None
Bgp block all at digidraft.net

Bgp block all

2016-12-20

    Current fv magnitude is about 620K routes and it gets large amount of memory. As the global routing table continues to grow some routing platforms may met out of memory leak issue. The cisco 6500 platforms literally are some of the most common network hardware. The SUP720 6500 supervisor module can hold 1M routes and 1GB DRAM for route processor. So, in case of using 6500 with WS-SUP720 to get more than one fv could be a problem.

    Routers 1 and 2 are in the same AS, thereby they share one fv. Besides, they have connections with uplink peers (routers 3 and 4) which also in one AS.

   According to scheme we can fearlessly block redundant announcements from router 4. Script below will trigger every 30 seconds to monitor status of bgp-sessions between routers 1 and 2, 1 and 3. In event of router 2 lose fv from router 1 it will automatically delete prefix-list from session between 2 and 4.

#The script riggered every every 30 seconds.
::cisco::eem::event_register_timer watchdog time 30 maxrun 320
# Import cisco eem and library
namespace import ::cisco::eem::*
namespace import ::cisco::lib::*
# Form a array from event_reqinfo
array set arr_einfo [event_reqinfo]
if {$_cerrno != 0} {
    set result [format "component=%s; subsys err=%s; posix err=%s;\n%s" \
        $_cerr_sub_num $_cerr_sub_err $_cerr_posix_err $_cerr_str]
    error $result
}
set Peer1_lo0_addr 10.1.1.1
set Peer2_lo0_addr 10.1.1.2
set Peer1_Uplink_int_addr 10.2.2.1
set Peer2_Uplink_int_addr 10.2.2.2
set clist [list "snmp get v2c $Peer1_lo0_addr karavan timeout 2 oid 1.3.6.1.2.1.15.3.1.2.$Peer1_Uplink_int_addr"]
set clist2 [list "sh ip bgp neighbor $Peer2_Uplink_int_addr policy | i prefix-list BLOCK_ALL in"]
# Add prefix-list BLOCK_ALL
proc addBLOCK_ALL {} {
    action_syslog priority info msg "add BLOCK_ALL to Uplink_BGP_IN"
    global Peer2_Uplink_int_addr
    set clist1 [list \
        "conf t" \
        "router bgp XXXXX" \
        "address-family ipv4" \
        "neighbor $Peer2_Uplink_int_addr prefix-list BLOCK_ALL in" \
        "end" \
        "clear ip bgp $Peer2_Uplink_int_addr soft in"]
    cli_run "$clist1"
}
# Delete prefix-list BLOCK_ALL
proc delBLOCK_ALL {} {
    action_syslog priority info msg "del BLOCK_ALL from Uplink_BGP_IN"
    global Peer2_Uplink_int_addr
    set clist1 [list \
        "conf t" \
        "router bgp XXXXX" \
        "address-family ipv4" \
        "no neighbor $Peer2_Uplink_int_addr prefix-list BLOCK_ALL in" \
        "end" \
        "clear ip bgp $Peer2_Uplink_int_addr soft in"]
    cli_run "$clist1"
}
# Form a bgp-sessions status lists.
# Four requests per session every 5 seconds.
set Peer1_Uplink_BGP_state_value_list ""
set Peer1_Peer2_BGP_state_value_list ""
set z 0
while {$z<4} {
    after 5000
    set Peer1_Uplink_BGP_state [cli_run "$clist"]
    array set Peer1_Peer2_BGP_state_array [sys_reqinfo_snmp oid 1.3.6.1.2.1.15.3.1.2.$Peer2_lo0_addr get_type exact]
    set Peer1_Peer2_BGP_state_value $Peer1_Peer2_BGP_state_array(value)
    switch -regexp -- $Peer1_Uplink_BGP_state {
        {NO_SUCH_INSTANCE_EXCEPTION} {
            action_syslog priority info msg "ERROR: NO_SUCH_INSTANCE_EXCEPTION"
            exit 1
        }
        {Incomplete command} {
            action_syslog priority info msg "ERROR: Incomplete command"
            exit 1
        }
        {Invalid input detected at} {
            action_syslog priority info msg "ERROR: Invalid input detected"
            exit 1
        }
        default {
            lappend Peer1_Peer2_BGP_state_value_list $Peer1_Peer2_BGP_state_value
            lappend Peer1_Uplink_BGP_state_value_list [lindex $Peer1_Uplink_BGP_state 10]
            incr z
        }
    }
}
# Check bgp-sessions status list Peer1_Uplink.
# Each of 4 characters can take a value from 0 to 6, or a null if uplink has
# not responded to the request.
if {[regexp {[0-6]\s[0-6]\s[0-6]\s[0-6]||{}\s{}\s{}\s{}} $Peer1_Uplink_BGP_state_value_list] != "1"} {
    action_syslog priority info msg "ERROR: regexp error in Peer1_Uplink_BGP_state_value_list    $Peer1_Uplink_BGP_state_value_list"
    exit 1
}
# Check bgp-sessions status list Peer1_Peer2.
# Each of 4 characters can take a value from 0 to 6, or a null if uplink has
# not responded to the request.
if {[regexp {[0-6]\s[0-6]\s[0-6]\s[0-6]} $Peer1_Peer2_BGP_state_value_list] != "1"} {
        action_syslog priority info msg "ERROR: regexp error in Peer1_Peer2_BGP_state_value $Peer1_Peer2_BGP_state_value_list"
        exit 1
}
#Execute clist2 commands, check errors, check for prefix-list BLOCK_ALL in configuration.
if [catch {cli_run "$clist2"} result] {
        exit 1
} else {
    set PL_BLOCK_ALL_check [cli_run "$clist2"]
    switch -regexp -- $PL_BLOCK_ALL_check {
        {Incomplete command} {
            action_syslog priority info msg "ERROR PL_BLOCK_ALL_check: Incomplete command"
            exit 1
        }
        {Invalid input detected at} {
            action_syslog priority info msg "ERROR PL_BLOCK_ALL_check: Invalid input detected"
            exit 1
        }
        default {
            if {[llength $PL_BLOCK_ALL_check] > 1 } {
                set PL_BLOCK_ALL_exists "YES"
            } else {
                set PL_BLOCK_ALL_exists "NO"
            }
        }
    }
}
# Set the state of Peer1-Uplink bgp session based on the values in the
# previously formed list.
if {[regexp -all {6} $Peer1_Uplink_BGP_state_value_list] < "3"} {
    set Peer1_result "Uplink false"
} else {
    set Peer1_result "Uplink fine"
}
# Set the state of Peer1-Peer2 bgp session based on the values in the
# previously formed list.
if {[regexp -all {6} $Peer1_Peer2_BGP_state_value_list] < "3"} {
    set Peer2_result "Peer1 false"
} else {
    set Peer2_result "Peer1 fine"
}
# Add or remove the prefix-list BLOCK_ALL based on checks.
if { $Peer2_result == "Peer1 false" && $PL_BLOCK_ALL_exists == "YES"} {
    delBLOCK_ALL
    action_syslog priority info msg "delBLOCK_ALL \
    Peer1_Uplink_BGP_state_value_list: $Peer1_Uplink_BGP_state_value_list Peer1_result: $Peer1_result \
    Peer1_Peer2_BGP_state_value_list: $Peer1_Peer2_BGP_state_value_list Peer2_result: $Peer2_result \
    "
} elseif { $Peer2_result == "Peer1 fine" && $Peer1_result == "Uplink fine" && $PL_BLOCK_ALL_exists == "NO"} {
    addBLOCK_ALL
    action_syslog priority info msg "addBLOCK_ALL \
    Peer1_Uplink_BGP_state_value_list: $Peer1_Uplink_BGP_state_value_list Peer1_result: $Peer1_result \
    Peer1_Peer2_BGP_state_value_list: $Peer1_Peer2_BGP_state_value_list Peer2_result: $Peer2_result \
    "
} elseif { $Peer2_result == "Peer1 fine" && $Peer1_result == "Uplink false" && $PL_BLOCK_ALL_exists == "YES"} {
        delBLOCK_ALL
       action_syslog priority info msg "delBLOCK_ALL \
    Peer1_Uplink_BGP_state_value_list: $Peer1_Uplink_BGP_state_value_list Peer1_result: $Peer1_result \
    Peer1_Peer2_BGP_state_value_list: $Peer1_Peer2_BGP_state_value_list Peer2_result: $Peer2_result \
    "
}

 

Leave a Comment: