Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Example: Changing the Configuration Using an Event Policy

 

It might be necessary to modify the configuration in response to a particular event. Starting in Junos OS Release 12.1, you can configure an event policy to make and commit configuration changes when the event policy is triggered by one or more specific events.

This example simulates an SNMP_TRAP_LINK_DOWN event for a specific interface. Upon receipt of the event, the event policy uses the change-configuration action to modify the configuration of a static route to use a new next-hop IP address through a different exit interface.

Requirements

  • Routing, switching, or security device running Junos OS Release 12.1 or later.

Overview

You can configure an event policy action to modify the configuration when the policy is triggered by a single event or correlated events. Suppose you have a static route to the 10.1.10.0/24 network with a next-hop IP address of 10.1.2.1 through the exit interface ge-0/3/1. At some point, this interface goes down, triggering an SNMP_TRAP_LINK_DOWN event.

This example creates an event policy named update-on-snmp-trap-link-down. The event policy is configured so that the eventd process listens for an SNMP_TRAP_LINK_DOWN event associated with the interface ge-0/3/1.0. If the interface goes down, the event policy executes a change configuration action. The event policy configuration commands remove the static route through the ge-0/3/1 exit interface and create a new static route to the same target network with a next-hop IP address of 10.1.3.1 through the exit interface ge-0/2/1. The commands are executed in the order in which they appear in the event policy.

The event policy change configuration commit operation is executed under the username bsmith with a commit comment specifying that the change was made through the associated event policy. The retry count is set to 5 and the retry interval is set to 4 seconds. If the initial attempt to issue the configuration change fails, the system attempts the configuration change 5 additional times and waits 4 seconds between each attempt.

Although not presented here, you might have a second, similar event policy that executes a change configuration action to update the static route when the interface comes back up. In that case the policy would trigger on the SNMP_TRAP_LINK_UP event for the same interface.

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them in a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level:

Configuring the Event Policy

Step-by-Step Procedure

  1. Create and name the event policy.
  2. Configure the events statement so that the event policy triggers on the SNMP_TRAP_LINK_DOWN event.

    Set the attributes-match statement so that the policy triggers only if the SNMP_TRAP_LINK_DOWN event occurs for the ge-0/3/1.0 interface.

  3. Specify the configuration mode commands that are executed if the ge-0/3/1 interface goes down.

    Configure each command on a single line, enclose the command string in quotes, and specify the complete statement path.

  4. Configure the commit options.

    Configure the log option with a comment describing the configuration changes. The comment is added to the commit logs after a successful commit operation is made through the associated event policy.

    If you have dual Routing Engines, configure the synchronize option to commit the configuration on both Routing Engines. Include the force option to force the commit on the other Routing Engine, ignoring any warnings. This example does not configure the synchronize and force options.

  5. (Optional) Configure the retry count and retry interval.

    In this example, count is set to 5 and the interval is 4 seconds.

  6. (Optional) Configure the username under whose privileges the configuration changes and commit are made.

    If you do not specify a username, the action is executed as user root.

  7. Configure a new log file at the [edit system syslog] hierarchy level to record syslog events of facility daemon and severity warning.

    This captures the SNMP_TRAP_LINK_DOWN events.

  8. To test this example, configure a static route to the 10.1.10.0/24 network with a next hop IP address of 10.1.2.1.
  9. Commit the configuration.
  10. Review the [edit routing-options static] hierarchy level of the configuration before disabling the ge-0/3/1 interface, and note the next hop IP address.
  11. To manually test the event policy, take the ge-0/3/1 interface temporarily offline to generate the SNMP_TRAP_LINK_DOWN event.

Results

Verification

Confirm that the configuration is working properly.

Verifying the Status of the Interface

Purpose

Verify that the ge-0/3/1 interface is down and that it triggered the SNMP_TRAP_LINK_DOWN event.

Action

Issue the show interfaces ge-0/3/1 operational mode command. The command output shows that the interface is administratively offline.

bsmith@R1> show interfaces ge-0/3/1

Review the contents of the system log file configured in Step 7. The output shows that the ge-0/3/1.0 interface went down and generated an SNMP_TRAP_LINK_DOWN event.

bsmith@R1> show log syslog-event-daemon-warning

Verifying the Commit

Purpose

Verify that the event policy commit operation was successful by reviewing the commit log and the messages log file.

Action

Issue the show system commit operational mode command to view the commit log. In this example, the log confirms that the configuration was committed through the event policy under the privileges of user bsmith at the given date and time.

bsmith@R1> show system commit

Review the messages log file. Upon receipt of the SNMP_TRAP_LINK_DOWN event, Junos OS executed the configured event policy action to modify and commit the configuration. The commit operation occurred under the privileges of user bsmith.

bsmith@R1> show log messages | last 20
Note

If you configure a different log file, review the file specific to your configuration.

Meaning

The output from the show system commit operational mode command and the messages log file verify that the commit operation, which was made through the event policy under the privileges of the user bsmith, was successful. The show system commit output and messages log file reference the commit comment specified in the log statement at the [edit event-options policy update-on-snmp-trap-link-down then change-configuration commit-options] hierarchy level.

Verifying the Configuration Changes

Purpose

Verify the configuration changes by reviewing the [edit routing-options static] hierarchy level of the configuration after disabling the ge-0/3/1 interface.

Action

Issue the following operational mode command:

Meaning

The configured next hop has been modified by the event policy to the new IP address 10.1.3.1, which has its route through the exit interface ge-0/2/1.

Troubleshooting

Troubleshooting Commit Errors

Problem

The triggered event policy does not make the specified configuration changes, and the logs verify that the commit was unsuccessful.

bsmith@R1> show log messages | last 20

A failed commit might occur if the configuration is locked or if the configuration mode commands have the incorrect syntax or order.

Solution

Check the configuration mode commands at the [edit event-options policy update-on-snmp-trap-link-down then change-configuration commands] hierarchy level, and verify that the syntax and the order of execution are correct.

Additionally, increase the retry count and interval options so that if the configuration is locked, the event policy attempts the configuration changes a specified number of times after the first failed instance.