Connected networks do not match across cluster members-juniper-junos

error
high-availability
junos
juniper
Connected networks do not match across cluster members-juniper-junos
0

#1

Connected networks do not match across cluster members-juniper-junos

Vendor: juniper

OS: junos

Description:
Indeni will identify when two devices are part of a cluster and alert if the networks they are directly connected to do not match.

Remediation Steps:
Ensure all of the required ports are configured correctly on all cluster members, including the subnet mask.

How does this work?
This script retrieves routes statically defined on a device by running the command “show route protocol static terse” via SSH connection to a device.

Why is this important?
The static routes are manually defined on a device. Incorrectly defined static routes will cause the network outage or unpredictable network behaviors.

Without Indeni how would you find this?
An administrator could log on to the device to run the command “show route protocol static terse” to collect the same information.

junos-show-route-protocol-static-terse

#! META
name: junos-show-route-protocol-static-terse
description: JUNOS get static routes information 
type: monitoring
monitoring_interval: 5 minute
requires:
    vendor: juniper
    os.name: junos
    product: firewall

#! COMMENTS
connected-networks-table:
    why: |
        The static routes are manually defined on a device. Incorrectly defined static routes will cause the network outage or unpredictable network behaviors.
    how: |
        This script retrieves routes statically defined on a device by running the command "show route protocol static terse" via SSH connection to a device. 
    without-indeni: |
        An administrator could log on to the device to run the command "show route protocol static terse" to collect the same information.
    can-with-snmp: false 
    can-with-syslog: false
    vendor-provided-management: |
        The commamnd line is available to retrieve this information

#! REMOTE::SSH
show route protocol static terse

#! PARSER::AWK
#inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden)
/inet/ {
  table_name = $1
}

#* 30.30.30.0/24      D   0                       >lt-0/0/0.1
/^(\*\s+[0-9]|\+\s+[0-9]|\-\s+[0-9])/ {
    line++
    network = $2
    next_hop = $NF
    split(network, network_prefix, "/")
    route[line, "table-name"] = table_name
    route[line, "network"] = network_prefix[1]
    route[line, "mask"] = network_prefix[2]  
    gsub(/\>/, "", next_hop)
    route[line, "next-hop"] = next_hop
}

END{
    writeComplexMetricObjectArray("static-routing-table", null, route)
}

connected_tables_comparison_vsx

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.{ConditionalRemediationSteps, SnapshotComparisonTemplateRule}
import com.indeni.server.common.data.conditions.{Equals => DataEquals}

/**
  *
  */
case class connected_tables_comparison_vsx(context: RuleContext) extends SnapshotComparisonTemplateRule(context,
  ruleName = "connected_tables_comparison_vsx",
  ruleFriendlyName = "Clustered Devices: Connected networks do not match across cluster members",
  ruleDescription = "Indeni will identify when two devices are part of a cluster and alert if the networks they are directly connected to do not match.",
  metricName = "connected-networks-table",
  applicableMetricTag = "vs.name",
  metaCondition = DataEquals("vsx", "true"),
  isArray = true,
  alertDescription = "Devices that are part of a cluster must have the same directly connected networks. Review the differences below.",
  baseRemediationText = "Ensure all of the required ports are configured correctly on all cluster members, including the subnet mask.")(
  ConditionalRemediationSteps.OS_NXOS ->
    """|
      |1. Ensure all of the required interfaces are configured accordingly on all cluster members.
      |2. Consider to suspending this alert in case of orphan ports configured to one of the vPC peer switches.""".stripMargin
)

case class connected_tables_comparison_nonvsx(context: RuleContext) extends SnapshotComparisonTemplateRule(context,
  ruleName = "connected_tables_comparison_nonvsx",
  ruleFriendlyName = "Clustered Devices: Connected networks do not match across cluster members",
  ruleDescription = "Indeni will identify when two devices are part of a cluster and alert if the networks they are directly connected to do not match.",
  metricName = "connected-networks-table",
  metaCondition = !DataEquals("vsx", "true"),
  isArray = true,
  alertDescription = "Devices that are part of a cluster must have the same directly connected networks. Review the differences below.",
  baseRemediationText = "Ensure all of the required ports are configured correctly on all cluster members, including the subnet mask.")(
  ConditionalRemediationSteps.OS_NXOS ->
    """|
       |1. Ensure all of the required interfaces are configured accordingly on all cluster members.
       |2. Consider to suspending this alert in case of orphan ports configured to one of the vPC peer switches.""".stripMargin
)