Maximum number of routes nearing (IPv4)-juniper-junos

Maximum number of routes nearing (IPv4)-juniper-junos
0

Maximum number of routes nearing (IPv4)-juniper-junos

Vendor: juniper

OS: junos

Description:
Many devices have a limit for the number of IPv4 routes that can be defined. Indeni will alert prior to the number of routes reaching the limit.

Remediation Steps:
Consider removing certain routes.

How does this work?
This script retrieves the total of routes on the device by running “show route summary” command.

Why is this important?
The number of routes might have negative impact on the device.

Without Indeni how would you find this?
An administrator could log on to the device to run the command “show route summary” to collect the same information.

junos-show-route-summary

name: junos-show-route-summary
description: JUNOS retrieving the total of routes
type: monitoring
monitoring_interval: 5 minute
requires:
    vendor: juniper
    os.name: junos
comments:
    routes-limit:
        why: |
            The SRX allows to configure a limit for the number of routes installed in a routing table based upon the route prefix.
        how: |
            This script retrieves the maximum-prefixes configured on the SRX device by running "show route summary" command.
        can-with-snmp: false
        can-with-syslog: false
    routes-usage:
        why: "The number of routes might have negative impact on the device. \n"
        how: "This script retrieves the total of routes on the device by running \"\
            show route summary\" command. \n"
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: show route summary
    parse:
        type: AWK
        file: show-route-summary.parser.1.awk

junos-show-route-summary

name: junos-show-route-summary
description: JUNOS retrieving the total of routes
type: monitoring
monitoring_interval: 5 minute
requires:
    vendor: juniper
    os.name: junos
comments:
    routes-limit:
        why: |
            The SRX allows to configure a limit for the number of routes installed in a routing table based upon the route prefix.
        how: |
            This script retrieves the maximum-prefixes configured on the SRX device by running "show route summary" command.
        can-with-snmp: false
        can-with-syslog: false
    routes-usage:
        why: "The number of routes might have negative impact on the device. \n"
        how: "This script retrieves the total of routes on the device by running \"\
            show route summary\" command. \n"
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        command: show route summary
    parse:
        type: AWK
        file: show-route-summary.parser.1.awk

routes_defined_limit

// Deprecation warning : Scala template-based rules are deprecated. Please use YAML format rules instead.

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.NearingCapacityTemplateRule
import com.indeni.server.rules.RemediationStepCondition

/**
  *
  */
case class routes_defined_limit() extends NearingCapacityTemplateRule(
  ruleName = "routes_defined_limit",
  ruleFriendlyName = "All Devices: Maximum number of routes nearing (IPv4)",
  ruleDescription = "Many devices have a limit for the number of IPv4 routes that can be defined. Indeni will alert prior to the number of routes reaching the limit.",
  usageMetricName = "routes-usage",
  limitMetricName = "routes-limit",
  threshold = 80.0,
  alertDescriptionFormat = "There are %.0f IPv4 routes defined where the limit is %.0f.",
  baseRemediationText = "Consider removing certain routes.")(
  RemediationStepCondition.VENDOR_CISCO ->
    """|
      |1. Execute the "show ip route summary" command to display the current contents of the IPv4 routing table in summary format.
      |2. Consider to deploy route summarization to decrease the  total number of ipv4 prefixes.
      |3. Consider to clean up the configuration from unused routes.""".stripMargin,
  RemediationStepCondition.OS_CISCO_ASA ->
    """|Run the "show resource usage detail" command to view the current number of routes, the peak and the allowed limit. The value under the deny column shows the routes that were denied because they exceeded the resource limit. For more options for this command refer to the command reference guide: <a href="https://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/S/cmdref3/s11.html#pgfId-1527546">Cisco ASA Series, Command Reference</a>
      |Execute the "show route" command to review the routing table to identify any abnormal increase to the routing table or unstable routes.
      |Consider to increase the maximum limit of the routes to this context in case that Multi Mode is enabled to the firewall.
      |Enable route summarization to decrease the total number of routes.
      |A high number of routes could have severe impact to the memory and CPU utilization""".stripMargin
)