RE: [NV-L] VPN tunnel monitoring

To:	"Tivoli NetView Discussions" <nv-l@lists.ca.ibm.com>
Subject:	RE: [NV-L] VPN tunnel monitoring
From:	"Evans, Bill" <Bill.Evans@hq.doe.gov>
Date:	Wed, 10 Jan 2007 12:20:28 -0500
Delivery-date:	Wed, 10 Jan 2007 18:52:48 +0000
Envelope-to:	nv-l-archive@lists.skills-1st.co.uk
List-help:	<mailto:nv-l-request@lists.ca.ibm.com?subject=help>
List-id:	Tivoli NetView Discussions <nv-l.lists.ca.ibm.com>
List-post:	<mailto:nv-l@lists.ca.ibm.com>
List-subscribe:	<http://lists.ca.ibm.com/mailman/listinfo/nv-l>, <mailto:nv-l-request@lists.ca.ibm.com?subject=subscribe>
List-unsubscribe:	<http://lists.ca.ibm.com/mailman/listinfo/nv-l>, <mailto:nv-l-request@lists.ca.ibm.com?subject=unsubscribe>
Reply-to:	Tivoli NetView Discussions <nv-l@lists.ca.ibm.com>
Sender:	nv-l-bounces@lists.ca.ibm.com
Thread-index:	Acc01chzStNSvVTnSfm4qqqFAgBF6gAAwUzQ
Thread-topic:	[NV-L] VPN tunnel monitoring

These comments address our VPN.  Your experience may vary.  

VPN Tunnels are unique since they appear when established with an
"Interface nnn.nnn.nnn.nnn Added" trap and eventually go away with a
"Interface nnn.nnn.nnn.nnn Deleted" trap.  The garbage collection which
results in their removal from the system is not synchronous with the
customer abandoning the tunnel. (I think it's the daily NetView
configuration poll.) This gives me a situation where the tunnel is
Critical during the period between the hang-up and the removal of the
leftover interface.    

Automating the Interface Added and Interface Deleted traps should give
you the times for the tunnel. Your VPN administrator should be able to
identify what addresses they will use.  

I automated the Interface Added trap (IBM_NVIADD_EV) to pass the seventh
variable which contains the IP address (EXEC /opt/webmon/IFAdd.sh "$7").
In the IFAdd script I execute these commands to hide the tunnel so it
doesn't turn red and upset the console watchers (the Network Operations
desk) every time a VPN user exits. 

         ObjID=`/usr/OV/bin/ovtopodump ${IPAddress} | awk 'NR>1 {print
$2}'`
        /usr/OV/bin/event -b openview -e ACK_EV -a ${ObjID} -d
"Acknowledge ${IPAddress} ${ObjID}"
      /usr/OV/bin/nvmaputil.sh --unmanage-interface ${IPAddress} &

Bill Evans

-----Original Message-----
From: nv-l-bounces@lists.ca.ibm.com
[mailto:nv-l-bounces@lists.ca.ibm.com] On Behalf Of Mario Behring
Sent: Wednesday, January 10, 2007 10:45 AM
To: nv-l@lists.ca.ibm.com
Subject: [NV-L] VPN tunnel monitoring

Hi list,

Can I somehow configure NV 715 to identify and monitor the availability
of VPN tunnels? I have several VPNs connected to a Cisco PIX. The
tunnels are configured over a MPLS link.

Any help is appreciated.

Thank you.

Mario












 
________________________________________________________________________
____________
Any questions? Get answers on any topic at www.Answers.yahoo.com.  Try
it now.


_______________________________________________
NV-L mailing list
NV-L@lists.ca.ibm.com
Unsubscribe:NV-L-leave@lists.ca.ibm.com
http://lists.ca.ibm.com/mailman/listinfo/nv-l (Browser access limited to 
internal IBM'ers only)

<Prev in Thread]	Current Thread	[Next in Thread>
[NV-L] VPN tunnel monitoring, Mario Behring Re: [NV-L] VPN tunnel monitoring, Leslie Clark Re: [NV-L] VPN tunnel monitoring, Stephen Hochstetler RE: [NV-L] VPN tunnel monitoring, Evans, Bill <= Re: [NV-L] VPN tunnel monitoring, Mario Behring

Previous by Date:	[NV-L] VPN tunnel monitoring, Mario Behring
Next by Date:	Re: [NV-L] VPN tunnel monitoring, Leslie Clark
Previous by Thread:	Re: [NV-L] VPN tunnel monitoring, Stephen Hochstetler
Next by Thread:	Re: [NV-L] VPN tunnel monitoring, Mario Behring
Indexes:	[Date] [Thread] [Top] [All Lists]