EEM / IP SLA to shutdown lossy high RTT BGP neighbor

Hi,
I'm relatively new to the IP SLA procedure and very new to EEM. I'm searching for the most efficient way to monitor the availability (packet loss and latency) of a BGP neighbor from a router to actively shutdown the neighbor relationship in order to failover to a back up L2L VPN I have configured on an ASA. It's important that I'm able to continue monitoring the BGP neighbor so that when the neighbor becomes stable again, I can reenable the BGP neighbor relationship. I've put something quick together (below) but am not sure if it will do what I want. I'd appreciate any suggestions and feedback.
Thank you!
-Mike
ip sla 90
icmp-echo <neighbor_ip> source-ip <source_ip>
threshold 250
timeout 500
frequency 3
ip sla schedule 90 life forever start-time now
ip sla enable reaction-alerts
track 90 ip sla 90 reachability
delay down 3 up 180
event manager applet BGP_NEIGHBOR_DIRTY
description SHUT DOWN BGP NEIGHBOR IF RTT OVER 250 FOR 3 SECONDS
event syslog pattern "90 ip sla 90 reachability Up->Down"
action 1.0 cli command "enable"
action 1.1 cli command "configure term"
action 1.2 cli command "router bgp 63320"
action 1.3 cli command "neighbor <neighbor_ip> shutdown"
action 1.4 cli command "end"
event manager applet BGP_NEIGHBOR_CLEAN
description ENABLE BGP NEIGHBOR IF RTT UNDER 250 FOR 3 MINUTES
event syslog pattern "90 ip sla 90 reachability Down->Up"
action 1.0 cli command "enable"
action 1.1 cli command "configure term"
action 1.2 cli command "router bgp 63320"
action 1.3 cli command "no neighbor <neighbor_ip> shutdown"
action 1.4 cli command "end"

By chosing a target that is along your desired path, you can certainly have a more robust script. I would use loopback to loopback communication as well, this will force the traffic through the router, and also find any potential issues where the peer is alive and sending bgp but not actually passing traffic. You will definitely need some "fudge" factors in there to deal with routers have to process the ICMP packets (Any CoPP will really really skew the results you are getting). I have had experiences where testing to/from a Nexus device gives wildly different results vs testing through the boxes.
HTH

Similar Messages

EEM Script - Check BGP Neighbors and shutdown interfaces

Hello,
We have one router with 2 links to same ISP. We have 1 bgp neighbor for each link.
So, at this router we have 2 links and 2 neighbors with same ISP. And this router have conections with a router reflector
First, we are trying shutdown the router links with router reflector if both neighbor is down. I did this script attached. It´s hard to test it because we will use in 7600 routers. We tested it once and it didnt work as expectted. The variable didn´t work very well...
Any tips? Is this wrong??
Thanks.

Hello,
We have one router with 2 links to same ISP. We have 1 bgp neighbor for each link.
So, at this router we have 2 links and 2 neighbors with same ISP. And this router have conections with a router reflector
First, we are trying shutdown the router links with router reflector if both neighbor is down. I did this script attached. It´s hard to test it because we will use in 7600 routers. We tested it once and it didnt work as expectted. The variable didn´t work very well...
Any tips? Is this wrong??
Thanks.

IP SLA FTP higher RTT than expected

We have setup IP SLA FTP on a few devices to test it as a means for monitoring our WAN connections, ensuring they are providing the bandwidth purchased. This info is collected by Solarwinds Orion for reporting purposes. What we have found though is that the reported RTT is far higher than it should be which makes it insuitable as a mechanism for montoring WAN bandwdith.
One of the devices, a 4500X, has a 10Gb path back to the FTP server it's pulling the file from.
This is the output from show ip sla stat:
IPSLAs Latest Operation Statistics
IPSLA operation id: 40002
Latest RTT: 14978 milliseconds
Latest operation start time: 11:07:07 GMT Wed Dec 11 2013
Latest operation return code: Over threshold
Number of successes: 6
Number of failures: 0
Operation time to live: Forever
On the same 4500X a copy ftp null of the same file from the same FTP server results in:
Accessing ftp://*****:*****@10.246.0.11/test...
Loading test !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 12407926/4096 bytes]
12407926 bytes copied in 22.320 secs (555911 bytes/sec)
Finally, if I try to FTP the same file from my PC which only has a 1Gb NIC, but after going though another switch goes through the same 4500X taking the same path to the FTP server, I get:
ftp> get test
200 PORT command successful.
125 Data connection already open; Transfer starting.
226 Transfer complete.
ftp: 12407926 bytes received in 0.58Seconds 21246.45Kbytes/sec.
So, why is the 4500X (and the other Cisco devices we have tried) so much slower? And is there a way to get realistic RTT values from IP SLA, so we can use it to take meaningful measurements of our WAN?
Thanks for any help!
Steve

We have setup IP SLA FTP on a few devices to test it as a means for monitoring our WAN connections, ensuring they are providing the bandwidth purchased. This info is collected by Solarwinds Orion for reporting purposes. What we have found though is that the reported RTT is far higher than it should be which makes it insuitable as a mechanism for montoring WAN bandwdith.
One of the devices, a 4500X, has a 10Gb path back to the FTP server it's pulling the file from.
This is the output from show ip sla stat:
IPSLAs Latest Operation Statistics
IPSLA operation id: 40002
Latest RTT: 14978 milliseconds
Latest operation start time: 11:07:07 GMT Wed Dec 11 2013
Latest operation return code: Over threshold
Number of successes: 6
Number of failures: 0
Operation time to live: Forever
On the same 4500X a copy ftp null of the same file from the same FTP server results in:
Accessing ftp://*****:*****@10.246.0.11/test...
Loading test !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 12407926/4096 bytes]
12407926 bytes copied in 22.320 secs (555911 bytes/sec)
Finally, if I try to FTP the same file from my PC which only has a 1Gb NIC, but after going though another switch goes through the same 4500X taking the same path to the FTP server, I get:
ftp> get test
200 PORT command successful.
125 Data connection already open; Transfer starting.
226 Transfer complete.
ftp: 12407926 bytes received in 0.58Seconds 21246.45Kbytes/sec.
So, why is the 4500X (and the other Cisco devices we have tried) so much slower? And is there a way to get realistic RTT values from IP SLA, so we can use it to take meaningful measurements of our WAN?
Thanks for any help!
Steve

EEM ip sla is not working

Hi,
i need help with EEM script
have tried below script on 1841 with 12.4(24)T5 but not working
snmp-server enable traps ipsla
snmp-server enable traps event-manager
ip sla 10
icmp-echo 192.168.100.50 source-interface Loopback0
frequency 300
ip sla schedule 10 start-time now
track 20 ip sla 10 reachability
delay down 180
option one tried
event manager applet RESET
event track 10 state down
action 01.0 syslog msg "No ping response "
action 02.0 syslog msg "Reloading The Router"
action 03.0 reload
end
option two
event manager applet RESET
event syslog pattern "%TRACKING-5-STATE: 20 ip sla 10 reachability Up->Down"
action 01.0 syslog msg "No ping response "
action 02.0 syslog msg "Reloading The Router"
action 03.0 reload
end
i want to try ping remote ip every 5 mins , if ping fails wait for 3 mins then trigger reload , and router come up again if ping fails reload again
both are not working as expected ,any help highly appreciated

Your config is mostly correct. You need to do:
ip sla 10
icmp-echo 192.168.100.50 source-interface Loopback0
frequency 300
ip sla schedule 10 start-time now life forever
track 20 ip sla 10 reachability
delay down 180
option one tried
event manager applet RESET
event track 20 state down
action 01.0 syslog msg "No ping response "
action 02.0 syslog msg "Reloading The Router"
action 03.0 reload

Tecra M2 - hard shutdown on high CPU (turns off with no BSOD)

Have been experiencing consistent shutdowns when CPU runs at full for a little while.
- by "shutdowns" I mean complete power cut with no blue screen of death where all is lost and the computer has to be manually restarted.
- by "high CPU" I mean when the processor locks at full usage such as when you insert a column into a large Excel sheet with errors or when you are RARing a large number of files and you open a video from the network or when you run a virus scan and registry scan at the same time.
The problem has been occurring regularly for a couple of months and I can now manufacture an occurrence with high predictability. Using the hardware monitor suite 'Everest', it seems the problem happens when the CPU temperature sits at 99 for more than a minute or so.
It happen with some but never when running from batteries - during attempts to force the error, it will not shutdown if the power cable is pulled out just before the crash point.
In many instances of the problem, there seems to be a small error message which pops up only a fraction of a second before the computer dies.
Every forum and help reference I read would suggest the problem is hardware related and that the chip or motherboard is overheating and in need of replacement. While the laptop is nearly 18 months old, I bought a new "everything but the screen and HDD" early this year and was not prepared to accept the explanation without more testing.
Kantonix Linux works fine and the boot from CD seems to tax the processor as much as the same events that are killing it for me under XP.
A few weeks back, I installed the WinXP on a second HDD in the hotswappable bay and noted the installation seems to run the computer pretty hot and it did not die during the process. No problems were experienced for while but, a few days after moving the reinstalled HDD into the primary position and having reinstalled many many applications, the error started happening again.
Last night I caught it just fractions of a second before death, pulling the power and stopping the process and allowing me to see the error message (as referred above) properly:
- first message was from "TOSHIBA Power Saver" saying "A fatal errorn has occurred x06" (not sure on the last bit)
- second message was from "THotkey.exe" saying "Cannot load powrprof.dll"
- many hundreds of instances of the second message followed.
Due to error messages, I wasn't able to get a screen print.
Any solutions or even ideas about such would be very much appreciated!
Message was edited by: DC-Financial

Hello Markus, thank you for your suggestion and apologies for the lateness of this reply (thought I was supposed to receive email notification (?!?)).
I agree with your initial assessment "sounds like software related issue" and I would hate to think it is hardware - am die hard Toshiba man! (onto my 5th in as many years) .
Anywho, I have been through all the power saver options, as well as the CPU options under the Toshiba HWSetup: the system crashes under all situations if properly encouraged.
NB: Per my understanding, one shouldn't be able to crash a Pentium M, operating within the acceptable environmental conditions and I am working in a room between 16 & 20 degrees.
It is much more difficult to crash when it has been off for a while (ie. when it is cooler) and is more difficult to crash when on batteries as opposed to AC. Tried switching the RAM during the week and after mistakenly thinking it was all fixed, the problem resurfaced again. While I had the keyboard off, I had a look at the fan and there is a bit of dust on it but not very much. I have a Tecra M3 also, which is only half the age and, compared the fans, the M2 is about twice as dusty [if it were on your dinner table you'd wipe it down but there is not so much that you would imagine it to be a problem].
I mentioned previously that I was using Everest to monitor outputs from the temperature sensors and that crashes occur when the CPU temperature sits at 99 degrees for a while. Sometimes after turning it on after a crash, Everest is not able to display the CPU temperature. Am very reluctant to believe that the heat sensor on the chip has malfunctioned as all the internals were replaced in January (as was stolen and recovered somewhat worse for the adventure).
I have had to bite the bullet and move all my work to the Tecra M3 but am not very happy with this (the M3 I have is 1.86Ghz w/ 512MB vs 2.03Ghz w/ 1536MB RAM in the M2). As I'm sure you will appreciate, the cost of the M2 has now already been spent many times over in lost work time but one needs to know if they have an error related to software or if it is hardware, so as not to live in fear of a recurrance.
I will reinstall the M2 OS as soon as the work lag is caught up again (probably later this week) but really don't know what to try other than crash testing after each piece of software is reinistalled. Note, have already run the Toshiba Hardware Diagnosis console with no errors identified.
If you have any suggestions or thoughts on what I should try they are greatly appreciated!

Extremely high jitter in SLA

Hello,
We recently switched to a T1 connection for a remote site, all of a sudden the Jitter Time in our IP SLA jumped to as high as 77 million (from 1 or 2... not million, just one or two). Does anything look wrong? Here's the config & stat output:
ip sla 10
icmp-jitter 10.xx.xx.xx num-packets 20 interval 40
frequency 600
ip sla schedule 10 life forever start-time now
Round Trip Time (RTT) for       Index 10
Type of operation:              icmpJitter
        Latest RTT: 8 milliseconds
Latest operation start time: *22:36:54.404 UTC Thu Dec 9 2010
Latest operation return code: Over threshold
RTT Values:
        Number Of RTT: 20               RTT Min/Avg/Max: 8/8/11
Latency one-way time:
        Number of Latency one-way Samples: 0
        Source to Destination Latency one way Min/Avg/Max: 0/0/0
        Destination to Source Latency one way Min/Avg/Max: 0/0/0
Jitter Time:
        Number of Jitter Samples: 19
        Source to Destination Jitter Min/Avg/Max: 77815000/77815000/77815000
        Destination to Source Jitter Min/Avg/Max: 77815000/77815000/77815001
Packet Late Arrival: 0
Out Of Sequence: 0
        Source to Destination: 0        Destination to Source 0
        In both Directions: 10
Packet Skipped: 0
Packet Loss: 0
        Loss Period Length Min/Max: 0/0
Number of successes: 0
Number of failures: 1
Operation time to live: Forever
Thank you for any input!
James

Version 12.3(8r)YH12 (model 1811 remote site), Version 12.4(13r)T11 (model 3825, primary router). There are two IP SLAs configured. The second one (IP SLA 20) is normal. Here's the statistics for the second one to compare. The funny part is the route to the IP address in the IP SLA 20 goes through the first IP address (primary router) in IP SLA 10.
Round Trip Time (RTT) for       Index 20
Type of operation:              icmpJitter
        Latest RTT: 19 milliseconds
Latest operation start time: 13:52:25.339 UTC Mon Dec 13 2010
Latest operation return code: OK
RTT Values:
        Number Of RTT: 20               RTT Min/Avg/Max: 19/19/31
Latency one-way time:
        Number of Latency one-way Samples: 0
        Source to Destination Latency one way Min/Avg/Max: 0/0/0
        Destination to Source Latency one way Min/Avg/Max: 0/0/0
Jitter Time:
        Number of Jitter Samples: 19
        Source to Destination Jitter Min/Avg/Max: 0/0/0
        Destination to Source Jitter Min/Avg/Max: 1/1/1
Packet Late Arrival: 0
Out Of Sequence: 0
        Source to Destination: 0        Destination to Source 1
        In both Directions: 0
Packet Skipped: 0
Packet Loss: 0
        Loss Period Length Min/Max: 0/0
Number of successes: 3
Number of failures: 0
Operation time to live: Forever
The routers' times are not set with NTP. They are set manually, the remote site was about a few minutes off (compared to the primary router). I've manually set it to within 1 second time now. But that didn't fix the issue.
Any other settings that could affect this?
Thanks again for the help!
James

ALL IP SLAs to dmVPN spokes give invalid RTT=1 . Nodes use NTP. What can be the reason for this?

IP SLA Measurements are invalid. RTT should be 20 to 60ms, but IP SLAs deliver RTT=1ms. This applies for UDP Jitter and UDP echo IP SLAs.
Nodes use NTP time.

you can use any router you want - I use a netgear others belkin - up to you.
If you like a post, or want to say thanks for a helpful answer, please click on the Ratings star on the left-hand side of the post.
If someone answers your question correctly please let other members know by clicking on ’Mark as Accepted Solution’.

SNMP TRAPS and SLA

HI
I am trying to configure IP SLA to send SNMP TRAPS but looks like doing some mistake ..
i have following configured
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-ascii-font-family:Cambria;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Cambria;
mso-hansi-theme-font:minor-latin;}
ip sla monitor 2
type echo protocol ipIcmpEcho 150.1.3.3 source-ipaddr 1.1.98.7
frequency 10!
ip sla monitor schedule 2 start-time now recurring
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-ascii-font-family:Cambria;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Cambria;
mso-hansi-theme-font:minor-latin;}
ip sla reaction-configuration 2 react rtt threshold-type immediate action-type trapOnly
ip sla logging traps
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-ascii-font-family:Cambria;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Cambria;
mso-hansi-theme-font:minor-latin;}
snmp-server community public RO
snmp-server enable traps rtr
snmp-server host 1.1.128.226 public
1.1.98.7 is the loopback ip on my network. To test the snmp traps, i enabled debug snmp packets and shutdown loopback interface (1.1.98.7)
I don't see any snmp message in debug output ..
am i missing something or it is not possible to get traps directly from ip sla .. do i need EEM for this?

sorry, it actually worked .. i just gave a restart to ip sla and it worked.
looks like router was already in threshold stage when i was activating reaction-config ..
but i am still confused which command is actualluy generating these traps since i have taken out some of the snmp config out and i stil get traps ..
below is the oputput of traps which i get when i restart ip sla .
*Feb 15 17:10:43.453: SNMP: 150.150.1.1 queue overflow, dropping packet
*Feb 15 17:10:43.453: SNMP: Queuing packet to 150.150.1.1
*Feb 15 17:10:43.453: SNMP: V1 Trap, ent rttMonNotificationsPrefix, addr 65.65.2.2, gentrap 6, spectrap 3
rttMonCtrlAdminTag.1 =
rttMonHistoryCollectionAddress.1 = 41 41 03 03
rttMonCtrlOperOverThresholdOccurred.1 = 1
*Feb 15 17:10:43.497: SNMP: 150.150.1.1 queue overflow, dropping packet
*Feb 15 17:10:43.501: SNMP: Queuing packet to 150.150.1.1
*Feb 15 17:10:43.501: SNMP: V1 Trap, ent rttMonNotificationsPrefix, addr 65.65.2.2, gentrap 6, spectrap 5
rttMonCtrlAdminTag.1 =
rttMonHistoryCollectionAddress.1 = 41 41 03 03
rttMonReactVar.1 = 1
rttMonReactOccurred.1 = 1
rttMonReactValue.1 = 12
rttMonReactThresholdRising.1 = 5
rttMonReactThresholdFalling.1 = 1
rttMonEchoAdminLSPSelector.1 = 00 00 00 00
*Feb 15 17:10:43.585: SNMP: 150.150.1.1 queue overflow, dropping packet
*Feb 15 17:10:43.585: SNMP: Queuing packet to 150.150.1.1
*Feb 15 17:10:43.585: SNMP: V1 Trap, ent rttMonNotificationsPrefix, addr 65.65.2.2, gentrap 6, spectrap 5
rttMonCtrlAdminTag.1 =
rttMonHistoryCollectionAddress.1 = 41 41 03 03
rttMonReactVar.1 = 1
rttMonReactOccurred.1 = 1
rttMonReactValue.1 = 12
rttMonReactThresholdRising.1 = 5
rttMonReactThresholdFalling.1 = 1
rttMonEchoAdminLSPSelector.1 = 00 00 00 00
below is my running config and sh ver
R2#sh ver
Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 12.4(24)T1, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Fri 19-Jun-09 15:13 by prod_rel_team
ROM: System Bootstrap, Version 12.4(1r) [hqluong 1r], RELEASE SOFTWARE (fc1)
R2 uptime is 8 hours, 9 minutes
System returned to ROM by power-on
System image file is "flash:c2800nm-adventerprisek9-mz.124-24.T1.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco 2811 (revision 53.50) with 237568K/24576K bytes of memory.
Processor board ID FTX0952C333
2 FastEthernet interfaces
4 Serial(sync/async) interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
62720K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2102
R2#
R2#sh run
Building configuration...
Current configuration : 2233 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname R2
boot-start-marker
boot-end-marker
no aaa new-model
memory-size iomem 10
dot11 syslog
ip source-route
ip cef
ipv6 unicast-routing
ipv6 cef
multilink bundle-name authenticated
voice-card 0
vtp domain 29
vtp mode transparent
archive
log config
hidekeys
interface Loopback0
ip address 65.65.2.2 255.255.255.0
interface FastEthernet0/0
shutdown
duplex auto
speed auto
interface FastEthernet0/1
ip address 65.65.128.193 255.255.255.224
shutdown
duplex auto
speed auto
interface Serial0/2/0
ip address 65.65.13.2 255.255.255.224
encapsulation ppp
clock rate 2000000
interface Serial0/3/0
no ip address
shutdown
router ospf 65
router-id 65.65.2.2
log-adjacency-changes
network 65.65.2.2 0.0.0.0 area 1
network 65.65.13.2 0.0.0.0 area 1
network 65.65.128.193 0.0.0.0 area 1
ip forward-protocol nd
no ip http server
no ip http secure-server
ip sla 1
icmp-echo 65.65.3.3 source-ip 65.65.2.2
request-data-size 1500
frequency 10
ip sla schedule 1 life forever start-time now
ip sla reaction-configuration 1 react rtt threshold-value 5 1 threshold-type immediate action-type trapOnly
snmp-server community public RO
snmp-server host 150.150.1.1 public
control-plane
mgcp fax t38 ecm
mgcp behavior g729-variants static-pt
line con 0
line aux 0
line vty 0 4
login
scheduler allocate 20000 1000
end
R2#
R2#

IP SLA Proactive xofy bug

Hi All,
Has anyone came across this weird bug that when you configure ip sla in proactive with xofy, it will generate two syslog messages?
Here is how I am using it:
ip sla reaction-configuration 3 react rtt threshold-value 100 70 threshold-type xofy 2 5 action-type triggerOnly
Mar 5 10:27:06.976: %RTT-3-IPSLATHRESHOLD: IP SLAs(3): Threshold below for rtt
Mar 5 10:27:06.980: %RTT-3-IPSLATHRESHOLD: IP SLAs(3): Threshold below for rtt
And therefore, causing EEM to act twice ..which is a memory/cpu waste.
Mar 5 10:26:47.516: %SYS-5-CONFIG_I: Configured from console by vty1
Mar 5 10:26:47.620: %SYS-5-CONFIG_I: Configured from console by vty2
Using average or immediate works just fine.
One more thing ..i'm not sure if I understood 'average' , does it mean that if you have it configured for 5 attempts , you for example get a failure today, and the other day another 4 failures then it will trigger?
Here is my IOS:
Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 15.0(1)M
Thanks

The same results comes from c871 and c1811 too.
Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(15)T10, RELEASE SOFTWARE (fc3)
Cisco IOS Software, C181X Software (C181X-ADVIPSERVICESK9-M), Version 15.0(1)M, RELEASE SOFTWARE (fc2)

EEM Syslog Pattern Capture

Hello Community,
Can someone please let me know if its possible to have a EEM script activated when particular word appears in a syslog.
For the following is a syslog message:
Sep 19 09:11:33.966: %HA_EM-2-LOG: utilisationHighInterfaceUtilization.tcl: 992&You are experiencing abnormally high traffic utilization |ifu|/15
Would it be possible if have a EEM script activated when the word "high traffic utilization" from the above syslog message appears?
I have tried with the following but it won't work.
event manager applet toptalkers
event syslog pattern "high traffic utilization"
action 1.0 cli command "enable"
action 1.5 cli command "show flow monitor FlowMonitor1 cache aggregate ipv4 protocol"
action 4.0 mail server "10.44.xxx.xxx" to "[email protected]" from "[email protected]" subject "toptalkers." body "TopTalker Script $_cli_result"
Cheers
Carlton
BTW, I will respond to the other questions I have posted on this forum.

Hello Community,
I figured out why it doesn't work.
Its because the event isn't, technically speaking, a syslog event. Therefore, can someone please show me how to make the script work with the event as stated above:
Sep 19 09:11:33.966: %HA_EM-2-LOG: utilisationHighInterfaceUtilization.tcl: 992&You are experiencing abnormally high traffic utilization |ifu|/15
Cheers
Carlton

IP-sla udp-jitter / one-way delay no output

Hi *,
i have a question regarding "ip sla udp-jitter".
On some connectins i get an output for the "show ip sla stat" for the _one-way delay_
on other links i don't get an output. The Configuration is always the same and the Probes are running.
NTP is configured but in my opinion the fact weather i get output for the _one-way delay_
or not depends on the ntp root despersion.
Is there a max allowed time differances between the two routes ?
Here one working / one not working output of the same Router but different peers:
Not working::
Latest operation return code: OK
RTT Values:
Number Of RTT: 100RTT Min/Avg/Max: 11/11/13 milliseconds
Latency one-way time:
Number of Latency one-way Samples: 0
Source to Destination Latency one way Min/Avg/Max: 0/0/0 milliseconds
Destination to Source Latency one way Min/Avg/Max: 0/0/0 milliseconds
Working:
Latest operation return code: OK
RTT Values:
Number Of RTT: 100RTT Min/Avg/Max: 12/13/14 milliseconds
Latency one-way time:
Number of Latency one-way Samples: 100
Source to Destination Latency one way Min/Avg/Max: 6/7/8 milliseconds
Destination to Source Latency one way Min/Avg/Max: 5/6/7 milliseconds
I hope one of you can help me to find / fix the problem,
Thanks in advance / Emanuel

Hi everyone,
I have the same doubt.
I did a ip sla configuration on 1841 and 7206VXR and don't show nothing in one-way delay.
----------------------7206---------------------
-ip sla monitor responder
-ip sla monitor 1
- type jitter dest-ipaddr 10.9.105.14 dest-port 16384 source-ipaddr 10.8.20.102 codec g711alaw
- tos 184
-ip sla monitor schedule 1 start-time now
-ntp peer 10.9.105.14
HOST)#show ip sla sta
Round Trip Time (RTT) for       Index 1
        Latest RTT: 507 milliseconds
Latest operation start time: 10:57:36.619 UTC Sun Oct 10 2010
Latest operation return code: OK
RTT Values:
        Number Of RTT: 1000             RTT Min/Avg/Max: 125/507/846 milliseconds
Latency one-way time:
        Number of Latency one-way Samples: 0
        Source to Destination Latency one way Min/Avg/Max: 0/0/0 milliseconds
        Destination to Source Latency one way Min/Avg/Max: 0/0/0 milliseconds
Jitter Time:
        Number of Jitter Samples: 999
        Source to Destination Jitter Min/Avg/Max: 1/1/6 milliseconds
        Destination to Source Jitter Min/Avg/Max: 1/5/23 milliseconds
Packet Loss Values:
        Loss Source to Destination: 0           Loss Destination to Source: 0
        Out Of Sequence: 0      Tail Drop: 0    Packet Late Arrival: 0
Voice Score Values:
        Calculated Planning Impairment Factor (ICPIF): 17
        Mean Opinion Score (MOS): 3.84
Number of successes: 38
Number of failures: 0
Operation time to live: 1347 sec
-------------------------1841-------------------------------
-ip sla monitor responder
-ip sla monitor 1
- type jitter dest-ipaddr 10.8.20.102 dest-port 16384 source-ipaddr 10.9.105.14 codec g711alaw
- tos 184
-ip sla monitor schedule 1 start-time now
-ntp peer 10.8.20.102
3383)#show ip sla monitor statistic
Round trip time (RTT)   Index 1
        Latest RTT: 614 ms
Latest operation start time: 10:50:50.491 UTC Wed Oct 27 2010
Latest operation return code: OK
RTT Values
        Number Of RTT: 999
        RTT Min/Avg/Max: 347/614/867 ms
Latency one-way time milliseconds
        Number of one-way Samples: 0
        Source to Destination one way Min/Avg/Max: 0/0/0 ms
        Destination to Source one way Min/Avg/Max: 0/0/0 ms
Jitter time milliseconds
        Number of SD Jitter Samples: 997
        Number of DS Jitter Samples: 998
        Source to Destination Jitter Min/Avg/Max: 0/6/19 ms
        Destination to Source Jitter Min/Avg/Max: 0/1/3 ms
Packet Loss Values
        Loss Source to Destination: 1           Loss Destination to Source: 0
        Out Of Sequence: 0      Tail Drop: 0    Packet Late Arrival: 0
Voice Score Values
        Calculated Planning Impairment Factor (ICPIF): 20
MOS score: 3.72
Number of successes: 32
Number of failures: 0
Operation time to live: 1668 sec

Ip SLA RTP based VOIP Operation - To find out MOS value

Hi All,
I am new to VOIP. We are trying to find out the MOS value in our VOIP network. For that we thought of using IP SLA RTP Based VOIP operation to get the MOS values. http://www.cisco.com/en/US/docs/ios/12_4t/12_4t4/htrtpvip.html
I ve used 3825 with NM HDV module with 3 DSP as SLA originator and AS 5400 XM as SLA responder.
But i'm not getting the MOS values,
show ip sla statistics shows that the operation failed due to Format Failure.
I ve attached the config of my 3825. Kindly go through it and advise if any changes to be done.
In AS 5400 XM there is no special config related to this. I ve enabled only " IP SLA RESPONDER"
Error message:
LAB-3825-R6# sh ip sla stat
Round Trip Time (RTT) for Index 1
Type of operation: rtp
Latest operation start time: *05:04:58.707 UTC Wed May 14 2008
Latest operation return code: Format failure
Latest RTT (milliseconds): 0
Source to Destination Path Measurements:
Interarrival Jitter: 0
Packets Sent: 0
Packets Lost: 0
Estimated R-factor: 0 MOS-CQ: 0.00
Destination to Source Path Measurements:
Interarrival Jitter: 0
Packets Sent: 0
Packets Lost: 0
Estimated R-factor: 0 MOS-CQ: 0.00
Operation time to live: Forever
Operational state of entry: Active
Last time this entry was reset: Never
LAB-3825-R6# sh ip sla stat aggre
Round Trip Time (RTT) for Index 1
Type of operation: rtp
Start Time Index: *05:06:21.019 UTC Wed May 14 2008
Number of successful operations: 0
Number of operations over threshold: 0
Number of failed operations due to a Timeout: 0
Number of failed operations due to a No Connection: 1
Number of failed operations due to an Internal Error: 5
Number of failed operations due to a Sequence Error: 0
RTT (avg/min/max): 0/0/0 ms
Source to Destination Path Measurements:
Interarrival Jitter (avg/min/max): 0/0/0
Packets Sent (avg/min/max): 0/0/0
Packets Lost (avg/min/max): 0/0/0
Estimated R-factor (avg/min/max): 0/0/0
MOS-CQ (avg/min/max): 0.00/0.00/0.00
Destination to Source Path Measurements:
Interarrival Jitter (avg/min/max): 0/0/0
Packets Sent (avg/min/max): 0/0/0
Packets Lost (avg/min/max): 0/0/0
Estimated R-factor (avg/min/max): 0/0/0
MOS-CQ (avg/min/max): 0.00/0.00/0.00
Any help is greatly appreciated.
thanks in advance.

Hi,
AS 5400 cannot be used even as SLA responder for RTP probe. Thats the reason i got the Format Failure error. We can view the type of SLA Probes the router supports by issuing the following command:
sh ip sla application.
for eg below is what i ve taken from AS 5400
sh ip sla application
IP Service Level Agreements
Version: Round Trip Time MIB 2.2.0, Infrastructure Engine-II
Time of last change in whole IP SLAs: 10:48:00.737 IST Tue May 20 2008
Estimated system max number of entries: 49625
Estimated number of configurable operations: 49608
Number of Entries configured : 17
Number of active Entries : 17
Number of pending Entries : 0
Number of inactive Entries : 0
Supported Operation Types
Type of Operation to Perform: dhcp
Type of Operation to Perform: dlsw
Type of Operation to Perform: dns
Type of Operation to Perform: echo
Type of Operation to Perform: frameRelay
Type of Operation to Perform: ftp
Type of Operation to Perform: http
Type of Operation to Perform: icmpJitter
Type of Operation to Perform: jitter
Type of Operation to Perform: pathEcho
Type of Operation to Perform: pathJitter
Type of Operation to Perform: tcpConnect
Type of Operation to Perform: udpEcho
Type of Operation to Perform: voip
IP SLAs low memory water mark: 68416281
chnmgw1#
Hope this will help others looking for RTP based VOIP operation..

EEM Applet Using IPSLA ED

After reading the docs on the IPSLA ED, I decided to write the following applet just to see if I understand how to use it.
ip sla responder
ip sla enable reaction-alerts
ip sla 1
udp-jitter 210.210.210.1 16384 num-packets 100 interval 20
request-data-size 172
tos 176
ip sla schedule 1 start-time now life forever
ip sla reaction-configuration 1 react jitterDSAvg threshold-value 35 30 threshold-type consecutive 3
ip sla reaction-configuration 1 react jitterSDAvg threshold-value 35 30 threshold-type consecutive 3
ip sla reaction-configuration 1 react rtt threshold-value 225 200 threshold-type consecutive 3
ip sla reaction-configuration 1 react packetLossSD threshold-value 2 1 threshold-type consecutive 3
ip sla reaction-configuration 1 react packetLossDS threshold-value 2 1 threshold-type consecutive 3
event manager applet VoIP-Test-Alert
description "Send syslog msg if rrt delay > 225 or jitter > 35 ms or packet loss > 2%”
event tag e1 ipsla operation-id 1 reaction-type jitterDSAvg
event tag e2 ipsla operation-id 1 reaction-type jitterSDAvg
event tag e3 ipsla operation-id 1 reaction-type rtt
event tag e4 ipsla operation-id 1 reaction-type packetLossSD
event tag e5 ipsla operation-id 1 reaction-type packetLossDS
trigger occurs 1 period 360
correlate event e1 or event e2 or event e3 or event e4 or event e5
action 1.0 if $_ipsla_measured_threshold_value gt $_ipsla_threshold_rising
action 2.0 syslog priority notification msg "$_ipsla_react_type = $_ipsla_measured_threshold_value is over threshold $_ipsla_threshold_rising to destination $_ipsla_dest_ip_addr”
action 3.0 end
Seems to work but I cannot figure whether using applets if it is possible to expend this by having another applet realize that all my reactions for IP SLA 1 are under their falling theshold and thus issue a syslog message that all is A-OK.
thx in advance for any suggestions.

Thank you. That would do it for that but now I have another issue.
I want to expand my applet so only one applet would be all that is needed to alert for ip sla tests to multiple targets so I tried yesterday to expand my applet to somethink like the following:
event manager applet VoIP-Test-Alert
description "Send syslog msg if rrt delay > 225 or jitter > 35 ms or packet loss > 2%”
event tag e1 ipsla group-name 1 reaction-type jitterDSAvg
event tag e2 ipsla group-name 1 reaction-type jitterSDAvg
event tag e3 ipsla group-name 1 reaction-type rtt
event tag e4 ipsla group-name 1 reaction-type packetLossSD
event tag e5 ipsla group-name 1 reaction-type packetLossDS
trigger occurs 1 period 360
correlate event e1 or event e2 or event e3 or event e4 or event e5
I then used the ip sla schedule command to put ip sla operation-id 1 into schedule group id 1. But when I tested, I got the Ip SLA threshold exceeded syslog messages but my applet failed to trigger.
I am not understading something here in regards to IP SLA ED use of group-name. In IP SLA schedule group ids are integers while in the applet group-name are strings. Thus I suspect I am not correctly creating the ip sla group correctly.
Thanks in advance again for any help.

Classification of IP SLA

Hello peeps!
I'm wondering who would I classify IP SLA packets?
I have ip sla going from 192.168.1.1 to 192.168.1.2
Voice, ftp and streaming are all classified and LLQ in place
But IP SLA fails because of high volume on the serial line

Hi
You can do a couple of things:
1) Use the 'tos' command under IP SLA config to set it into the DSCP based classes (example:http://www.ccde-study.com/2008/11/ip-sla-dscp-testing.html)
2) Ensure that your WAN QoS classifications include the IP SLA streams specifically.
Regards
Aaron
Please rate helpful posts..

High speed

Have been a customer for 20 yrs. Please give me High speed. every neighbor has it but 3 of us. I ask you what is the problem . I would love to bundle Direc Tv Verizon & Wireless. It is always impossible. My children need it for High School I need It for my business.(will go elsewhere to complete work if possible) This is a total injustice for tax paying customers. You really need to keep upgrading your systems. Or we will go elswhere. Last chance
Dawn Smith
{edited for privacy}
Message Edited by KaLin on 02-13-2009 09:58 PM

> I have a LabView program that takes data from a laser doppler
> velocimeter counter. The program waits for a rising edge, then sets an
> output low, then reads sixteen bits of data, then sets the same output pin
> high, and then waits for more data. According to the oscilloscope, this
> is taking about twenty milliseconds. Does LabView automatically go DMA,
> or will it try to temporarily store it on the hard drive? The data isn't
> processed until all of it has been taken, so all the pertinent part of the
> program is doing is reading sixteen bits of data and hanging onto them
> until all the data has been taken.
> Frankly, 20 ms read time (50 Hz!) is just WAAAAAAAY too slow for
> the flows being analyzed. I am still new to Labview, and I on't kno
w if
> my program is storing things in ram or writing to the HD. Whatever it's
> doing, it's too slow. THe computer is an older P120, but it seems like it
> should be faster than this. Any input?
>
LabVIEW does what the diagram tells it to. If you are calling a single point
Analog read function in a loop, it is software timed and the overhead
for this
type of acquisition is pretty high. If you configure the card to trigger
when it sees the edge and tell it how many post-trigger points to return,
then the DAQ will be hardware timed and is limited by the clock on the
board and the configurability of its various counters and ADCs. Look at
some examples that do triggering and HW timing.
LV doesn't write anything to disk unless you tell it to with a write icon.
The values you collect can be collected in an array and written to disk when
there is computer time to do so. If you don't have much memory in your
computer, the OS may be using virtual memory without LV even knowing
about
it.
Greg McKaskle

EEM / IP SLA to shutdown lossy high RTT BGP neighbor

Similar Messages

Maybe you are looking for