Interface(s) in error-disable state-juniper-junos

error
health-checks
junos
juniper
Interface(s) in error-disable state-juniper-junos
0

#1

Interface(s) in error-disable state-juniper-junos

Vendor: juniper

OS: junos

Description:
Interfaces can be put in err-disable state if certain errors are detected by the devices. Indeni will alert if this happens.

Remediation Steps:
Review the causes why some interfaces were put in error-disable state.
|1. On the device command line interface execute the “show ethernet-switching interfaces” command to review the status of interfaces.
|2. Check if the MAC limit or MAC move limit is not exceeded.
|3. Check if the storm control is in effect.
|4. Review whether multiple devices are connected to the port.
|5. Check if the device is not moving too frequently or rate-limiting is not exceeded.
|6. Review the following article on Juniper tech support site: Ethernet Switching Feature Guide: show ethernet-switching interfaces.

How does this work?
The script runs “show ethernet-switching interfaces” command via ssh connection to the device and retrieves the port status related to port-error-disable rules configured.

Why is this important?
The port is disabled if port-error-disable is enabled and the port is configured to be shut down when it vilates the rules specified.

Without Indeni how would you find this?
An administrator could login to the device to manually run the command.

junos-show-ethernet-switching-interfaces

#! META
name: junos-show-ethernet-switching-interfaces
description: JUNOS SRX identifying which interface is disabled because of the vilation of the port-error-disable configuration
type: monitoring
monitoring_interval: 5 minute
requires:
     vendor: juniper
     os.name: junos
     product: firewall 
     high-availability:
         neq: true

#! COMMENTS
network-interface-err-disable-description:
    why: |
        This metric tells why the port is disabled.
    how: |
        The script runs "show ethernet-switching interfaces"  command via ssh connection to the device and retrieves the description for the disabled port.
    without-indeni: |
        An administrator could login to the device to manually run the command "show ethernet-switching interfaces".
    can-with-snmp: false
    can-with-syslog: true
    vendor-provided-management: |
        The same information can be retrieved via the command line.

network-interface-err-disable:
    why: |
        The port is disabled if port-error-disable is enabled and the port is configured to be shut down when it vilates the rules specified.     
    how: |
        The script runs "show ethernet-switching interfaces" command via ssh connection to the device and retrieves the port status related to port-error-disable rules configured.
    without-indeni: |
        An administrator could login to the device to manually run the command. 
    can-with-snmp: true  
    can-with-syslog: true 
    vendor-provided-management: |
        The same information can be retrieved via the command line.

#! REMOTE::SSH
show ethernet-switching interfaces | display xml

#! PARSER::XML
_vars:
    root: /rpc-reply//switching-interface-information[1]
_metrics:
    -
        _groups:
            ${root}/interface:
                _tags:
                    "im.name":
                        _constant: "network-interface-err-disable"
                    "live-config":
                        _constant: "true"
                    "display-name":
                        _constant: "Network Interface Error Disable Status"
                    "im.dstype.displayType":
                        _constant: "state"
                    "im.identity-tags":
                        _constant: "name"
                    "im.identity-tags":
                        _constant: "blocking-status"
                    "blocking-status":
                        _text: "interface-vlan-member-list/interface-vlan-member/blocking-status"
                _temp:
                    "status":
                        _text: "interface-state"
                    "name":
                        _text: "interface-name"
        _transform:
            _tags:
                "name": |
                    {
                       print temp("name") 
                    }
            _value.double: |
                {
                    if (temp("status") == "up") {
                        print "0"
                    } else {
                        print "1"
                    }
                }
    - 
        _groups:
            ${root}/interface:
                _tags:
                    "im.name":
                        _constant: "network-interface-err-disable-description"
                    "name":
                        _text: "interface-name"
                _value.complex:
                    value:
                        _text: "interface-vlan-member-list/interface-vlan-member/blocking-status"

CrossVendorInterfaceErrorDisableState

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.server.rules.RuleContext
import com.indeni.ruleengine.expressions.core._
import com.indeni.server.rules.library.{ConditionalRemediationSteps, StateDownTemplateRule}
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity


case class CrossVendorInterfaceErrorDisableState(context: RuleContext) extends StateDownTemplateRule(context,
  ruleName = "CrossVendorInterfaceErrorDisableState",
  ruleFriendlyName = "All Devices: Interface(s) in error-disable state",
  ruleDescription = "Interfaces can be put in err-disable state if certain errors are detected by the devices. Indeni will alert if this happens.",
  metricName = "network-interface-err-disable",
  applicableMetricTag = "name",
  alertIfDown = false,
  alertItemsHeader = "Affected Interfaces",
  alertDescription = "Interfaces can be put in err-disable state if certain errors are detected by the devices.\nThis includes:\n* Flapping links\n* Spanning Tree BPDUs detected with BPDU Guard enabled\n* Detected a physical loop\n* Uni-directional link detected by UDLD",
  baseRemediationText = "Review the causes why some interfaces were put in error-disable state."
)(ConditionalRemediationSteps.OS_NXOS ->
  """|1. Use the "show interface" and "show interface status err-disabled" NX-OS commands to identify the reason for the err-disable interface state.
     |2. View information about the internal state transitions of the port by using the "show system internal ethpm event-history interface X/X" NX-OS command.
     |3. Review the logs for relevant findings by running the "show logging" NX-OS command.
     |4. After fixing the issue, run the "shut/no shut" command on the port to re-enable it.
     |5. It is possible to enable automatic periodic err-disable recovery by using the "errdisable recovery cause" NX-OS configuration command. For more information please review  the following CISCO  NX-OS guide:
     |<a target="_blank" href="https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/layer2/421_n1_1/b_Cisco_n5k_layer2_config_gd_rel_421_n1_1/Cisco_n5k_layer2_config_gd_rel_421_n1_1_chapter3.html#task_3B5CB60B4E8746FA900E16679C66B437">Enabling the Error-Disabled Detection</a>.""".stripMargin,
  ConditionalRemediationSteps.VENDOR_JUNIPER ->
    """|1. On the device command line interface execute the "show ethernet-switching interfaces" command to review the status of interfaces.
       |2. Check if the MAC limit or MAC move limit is not exceeded.
       |3. Check if the storm control is in effect.
       |4. Review whether multiple devices are connected to the port.
       |5. Check if the device is not moving too frequently or rate-limiting is not exceeded.
       |6. Review the following article on Juniper tech support site: <a target="_blank" href="https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-ethernet-switching-interfaces-qfx-series.html">Ethernet Switching Feature Guide: show ethernet-switching interfaces</a>.""".stripMargin
)