Welcome to Netcordia Connection Sign in | Join | Help
in Search
Home Blogs Support Forums Gallery Downloads
Netcordia Connection » Policy Management » Command Scripts » Script to check WAN VPN link is up and resolve if it is not.

Script to check WAN VPN link is up and resolve if it is not.

Last post 07-08-2008 2:06 PM by pvogelsang. 0 replies.
Page 1 of 1 (1 items)
Sort Posts: Previous Next

  • 07-08-2008 2:06 PM

    Script to check WAN VPN link is up and resolve if it is not.

    Reply Contact

    We have 2 VPN Tunnels connecting our Annapolis and Pittsburgh offices. We found a bug in the Juniper Netscreen routers we are using that causes routes to be dropped on the Pittsburgh Netscreen pointing back to subnets in the Annapolis Office. Turns out the routes are all routes sitting behind our Cisco Core Switch/Router.


    We initially wrote a CCS Script to tell us when the routes were down by running a Ping from our Core Cisco router to a router in PIttsburgh. This was great and notified us when the bug reared its nasty head. However we did not know how to resolve other than rebooting the NetScreen firewall.


    Eventually we found a better way to get the routes back by forcing the Cisco 3750 to restart OSPF by issuing the command “clear ip ospf process \cmy”


    So here is the script that we wrote to run a ping from our Cisco 3750 to a Netscreen across the VPN which checks if the Netscreen has a route back the Cisco 3750. If the ping fails we then raise an issue and run the “clear ip ospf process \cmy” command to restart OSPF and get the routes back


    Script:
        Ping A Host

    Script-Description:
        Ping a host and fire an issue if it's not reachable

    Script-Filter:
        $IPAddress eq 10.30.3.1

    Script-Devices:
        10.30.3.1

    Script-Schedule:
        */3 * * * *
       

    #################################################################
    Action:
        Perform Ping

    Action-Description:
        Run the ping command against our host

    Action-Variables:
        SET: $hostDead = "no"

    Action-Commands:
        ping 172.23.1.1

    Output-Triggers:
        Parse Output

    #################################################################
    Trigger:
        Parse Output

    Trigger-Description:
        Find out if we can ping our host, update a variable.

    Trigger-Variables:
        $pingable string

    Trigger-Template:
        Success rate is [[$pingable]] percent .+

    Trigger-Commands:{ $pingable eq "0" }
        SET: $hostDead = "yes"

    Output-Triggers:
        Run Command

    ##################################################################

    Trigger:
        Run Command

    Trigger-Description:
        Clear IP OSPF Proccess on 3750

    Trigger-Filter:
        $hostDead eq "yes"

    Trigger-Commands:
        clear ip ospf process \cmy
        copy run start \cm
        q

    Output-Triggers:
         Host Down



    #################################################################
    Issue:
        Host Down

    Issue-ID:
        pittsFWdown

    Issue-Severity:
        error

    Issue-Description:
        Cannot ping the remote host

    Issue-Filter:
        $hostDead eq "yes"

    Issue-Details:
        Host        $IPAddress
       
    #################################################################

    Here is the issue we created for this:

     

     Here is what the Script Script Schedule look slike for this:

     

    Patrick Voglesang
    VP Operations, Netcordia, Inc.
    (T) +1 410 266 6161 x309 (M) +1 724 272 1042 (F) +1 410 573 9779
    (E) pvogelsang@netcordia.com www.netcordia.com
    Filed under: , ,
Page 1 of 1 (1 items)
Copyright © 2008 Netcordia, Inc. All rights reserved.   Netcordia.com