Routing Event Triggers

Overview

Routing Event Trigger configures:

Monitored items (BGP neighborship, IP Reachability Detection status).
Actions to perform, when the required state of the monitored items fails (tear the BGP neighborship, change the cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. state).
Decisions when to perform the actions.

Configuring Routing Event Triggers in Gaia Clish

Configuration of each Routing Event Trigger instance includes:

A name (specified with the "instance" parameter).
Zero or more monitored items (specified with the "monitor" sub-command).

The state of the monitored items, as processed by the decision program ("trigger"), determines whether to perform the configured actions.
Zero or more actions to perform when the decision program decides to do so (specified with the "do" sub-command).
A decision program (specified with the "trigger" sub-command).

The decision program determines when to perform the configured actions.

Syntax to configure a Routing Event Trigger instance:

set routing-event-trigger instance <Name of Instance>

do

fail-bgp-peer <BGP Peer> {on | off}

fail-clusterxl-member {local | <IPv4 address>}

hold-down {on | off}

{on | off}

monitor

bgp-peer-established <IPv4 or IPv6 of BGP Peer> {on | off}

ip-reachability-detection <IPv4 or IPv6 Address> {on | off}

off

trigger

/usr/libexec/routing_evt/routing_evt_all

/usr/libexec/routing_evt/routing_evt_any

/usr/libexec/routing_evt/routing_evt_maj

/usr/libexec/routing_evt/routing_evt_never

hold-down reset

Syntax to view the Routing Event Trigger history:

show routing-event-trigger

instance <Name of Instance> [detailed-history]

instances [detailed-history]

Parameters

Parameter

Description

instance <Name of Instance>

Specifies the name of the routing event trigger instance.

Notes:

The length of this string must be between 1-16 characters.
This string must contain only these characters:
- lowercase letters (a-z)
- digits (0-9)
- minus (-)
- underscore (_)
- period (.)

do fail-bgp-peer <BGP Peer> {on | off}

Specifies the action to fail the BGP neighborship with BGP peers (even if it would otherwise be "Established").

on - Adds this action to the instance configuration.
off - Removes this action from the instance configuration.

do fail-clusterxl-member {local | <IPv4 address>} {on | off}

Specifies the action to fail the ClusterXL state - to change it to "Down".

Values:

local - Specifies that the cluster state must change on this Cluster Member Security Gateway that is part of a cluster..
<IPv4 address> - Specifies that the cluster state must change on the peer Cluster Member with the specified IPv4 address (use the IP address of the Cluster Member object).
on - Adds this action to the instance configuration.
off - Removes this action from the instance configuration.

When the cluster state of a Cluster Member changes to "Down", a cluster failover occurs:

If this Cluster Member was Active in the High Availability mode.
If this Cluster Member was Pivot in the Load Sharing Unicast mode.

When the triggering condition does not exist anymore, cluster fallback occurs based on the configuration in the cluster object on the page ClusterXL and VRRP:

In the High Availability mode - based on the setting "Upon cluster member recovery".
In the Load Sharing Unicast mode - based on the priority of Cluster Members in the cluster object on the page Cluster Members.

Note - This action does not support VRRP Clusters.

do ... hold-down {on | off}

Specifies to keep doing the triggered action, even after the conditions which triggered it do not exist anymore.

Important - To cancel this, you must run this command:

set routing-event-trigger hold-down reset

Range: off, on

Default: off

monitor bgp-peer-established <IPv4 or IPv6 of BGP Peer> {on | off}

Monitors the state of BGP with a single BGP peer.

This monitor reacts to changes in the BGP neighborship state "Established" .

This monitor condition becomes "true" if at least one of these occurs:

BGP neighborship with the BGP peer reached the "Established" state.
BGP neighborship with the BGP peer never reached the "Established" state since the dynamic routing startup.
ClusterXL failover occurs.

monitor ip-reachability-detection <IPv4 or IPv6 Address> {on | off}

Monitors the state of "IP Reachability Detection" (BFD or ping) with the specified remote IP address (see IP Reachability Detection).

This monitor reacts to changes in the "reachable" state.

This monitor condition becomes "true" if at least one of these occurs:

Remote IP address becomes reachable.
Remote IP address was never reachable since the Gaia Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. startup.
ClusterXL failover occurs.

off

Removes this routing event trigger instance.

trigger <Triger>

Specifies the trigger - the "decision program" in this "routing-event-trigger" instance.

The decision program determines whether to perform the configured action or not.

Available decision programs:

/usr/libexec/routing_evt/routing_evt_all

Perform the action if all monitored items fail.
/usr/libexec/routing_evt/routing_evt_any

Perform the action if any of the monitored items fail.
/usr/libexec/routing_evt/routing_evt_maj

Perform the action if a majority of the monitored items fail.
/usr/libexec/routing_evt/routing_evt_never

Do not perform the action.

hold-down reset

Cancels the "hold down" status for the triggered action.

Monitoring Routing Event Triggers in Gaia Portal

From the left tree, in the Advanced Routing section, click Routing Event Trigger.
In the top right corner, click Monitoring.
In the Information section, click the applicable option to see all, or specific information:
- All data
- Monitored
- Actions
- Trigger runs