Example: Changing the Configuration Using an Event Policy
It might be necessary to modify the configuration in response to a particular event. Starting in Junos OS Release 12.1, you can configure an event policy to make and commit configuration changes when the event policy is triggered by one or more specific events.
This example simulates an SNMP_TRAP_LINK_DOWN event for a specific interface. Upon receipt of the event, the event policy uses the change-configuration action to modify the configuration of a static route to use a new next-hop IP address through a different exit interface.
Routing, switching, or security device running Junos OS Release 12.1 or later.
You can configure an event policy action to modify the configuration when the policy is triggered by a single event or correlated events. Suppose you have a static route to the 10.1.10.0/24 network with a next-hop IP address of 10.1.2.1 through the exit interface ge-0/3/1. At some point, this interface goes down, triggering an SNMP_TRAP_LINK_DOWN event.
This example creates an event policy named update-on-snmp-trap-link-down. The event policy is configured so that the eventd process listens for an SNMP_TRAP_LINK_DOWN event associated with the interface ge-0/3/1.0. If the interface goes down, the event policy executes a change configuration action. The event policy configuration commands remove the static route through the ge-0/3/1 exit interface and create a new static route to the same target network with a next-hop IP address of 10.1.3.1 through the exit interface ge-0/2/1. The commands are executed in the order in which they appear in the event policy.
The event policy change configuration commit operation is executed under the username bsmith with a commit comment specifying that the change was made through the associated event policy. The retry count is set to 5 and the retry interval is set to 4 seconds. If the initial attempt to issue the configuration change fails, the system attempts the configuration change 5 additional times and waits 4 seconds between each attempt.
Although not presented here, you might have a second, similar event policy that executes a change configuration action to update the static route when the interface comes back up. In that case the policy would trigger on the SNMP_TRAP_LINK_UP event for the same interface.
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them in a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the  hierarchy level:
Configuring the Event Policy
- Create and name the event policy.bsmith@R1# edit event-options policy update-on-snmp-trap-link-down
- Configure the events statement so that the
event policy triggers on the SNMP_TRAP_LINK_DOWN event.
Set the attributes-match statement so that the policy triggers only if the SNMP_TRAP_LINK_DOWN event occurs for the ge-0/3/1.0 interface.[edit event-options policy update-on-snmp-trap-link-down]bsmith@R1# set events snmp_trap_link_downbsmith@R1# set attributes-match snmp_trap_link_down.interface-name matches ge-0/3/1.0
- Specify the configuration mode commands that are executed
if the ge-0/3/1 interface goes down.
Configure each command on a single line, enclose the command string in quotes, and specify the complete statement path.[edit event-options policy update-on-snmp-trap-link-down then change-configuration]bsmith@R1# set commands "delete routing-options static route 10.1.10.0/24 next-hop"bsmith@R1# set commands "set routing-options static route 10.1.10.0/24 next-hop 10.1.3.1"
- Configure the commit options.
Configure the log option with a comment describing the configuration changes. The comment is added to the commit logs after a successful commit operation is made through the associated event policy.[edit event-options policy update-on-snmp-trap-link-down then change-configuration]bsmith@R1# set commit-options log "updating configuration from event policy update-on-snmp-trap-link-down"
If you have dual Routing Engines, configure the synchronize option to commit the configuration on both Routing Engines. Include the force option to force the commit on the other Routing Engine, ignoring any warnings. This example does not configure the synchronize and force options.
- (Optional) Configure the retry count and retry interval.
In this example, count is set to 5 and the interval is 4 seconds.[edit event-options policy update-on-snmp-trap-link-down then change-configuration]bsmith@R1# set retry count 5 interval 4
- (Optional) Configure the username under whose privileges
the configuration changes and commit are made.
If you do not specify a username, the action is executed as user root.[edit event-options policy update-on-snmp-trap-link-down then change-configuration]bsmith@R1# set user-name bsmith
- Configure a new log file
at the [edit system syslog] hierarchy level to record syslog
events of facility daemon and severity warning.
This captures the SNMP_TRAP_LINK_DOWN events.[edit system syslog]bsmith@R1# set file syslog-event-daemon-warning daemon warning
- To test this example, configure a static route to the
10.1.10.0/24 network with a next hop IP address of 10.1.2.1.bsmith@R1# set routing-options static route 10.1.10.0/24 next-hop 10.1.2.1
- Commit the configuration.bsmith@R1# commit
- Review the [edit routing-options static] hierarchy
level of the configuration before disabling the ge-0/3/1 interface,
and note the next hop IP address.
bsmith@R1> show configuration routing-options static ... route 10.1.10.0/24 next-hop 10.1.2.1; ...
- To manually test the event policy, take the ge-0/3/1 interface
temporarily offline to generate the SNMP_TRAP_LINK_DOWN event. bsmith@R1# set interfaces ge-0/3/1 disablebsmith@R1# commit
Confirm that the configuration is working properly.
Verifying the Status of the Interface
Verify that the ge-0/3/1 interface is down and that it triggered the SNMP_TRAP_LINK_DOWN event.
Issue the show interfaces ge-0/3/1 operational mode command. The command output shows that the interface is administratively offline.
bsmith@R1> show interfaces ge-0/3/1
Physical interface: ge-0/3/1, Administratively down, Physical link is Down <output omitted>
Review the contents of the system log file configured in Step 7. The output shows that the ge-0/3/1.0 interface went down and generated an SNMP_TRAP_LINK_DOWN event.
bsmith@R1> show log syslog-event-daemon-warning
Oct 10 18:00:57 R1 mib2d: SNMP_TRAP_LINK_DOWN: ifIndex 531, ifAdminStatus down(2), ifOperStatus down(2), ifName ge-0/3/1.0
Verifying the Commit
Verify that the event policy commit operation was successful by reviewing the commit log and the messages log file.
Issue the show system commit operational mode command to view the commit log. In this example, the log confirms that the configuration was committed through the event policy under the privileges of user bsmith at the given date and time.
bsmith@R1> show system commit
0 2011-10-10 18:01:03 PDT by bsmith via junoscript updating configuration from event policy update-on-snmp-trap-link-down 1 2011-09-02 14:16:44 PDT by admin via netconf 2 2011-07-08 14:33:46 PDT by root via other
messages log file. Upon receipt of the SNMP_TRAP_LINK_DOWN event, Junos OS
executed the configured event policy action to modify and commit the
configuration. The commit operation occurred under the privileges
of user bsmith.
bsmith@R1> show log messages | last 20
... Oct 10 18:00:57 R1 mib2d: SNMP_TRAP_LINK_DOWN: ifIndex 531, ifAdminStatus down(2), ifOperStatus down(2), ifName ge-0/3/1.0 Oct 10 18:00:59 R1 file: UI_COMMIT: User 'bsmith' requested 'commit' operation (comment: updating configuration from event policy update-on-snmp-trap-link-down) Oct 10 18:01:03 R1 eventd: EVENTD_CONFIG_CHANGE_SUCCESS: Configuration change successful: while executing policy update-on-snmp-trap-link-down with user bsmith privileges
If you configure a different log file, review the file specific to your configuration.
The output from the show system commit operational
mode command and the
file verify that the commit operation, which was made through the
event policy under the privileges of the user bsmith, was successful.
The show system commit output and
messages log file reference the commit comment specified in the log statement at the [edit event-options policy update-on-snmp-trap-link-down then
change-configuration commit-options] hierarchy level.
Verifying the Configuration Changes
Verify the configuration changes by reviewing the [edit routing-options static] hierarchy level of the configuration after disabling the ge-0/3/1 interface.
Issue the following operational mode command:
bsmith@R1> show configuration routing-options static ... route 10.1.10.0/24 next-hop 10.1.3.1; ...
The configured next hop has been modified by the event policy to the new IP address 10.1.3.1, which has its route through the exit interface ge-0/2/1.
Troubleshooting Commit Errors
The triggered event policy does not make the specified configuration changes, and the logs verify that the commit was unsuccessful.
bsmith@R1> show log messages | last 20
... Oct 10 17:48:59 R1 mib2d: SNMP_TRAP_LINK_DOWN: ifIndex 531, ifAdminStatus down(2), ifOperStatus down(2), ifName ge-0/3/1.0 Oct 10 17:49:01 R1 file: UI_LOAD_EVENT: User 'bsmith' is performing a 'rollback' Oct 10 17:49:01 R1 eventd: EVENTD_CONFIG_CHANGE_FAILED: Configuration change failed: rpc to management daemon failed while executing policy update-on-snmp-trap-link-down with user bsmith privileges
A failed commit might occur if the configuration is locked or if the configuration mode commands have the incorrect syntax or order.
Check the configuration mode commands at the [edit event-options policy update-on-snmp-trap-link-down then change-configuration commands] hierarchy level, and verify that the syntax and the order of execution are correct.
Additionally, increase the retry count and interval options so that if the configuration is locked, the event policy attempts the configuration changes a specified number of times after the first failed instance.