Change BGP Policies

ryansharpe · ‎02-12-2018

Hello,

Looking for some general feedback on my EEM solution. My customer has several data centres around the world. Each with two ISP connections, receiving full BGP tables. We have put up a mGRE overlay between the sites. My goal here is to create a script that will take input from the user and then modify the appropriate BGP policy in order to engineer the traffic over the appropriate tunnel.

Am I on the right track here or is there maybe a better script technology or method that could accomplish this? For example if I was doing this in python I'd likely uses the LOC variable as a hash variable to store the value for the key. Perhaps TCL makes more sense for this type of operation?

event manager applet TRAFENG
event none
action 000 puts " +-------------------------------------+"
action 001 puts " |                                     |"
action 002 puts " | Location:                           |"
action 003 puts " |    [1]   Site 1                     |"
action 004 puts " |    [2]   Site 2                     |"
action 005 puts " |    [3]   Site 3                     |"
action 006 puts " |    [4]   Site 4                     |"
action 007 puts " |    [6]   Site 5                     |"
action 008 puts " |    [7]   Site 6                     |"
action 009 puts " |    [8]   Site 7                     |"
action 010 puts " |                                     |"
action 011 puts " +-------------------------------------+"
action 012 get LOC
action 013 puts " +-------------------------------------+"
action 014 puts " |                                     |"
action 016 puts " | Preferred ISP:                      |"
action 017 if $LOC eq 6
action 018  puts " |    [1]   Telstra & Level3           |"
action 019  puts " |    [2]   NTT & GTT                  |"
action 020 else
action 021  puts " |    [1]   CenturyLink (Level3)       |"
action 022  puts " |    [2]   GTT                        |"
action 023 end
action 024 puts " |                                     |"
action 025 puts " +-------------------------------------+"
action 026 get ISP
action 027 puts ""
action 028 if $LOC eq 1
action 029  if $ISP eq 1
action 030   syslog msg "Site 1 primary: CenturyLink (Level3)"
action 031   cli command "config t"
action 032   cli command "router bgp 65505"
action 033   cli command "neighbor 172.16.30.1 shutdown"
action 034   cli command "address-family ipv4"
action 035   cli command "no neighbor 172.16.30.1 inherit peer-policy iBGP_WORSE"
action 036   cli command "neighbor 172.16.30.1 inherit peer-policy iBGP_BETTER"
action 037   cli command "no neighbor 172.16.30.1 shutdown"
action 038   cli command "end"
action 039  elseif $IDP eq 2
action 040   syslog msg "Site 1 primary: GTT"
action 040   cli command "config t"
action 041   cli command "router bgp 65505"
action 042   cli command "neighbor 172.16.30.1 shutdown"
action 043   cli command "address-family ipv4"
action 044   cli command "no neighbor 172.16.30.1 inherit peer-policy iBGP_BETTER"
action 045   cli command "neighbor 172.16.30.1 inherit peer-policy iBGP_WORSE"
action 046   cli command "no neighbor 172.16.30.1 shutdown"
action 047   cli command "end"
action 048  end
action 049 end

Joe Clarke · ‎02-13-2018

Yeah, with EEM+Tcl you can use arrays to simplify the logic. You can also have the array values be environment variables so that you can modify the behavior without changing the code.

But even if you go that route you have two issues. One, you need to add a cli command for enable. Two, the default maxrun for this policy is 20 seconds. So if the user doesn't respond quickly, the policy will die. You may want to increase both the maxrun and default timers to account for delay in response.

ryansharpe · ‎02-15-2018

Thanks Joe!

Much appreciated. I took your suggestion and looked into Tcl a bit more and actually wrote the entire thing in Tcl. It is still a bit of WIP and I need some routers to test it out on before rolling onto a production environment.

Thanks again!