want to extract the information for reporting, extract the data from CDHDR and CDPOS.  You can use function modules CHANGEDOCUMENT_READ/CHANGEDOCUMENT_READ_HEADERS/CHANGEDOCUMENT_READ_POSITIONS.  If you want to transfer the information to some other systems use IDOCs (with change pointer concept).
    Regards
    Vinod
    Edited by: Vinod Kumar on Apr 26, 2010 12:13 PM

Maybe you are looking for

  • Lacie external drive time machine error

    I'm using my Lacie external drive (2TB) for my time machine. And it has this problem that every time after I put my macbook to sleep, the time machine won't work, it keeps showing this message "error occurred during back up" (but it doesn't not speci

  • IPod touch froze up during restore

    I have been struggling with this issue since getting a refurbished Touch to replace one that got fed to my washing machine. I could not for the life of me get it to restore on my pc..kept geting error 9. It has something to do with USB ports I guess.

  • How to run as privileged user in WebLogic

    I am running WebLogic 10.3. Configured a datasource as well as role-based access policies. In my web app and EJB deployment descriptors, I specified <run-as> roles so there is no problem for servlets and EJB's to access the datasource. However, I als

  • Can I take my AX with me when I travel?

    Can I take my Airport Express with me and use my WiFi in another location?  I'm going to be visiting with family over the next week or two and am not sure they all have WiFi in their homes.  Would my AX be usable?

  • No startup disk found

    I get the folder with the question mark.  Using the restore CD I accessed the Disk Utility but my computer doesn't see the HD.  I purchased a new HD and it still doesn't see it.  What else could be cause this?