fvalcho

Using SNMP as a good tool

Discussion created by fvalcho on Oct 7, 2016

     Oft times a value will need to be verified via some other means than the devices port stats or values themselves, such as found via the CLI. Such is the use for SNMP. Though Ciena has its' ESM, and MG-Soft can be used, and often are employed, they may not always end up in agreement with each others results.

     Case in point. While performing some standard snmpbulkwalks via an ESM, I discovered something, a difference in packet sizes being reported that were captured to a sniffer and examined. The packets were being fragmented on both. The frame size for these fragments are based on a 1514 pkt size, but reading through the sniffer traces, it was clear that the pkts were around 800-900 in size from one device, and containing almost no data. The 'walk was preformed against the 3960 and the 160. Teh 3960 used the Remote interface for its network access, while the 5160 used its Ethernet Local interface. The 3960 worked om, the 5160 would timeout. Must be SNMPv2c, since v1 does not use 'getBulk'. ESM does not use the same snmpbulkwalk as MG-Soft.

     MG-soft did not simulate ESM SNMP 'getBulk' exactly the same because it did not have multiple OIDs in a single request. So, it was better to capture during an ESM discovery. It appeared that the SNMP agent could only process one 'Get' request at a time. Not sending simultaneously, but sequentially. Snmpgetbulk oid1 oid2 oid3 oid4 … (ESM request, all OIDs are in the same table).

     The answer for proof, not only did Linux SNMP respond correctly, but it collaborated the results, and the failure was located. On the DUT, a 5160 with a Remote I/F, an 'snmpbulkwalk' on 1.3.6.1.4.1.6141.2.60 timeout at enterprises.2.60.11.1.1.2. While the MG-Soft had no issues here.

     FURTHER TESTING:

$ snmpbulkwalk -v2c -c public (3960_IP) 1.3.6.1.4 >> snmpbulkwalk.pcap

--copied this file off, and read it in ethereal. (WinSCP works).

While from the DUT side, we used the command 'tcpdump' as  user 'root':

$ root tcpdump port 161 -vvvXe -s 1514 -w 5160_snmp.pcap

--copy this file off, and read it in ethereal.

To view the full pkts on the Ciena device, use 'root tcpdump port 161 -vvvXe'

Outcomes