Checking Changes to the JUNOS Configuration
The SAE can check the configuration of a JUNOS routing platform under its control to detect whether the configuration has changed by a means other than through the SAE. If the SAE finds a disparity between the router and the SAE configurations, it can take several actions. The SAE checks the configuration installed on the router against the state of the SAE session layer (subscriber, service, and interface sessions). While the check is occurring, the SAE does not handle jobs from the router, and all provisioning activity is blocked, including event notifications.
The SAE can take the following actions if it finds a disparity between the router and SAE configurations:
- Remove the disparate sessions from the router. When the SAE removes a session, it generates Stop events for the session and removes the session from the session store and the SAE.
- Re-create the sessions that have been removed. Subscribers whose sessions have been removed need to log back in before they can activate services. During session re-creation, the SAE responds to event notifications and provisioning operations.
If the state of the router configuration is lost because of a failover or a restart, it is not possible to re-create the sessions.
The disparities are reported through the SAE router driver event trap called routerConfOutOfSynch and through the info log.
Note that it is not possible to check the consistency of individual provisioning objects. Therefore, modifications to a provisioning object while the SAE is disconnected from the router cannot be detected.
There are two ways to check the JUNOS configuration:
See Setting Up Periodic Configuration Checking.
See Checking the JUNOS Configuration with SAE Web Admin.
Setting Up Periodic Configuration Checking
To use SDX Configuration Editor to configure the SAE to periodically check the configuration of the JUNOS routing platform:
- In the navigation pane, select a configuration file for the SAE that you want to configure.
- Select the Router tab, expand the JUNOS Router Driver section, and then expand the Configuration Checking section.
- Edit or accept the default values in the fields.
See Configuration Checking Fields for the JUNOS Router Driver.
- Select File > Save.
- Right-click the configuration file, select SDX System Configuration > Export to LDAP Directory.
Configuration Checking Fields for the JUNOS Router Driver
In SDX Configuration Editor, you can modify the Configuration Checking fields in the JUNOS Router Driver section of the Router pane in an SAE configuration file.
Configuration Checking Schedule
- Specifies when the SAE checks the router configuration.
- Value—The schedule format is modeled on the UNIX crontab Entry Format (see UNIX crontab man pages). It consists of seven fields separated by space or tabs. The fields specify:
- Minute (0-59)
- Hour (0-23)
- Day of month (1-31, or the first three letters of the day of month)
- Month of the year (1-12)
- Day of the week (0-6 with 0=Sunday, or the first three letters of the name of the day)
- Year (4 digits indicating the year)
- Time Zone ID: An * indicates the SAE local time zone. For custom time zones, specify the format:
- zone = "GMT" ("+" | "-") (hour : minute | hour minute | hour)
- hour = digit digit
- minute = digit digit
- digit = 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
- An asterisk (*) is interpreted as 0 for minutes and hours and as the SAE local time zone for time zone. For all other fields, it stands for "first-last."
- Ranges of numbers and names are allowed. Ranges are two values separated with a hyphen. The specified range is inclusive. For example, 1-5 for the hour field specifies checking at hours 1, 2, 3, 4, and 5.
- Lists are allowed. A list is a set of numbers (or ranges) separated by commas. Examples: "1,2,5,9", "0-4,8-12".
- Step values can be used with ranges. Following a range with "/<number>" specifies skips in the number's value through the range. For example, "0-23/2" in the hours field specifies event execution every other hour. Steps are also permitted after an asterisk, so "*/2" to specifies every 2 hours.
- When determining the next event time based on a specific time pattern, the following rules apply:
- Seconds and milliseconds are ignored (that is, rounded up to the closest minute).
- If you set both a day of the month and a day of the week, only the day of month is used.
Configuration Checking Action
- Action that the SAE takes when it detects disparities between the configuration of the SAE and the configuration on the router.
- Value
- Enforce—Enforces the state of the session layer on the router. The SAE removes all sessions that have disparities and creates new sessions with the same activation parameters as the original ones.
- Synchronize—Synchronizes the state of the session layer on the router. The SAE removes all sessions that have disparities.
- Check only—Reports disparities through the SAE router driver event trap called routerConfOutOfSynch and through the info log. The SAE does not make any changes on the router.
Checking the JUNOS Configuration with SAE Web Admin
You can use SAE Web Admin to check the JUNOS configuration. You must be connected to a JUNOS router. To use SAE Web Admin to check the JUNOS configuration:
The Routers State screen appears.
- Check configuration—Checks the configuration on the router and reports any disparities through the SAE router driver event trap called routerConfOutOfSynch and through the info log.
- Synchronize configuration—Checks the configuration on the router and synchronizes the state of the session layer on the router. The SAE removes all sessions that have disparities.
- Enforce configuration—Checks the configuration on the router and enforces the state of the session layer on the router. The SAE removes all sessions that have disparities and creates new sessions with the same activation parameters as the original ones.