Scripting Your Switch

Richard Chart

blog-201007-cisco-iosOver the last few release cycles, the Cisco IOS engineering team have been quietly beavering away at exposing a whole new range of self monitoring and management capabilities in Cisco network devices.

Want to customize the syslog messages coming from your core router? How about implement a custom SNMP MIB in your access switch? Perhaps run a packet capture at 3AM and email yourself the results?

During the Advanced Cisco IOS Device Instrumentation session here at Cisco Live! It became clear that all of these and much more are now possible directly from within IOS.

Much of this power comes from the recently added ability to run TCL scripts directly on the device. It turns out TCL has been in IOS for a long time, it was used in delivery of many built-in IOS features, but was not available for access by end users.

Now however, this feature is unlocked and network engineers can go to town writing TCL scripts triggered by events, or potentially scheduled from Kron (yes, that’s cron with a “K”).

The TCL language is a convenient tool for pattern matching against events and performing local IOS operations, or generating enterprise specific events “Northbound” to an NMS such as EM7, but it comes with some risk.

Pattern matching can be CPU intensive, so administrators will need to take care not to overload the device with custom code and limit its ability to perform its primary function of routing and switching.

Actually IOS includes some mechanisms to limit the impact of custom code by implementing thresholds for how long a script can take to run, and also for how much CPU it can consume.

The TCL scripting language is not the only way that administrators can implement sophisticated logic on the IOS platform. The Embedded Event Manager (EEM) has been getting lots of love and attention from the Cisco Engineers as well.

The EEM applets now support logical constructs such as loops and conditional statements. As of EEM 3.1, the tool can intercept SNMP GET and SET operations and take custom actions for particular oids.

This is a great way to extend the SNMP capabilities of IOS with your own custom MIB, just has been possible in the server world for many years with extensible agents like net-SNMP.

These new IOS capabilities are powerful new strings for the network engineer’s bow, but they will need to consider carefully when to use them.

Cisco network monitoring is made possible with systems such as EM7 that provide the ability to perform pattern patching and sophisticated event handling outside the network device, with full audit trail and logging built in, and with consistent operation across the network.

Custom event handlers running on IOS itself have the same considerations around logging, audit trail and version control that apply to other software applications, using these in an uncontrolled way could be a recipe for disaster.

Undoubtedly these tools have their place though, and will be invaluable to taking local actions immediately in response to specific IOS events.

Share This Post

Most Popular