Junos Automation (Scripting)
Showing results for 
Search instead for 
Do you mean 
Reply
Contributor
Posts: 11
Registered: ‎08-23-2010
0

Explain enable-primary-nexthop script

Hi all!!!

May be it is stupid question but...

Can somebody explain the enable-primary-nexthop script in detail??? I can't understand how it is work. What I must change in it.

Somebody pls help ( in detail) !!!!

 

 

Trusted Expert
Posts: 242
Registered: ‎06-18-2008
0

Re: Explain enable-primary-nexthop script

This script reacts to RPM events from a specifically configured RPM test. You can find details on the configuration required in the PDF README file, available for download on the same page where you download the code.

 

Part of the configuration includes two event policies, which executes either the enable-primary-nexthop.slax or enable-alternate-next-hop.slax script, and provides them with a single argument: next-hop-interface.

 

So, when these scripts start, their $next-hop-interface parameter has been set to the value provided by your event policy. Execution starts within the match / template, where the first action is to open a management connection via jcsSmiley Surprisedpen(). Next, the $next-hop-interface parameter is combined with a ".0" to form a new $logical-interface variable. This is important because it indicates that the script is written to work only with the .0 logical interface of the physical interface. If you wish to disable a VLAN for example you would have to modify it.

 

A configuration change is then created and assigned to the $change-route variable. This configuration change does three things: First, it delete the existing default route. Second, it adds a default route pointing to the $logical-interface, and third, it deletes the disable statement from the $next-hop-interface.

 

The fact that the script makes the interface the next-hop of the route indicates that the interface must be p2p. Otherwise the configuration will fail.

 

Finally, the configuration change is applied via the jcs:load-configuration template.

 

The companion script, enable-alternate-next-hop.slax, is similar. But in this case it disables the $next-hop-interface and makes the default route point towards a hard-coded alternate interface of "dl2.0". You would need to modify that alternate next-hop to whatever interface you prefer.

Highlighted
Contributor
Posts: 11
Registered: ‎08-23-2010
0

Re: Explain enable-primary-nexthop script

Thank you for your replay I read the pdf but can't understand it

my primary next-hop is fe-0/0/6.0 and second next hop is fe-0/0/7.0 and in attachment file is my configure file can you help me to edit the slax file and configure file.

Thank you!!!

Contributor
Posts: 11
Registered: ‎08-23-2010
0

Re: Explain enable-primary-nexthop script

Trusted Expert
Posts: 242
Registered: ‎06-18-2008
0

Re: Explain enable-primary-nexthop script

Would you actually want the primary interface to be disabled when the RPM test fails, or would you just want the next-hop of the default route to switch to the backup? For example, if your RPM test is to a destination out of the primary then disabling it is a good way of ensuring that the test will never succeed.

Contributor
Posts: 11
Registered: ‎08-23-2010
0

Re: Explain enable-primary-nexthop script

my ISP1 interface is fe-0/0/6.0, ISP2 interface is fe_0/0/7.0.

my goal is change default rout fe-0/0/6.0 to fe-0/0/7.0 ( 0.0.0.0/0 > 192.168.0.113 to 0.0.0.0/0 > 10.10.20.3) if ping test fail,

and when ping test complete i want to have default route to fe-0/0/6.0 ( 0.0.0.0/0 > 192.168.0.113). I don't wont disable any interface, i wont only change default route

Trusted Expert
Posts: 242
Registered: ‎06-18-2008
0

Re: Explain enable-primary-nexthop script

In that case, change your 0/0 static route config to this:

 

     route 0.0.0.0/0 {
            qualified-next-hop 192.168.0.113;
            qualified-next-hop 10.10.20.3 {
                preference 200;
            }
        }

 

And your event-options config to this:

 

event-options {
    policy test-failed {
        events PING_TEST_FAILED;
        within 240 events [ PING_TEST_COMPLETED KERNEL SYSTEM ];
        attributes-match {
            ping_test_failed.test-owner matches icmp-ping-probe;
            ping_test_failed.test-name matches ping-probe-test;
            ping_test_completed.test-owner matches icmp-ping-probe;
            ping_test_completed.test-name matches ping-probe-test;
            SYSTEM.message matches "Starting of initial processes complete";
            KERNEL.message matches "event-processing \(PID.*\)started";
        }
        then {
            event-script watch-default-route.slax {
                arguments {
                    next-hop 192.168.0.113;
                }
            }
        }
    }
    policy test-completed {
        events PING_TEST_COMPLETED;
        within 240 events [ PING_TEST_FAILED KERNEL SYSTEM ];
        attributes-match {
            ping_test_completed.test-owner matches icmp-ping-probe;
            ping_test_completed.test-name matches ping-probe-test;
            ping_test_failed.test-owner matches icmp-ping-probe;
            ping_test_failed.test-name matches ping-probe-test;
            SYSTEM.message matches "Starting of initial processes complete";
            KERNEL.message matches "event-processing \(PID .*\) started";
        }
        then {
            event-script watch-default-route.slax {
                arguments {
                    next-hop 192.168.0.113;
                }
            }
        }
    }
    event-script {
        file watch-default-route.slax;
    }
}

 

And then copy the attached event script to your /var/db/scripts/event directory.

Contributor
Posts: 15
Registered: ‎02-22-2008
0

Re: Explain enable-primary-nexthop script

Hello,

 

Is this solution going to work if the two ISP connections are DHCP-assigned and there is no way of knowing and hardcoding their next-hop addresses in the script?

 

Thanks!

 

Jakov

Jakov
Trusted Expert
Posts: 242
Registered: ‎06-18-2008
0

Re: Explain enable-primary-nexthop script

No, the above solution is only intended for static routes that have next hops manually configured in the configuration. If they are coming via DHCP then the script would have to be altered, but I'm not sure what changes are required as I'm not familiar with the particular scenario you're referring to.

Contributor
Posts: 15
Registered: ‎02-22-2008
0

Re: Explain enable-primary-nexthop script

Thanks ccal, the search continues... 

Jakov
Contributor
Posts: 13
Registered: ‎11-22-2010
0

Re: Explain enable-primary-nexthop script

hey guys.

 

So has anyone actually gotten this script to work? I'm trying the script that ccal has provided. Attached is my config snippet.

 

The one thing that I noticed is in the ccal script the next-hop parameter is defined as param $next-hop = "10.0.0.1";

I'm assuming this needs to be modified? Also, I want to know if I can expect the same failover results if I'm pinging a host past the next-hop.

 

Thanks for the help.

Recognized Expert
Posts: 198
Registered: ‎03-17-2010
0

Re: Explain enable-primary-nexthop script

Hi Megan, I got the watch-next-hop script to work and I will try to help you, but I'm not sure I understood your question.

 

So, in the script attached by ccall (watch-default-route.slax), the line:

param $next-hop = "10.0.0.1";

assigns a default value to the next-hop parameter. This parameter is passed to the watch-default-route.slax script by the event policy, when the script is invoked, as you can see from the code below:

 

    then {
        event-script watch-default-route.slax {
            arguments {
                next-hop 192.168.20.101;
            }
        }
    }

 So if you are using a different next-hop address, you don't need to modify the watch-default-route.slax script, but the event policy.

 

Regarding the possibility to ping an host past the next-hop, of course you can, you just need to edit the services rpm configuration, changing the target-address.

 

 

I hope I made myself clear, let me know if you need any clarification,

 

Kind regards,

Mattia

 

 

.................................................................................
JNCIP-ENT, JNCIP-SEC, JNCIS-SP
(If this post helped you, please mark it as an "Accepted Solution"; kudos are also appreciated!)


Contributor
Posts: 13
Registered: ‎11-22-2010
0

Re: Explain enable-primary-nexthop script

Thanks for the help. I just got it working. Very nice.

 

How do I monitor this now? I did a show system processes and it doesn't show up.

 

Any ieads?

Recognized Expert
Posts: 198
Registered: ‎03-17-2010
0

Re: Explain enable-primary-nexthop script

Hello, in order to monitor the behaviour of the event scripts, I included this line in the system syslog hierarchy of the configuration:

 

file default-log-messages {
    any any;
    structured-data;
}

 You can use the jcs:syslog function to let the script write a customized message to the syslog, with the specified facility and severity values, e.g.:

 

 

expr jcs:syslog("external.info", "Any useful log message");

You can also track the event script operations using the traceoptions statement, as explained here.

 

 

Mattia

.................................................................................
JNCIP-ENT, JNCIP-SEC, JNCIS-SP
(If this post helped you, please mark it as an "Accepted Solution"; kudos are also appreciated!)


Contributor
Posts: 21
Registered: ‎04-12-2010
0

Re: Explain enable-primary-nexthop script

Hi,

 

I found ip-track.slax script. This is an Event script that will simulate a track-ip. The script will take an argument of the host ip and number of ping requests. The script will determine the host down if the number of pings (threshold) lost is greater than 50%. It will not bring the interface down if the number of ping failures is less than 50%. In the script you will need to adjust the interface to bring down and the ping threshold parameters. It is currently set to ge-0/0/2. This will execute every minute.

 

I want to modify the script to activate/deactivate firewall filter on interface or change next-hop on routing-instances rather than disable the interface. Can anyone explain how to do that and give an example? Thanks.

 

ge-0/0/0 {
    description "Link To FW-Outside";
    hold-time up 0 down 2000;
    link-mode full-duplex;
    unit 0 {
        family inet {
            filter {
                input FBF-Route;
            }
            address 10.254.249.244/29 {
                vrrp-group 10 {
                    virtual-address 10.254.249.245;
                    priority 110;
                    advertise-interval 3;
                    preempt;
                    track {
                        interface ge-0/0/1.0 {
                            priority-cost 10;
                        }
                    }
                }
            }
        }
    }
}
ge-0/0/1 {
    description "*** Link ISP ***";
    hold-time up 0 down 2000;
    unit 0 {
        family inet {
             address 117.10.10.10/30;
        }
    }
}

routing-instances {
    fbf {
        instance-type forwarding;
        routing-options {
            static {
                route 0.0.0.0/0 {
                    qualified-next-hop 10.254.249.246;
                    qualified-next-hop 117.10.10.9 {
                        preference 200;
                    }
                }
            }
        }
    }
}

 

Regards,

Anto

Visitor
Posts: 3
Registered: ‎01-19-2011
0

Re: Explain enable-primary-nexthop script

Hi,

I've tried your solution (script + event-optins policy) and it works fine! Thanks!

But I have a little bit complicated case, I have two ISP and the the traffic from LAN

to port TCP 80 and 443 must be directed to ISP2 and the other traffic to ISP1.

Well, I've setup the Filter Based Forwarding defining two routing-instances

routing-table-ISP1 and routing-table-ISP2.In attachment a brief configuration extract:

 

 

So it is working well. The drawback of this configuration is that it works and recover from ISP1/2 to ISP2/1 only if the

physical interface goes down. But I have the firewall connected via ethernet to the CPE router of the ISPx and the ethernet never goes down. So if the WAN link is down the only way to test it is to use "ping server", a host in the network cloud of the ISP.

Your script instead is fine because if the "ping server" (the rpm target address)  is down it install the default route on the second ISP.

The main problem is that I have in routing table three routing instances inet.0, routing-table-ISP1 and routing-table-ISP2; if the "ping server" of the ISP2 goes down I've to change the default route of the routing-table-ISP2 and not the inet.0. Is this possible to do? 

Furthermore I need to use two "ping server" one for each ISP in order to swap to the other ISP if the relative "ping server" is down.

Could you help me to find a solution?

Thank you in advance

 

Regards

 

 

 

 

Recognized Expert
Posts: 198
Registered: ‎03-17-2010
0

Re: Explain enable-primary-nexthop script

[ Edited ]

Hello,

I'll try to give you a hint :-)

 

In order to monitor two hosts reachable through different routing-instances I think you will have to configure two distinct rpm probe, like this:

 

[edit services rpm]
admin@router# show 
probe ISP-1 {
    test ping-ISP-1 {
        target address 1.1.1.1;
        probe-count 10;
        probe-interval 1;
        test-interval 400;
        routing-instance routing-table-ISP1;
    }
}

probe ISP-2 {
    test ping-ISP-2 {
        target address 2.2.2.2;
        probe-count 10;
        probe-interval 1;
        test-interval 400;
        routing-instance routing-table-ISP2;
    }
}

 

Then you will have to edit the script, to modify the configuration under the specific routing instance.You can use an if statement to match the probe name, and then you can define the configuration change like this:

 

var $int = <configuration> {
                <routing-instances> {  
                    <instance> {
             <name> "routing-table-ISP1";    
                          <interfaces> {
                             <interface> {
                                <name> $if;
                                    <disable>;
                   }
                 }
             }
         }
call jcs:load-configuration($connection = $con, $configuration = $int);

 

 I hope this helps, let me know if you need further claritification.

 

 

 

.................................................................................
JNCIP-ENT, JNCIP-SEC, JNCIS-SP
(If this post helped you, please mark it as an "Accepted Solution"; kudos are also appreciated!)


Visitor
Posts: 3
Registered: ‎01-19-2011
0

Re: Explain enable-primary-nexthop script

Hi Mattia,

thanks for your help. I've used some of your hints and now it works.

In attachment a brief configuration extract.

I've edited the watch-default-route.slax script and I've set up the script

for ISP1 and ISP2 and edited in order to check configuration of routing instances.

Now it works, when the pingserver 1 goes down in the routing instances ISP1 the default

route goes to ISP2 in the routing instances ISP1 and vice-versa (when pingserver to ISP2 goes down, the default goes to ISP1 in the

routing instances ISP2).

 

 

 

Thanks again!

 

D

Visitor
Posts: 2
Registered: ‎02-10-2011
0

Re: Explain enable-primary-nexthop script

Hi dugolotti,

 

could you please post your modified watch-default-ISP1.slax script? I'm working on the same problem right now, but the script can't detect the inactive route on the routing-instance. Deactivation of the qualified-next-hop is working fine.

 

Here's the part out of my code:

 

/* Retrieve the current configuration for the static route */
var $configuration-rpc = {
<get-configuration database="committed"> {
<configuration> {
<routing-instances> {
<instance> {
<name> "HTTP-Redirect";
<routing-options>;
}
}
}
}
}
var $current = jcs:invoke( $configuration-rpc );

/* Grab the routing-options static node to make further location paths shorter */
var $static = $current/routing-options/static;

/* Is the route currently inactive? */
var $inactive = $static/route[name == "0.0.0.0/0"]/qualified-next-hop[name == $next-hop]/@inactive;

 

the value for inactive seems to be always empty, although the route itself is inactive.

 

show configuration routing-instances HTTP-Redirect routing-options static route 0.0.0.0/0
qualified-next-hop 192.168.25.249 {
preference 100;
}
inactive: qualified-next-hop 192.168.24.113;

 

 

Greetings,

Torsten

Visitor
Posts: 3
Registered: ‎01-19-2011
0

Re: Explain enable-primary-nexthop script

Hi, following you can find the script I've used.

I hope it will help you to solve your problem.

Please tell me if you need further informations.

 

Bye