Automation

 View Only
last person joined: 17 hours ago 

Ask questions and share experiences about Apstra, Paragon, and all things network automation.
  • 1.  JUNOSCRIPT: Auto policing based on interface bandwidth

    Posted 11-04-2009 19:31

    Anyone have a commi script that will automatically apply a policer to any interface that has a 'bandwidth' statement on it?  Or better yet, has a 'bandwidth' statement AND has a string in the description, such as 'CUST'?

     

    Here is an example of a policer:

     

    set firewall policer 10Mbps if-exceeding bandwidth-limit 10m
    set firewall policer 10Mbps if-exceeding burst-size-limit 1m
    set firewall policer 10Mbps then discard

     

     

    And there are three different family types I'd deal with:

     

     

    set interfaces ge-0/1/9 unit 1507 bandwidth 10m
    set interfaces ge-0/1/9 unit 1507 vlan-id 1507
    set interfaces ge-0/1/9 unit 1507 family inet address 1.1.1.1/30
    
    set interfaces ge-0/1/9 unit 1507 bandwidth 10m
    set interfaces ge-0/1/9 unit 1507 vlan-id 1507
    set interfaces ge-0/1/9 unit 1507 encapsulation vlan-ccc
    
    set interfaces ge-0/1/9 unit 1507 bandwidth 10m
    set interfaces ge-0/1/9 unit 1507 vlan-id 1507
    set interfaces ge-0/1/9 unit 1507 encapsulation vlan-vpls

     

     

    And based on which encapsulation or family type that is found on the interface, I'd like it to add the following two lines:

     

     

    set interfaces ge-0/1/9 unit 1507 family {inet:ccc:vpls} policer input 10Mbps
    set interfaces ge-0/1/9 unit 1507 family {inet:ccc:vpls} policer output 10Mbps

     

    The two lines that would be added would be based on the 'bandwidth' statement (10m) and the encapsulation type for that unit.  An extra hook to only apply this to interfaces with string 'foo' would be bonus points.


    #bandwidth
    #policer
    #JUNOS
    #Slax
    #junoscript


  • 2.  RE: JUNOSCRIPT: Auto policing based on interface bandwidth

    Posted 11-05-2009 01:02

    Hi,

     

    I wrote a script for you which should fulfill all your requirements. Please find it attached.

     

    If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.

     

    Kind Regards

    Michael Pergament



  • 3.  RE: JUNOSCRIPT: Auto policing based on interface bandwidth

    Posted 11-19-2009 08:58

    Sorry it took so long to reply, I had some issues with my account here.

     

    If I'm reading this correctly, it looks like this will set a policer named 10m to each active family on all interfaces beginning with ge-0/

     

    For all logical interfaces that have "CUST" or "LAN" in the description, apply a policer with the same name found on the bandwidth statement (if no bandwidth statement, do not apply a policer)

     

    I appreciate what you've provided so far.  How would you set the policer name to the same value as the already configured 'bandwidth' value?



  • 4.  RE: JUNOSCRIPT: Auto policing based on interface bandwidth

    Posted 11-20-2009 21:36

    OK, I've got a little closer, but I'm getting an error I can't figure what the cause is:

     

     

    re0: 
    error: load of commit script changes failed

    Not the most verbose error message.  Attached is my full script that is causing this error.

     

     

    I did have a couple questions about the original script.  Particularly the $match-descr variable.  I'm not sure I understand what this does:

     

     

        var $match-descr = "CUST";
            var $police_if = contains($match-descr, "CUST");

     

     

    1. Does this make $police_if always true?

     

     

    var $policer_in = $top/interfaces/interface[name == $phyifname]/unit[name == name]/family[name == inet || name == vpls || name == ccc]/policer/input;
    if (not($policer_in) && $police_if) {

     

     

    2. Does this say "if no policer is currently applied, then..." ?

     

     

    I feel like I'm fairly close to having this work.  Part of my problem is I'm not to confident on how to convert from the xml of the policer config to slax format.  Here is the original xml:

     

     

    <rpc-reply xmlns:junos="http://xml.juniper.net/junos/9.2R3/junos">
        <configuration junos:changed-seconds="1258781324" junos:changed-localtime="2009-11-20 23:28:44 CST">
                <firewall>
                    <policer>
                        <name>2m</name>
                        <if-exceeding>
                            <bandwidth-limit>2m</bandwidth-limit>
                            <burst-size-limit>1m</burst-size-limit>
                        </if-exceeding>
                        <then>
                            <discard/>
                        </then>
                    </policer>
                </firewall>
        </configuration>
    </rpc-reply>

    Last, it seems that these lines:

     

     

            var $policer_in = $top/interfaces/interface[name == $phyifname]/unit[name == $unit]/family[name == inet || name == vpls || name == ccc]/policer/input;
            var $policer_out = $top/interfaces/interface[name == $phyifname]/unit[name == $unit]/family[name == inet || name == vpls || name == ccc]/policer/output;

     

    don't work as you'd expect.  the two variables are always emtpy.  I'm trying to figure a way to accomplish the same thing.

     

     

    Thanks in advance,

    Josh

     


    #JUNOS
    #bandwidth
    #policer
    #Slax
    #junoscript


  • 5.  RE: JUNOSCRIPT: Auto policing based on interface bandwidth

    Posted 11-22-2009 09:36

    I've almost got this working.  The only peice I haven't been able to decipher is the interface description match:

     

     

        var $match-descr = "CUST:";
            var $police_if = contains($match-descr, "CUST:");
            if (not($policer_in) && not($policer_out) && $police_if && not(jcs:empty($policer-name))) {       

     

     

    In particular the contains command.  This DOES appear to do what is intended (match only interfaces that have CUST: in the description, however, I don't understand how.  What are the two arguments of the contain function for?  What is it we are searching to see if the string "CUST:" is contained within?

     

    My problem here, is I want to be able to match on multiple strings.  CUST, FOO, and BAR for instance.  Because I don't understand how this is working, I'm not sure how to accomplish this end.

     

    I appreciate the direction,

    Josh



  • 6.  RE: JUNOSCRIPT: Auto policing based on interface bandwidth
    Best Answer

    Posted 11-22-2009 19:05

    OK, I think I've got this working the way I want.  I've tested it in each scenario, and it seems to do all that I wanted (and more)

     

    I'm posting it for the benefit of others, and also in hopes that some of the more experienced folks would take a look and give me some pointers on how it could be cleaned up.  I had a lot of difficulty, in particular, with the logic used in some of the if statements.  I'd like to clean this script up some to make it more maintainable.

     

    Comments are welcomed, and specific alternate solutions encouraged.