Search


print PDF

Basic usage of statistics from Cisco ACE box via SNMP


This guide explains how information, such as CPU usage, can be gathered from the Cisco box via SNMP protocol. We use such information as a base for RRD graphs.

Prerequisites

- Cisco ACE box
- Dedicated Server
* with: apache2, snmp, RRDs, perl, mrtg, mrtg-rrd script for displaying charts.
- If you want to monitor loadbalancing: you need also a loadbalanced serverfarm configured on ACE.

Configuring ACE SNMP v.3 access

In this example we use safer version of SNMP - v.3. It doesn't use community name - requires username and password authentication.

First, create snmp-server with user/password access:
username: MonitorUser?
group: Network-Monitor?
pass: test-pass
rbx-99-6k-ace-1/vrack2070(config)# snmp-server user MonitorUser? Network-Monitor? auth sha pass-monitor


Now we have to create a class map for SNMP traffic incoming from our management server (IP: 188.165.213.17):
rbx-99-6k-ace-1/vrack2070(config)# class-map type management match-all SNMP-ALLOW_CLASS
2 match protocol snmp source-address 188.165.213.17 255.255.255.255


policy map:
rbx-99-6k-ace-1/vrack2070(config)# policy-map type management first-match SNMP_POLICY
class SNMP-ALLOW_CLASS
permit


And finally, you apply policy-map to the external vlan interface:
rbx-99-6k-ace-1/vrack2070(config)# interface vlan 270
service-policy input SNMP_POLICY


Simple SNMP checks

Now we move to manage the server: 188.165.213.17

Firstly, check if there is an access to the ACE box via SNMP:
[root@server ~] snmpwalk -v 3 -l AuthNoPriv? -u MonitorUser? -a sha -A pass-monitor 188.165.125.125 1.3.6.1.2.1.1
SNMPv2-MIB::sysDescr.0 = STRING: Application Control Engine Service Module
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.9.1.730
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (2766993305) 320 days, 6:05:33.05
SNMPv2-MIB::sysContact.0 = STRING:
SNMPv2-MIB::sysName.0 = STRING: rbx-99-6k-ace-1
...


We've got some basic information using OID: 1.3.6.1.2.1.1 (this is system object in Cisco Object Tree - see documents) such as a system description, uptime and others.

Now we try to gather those data using a simple perl script:
#!/usr/bin/perl
use strict;
use warnings;
use Net::SNMP qw(:snmp);

my %oids = ( sysUpTimeInstance => '1.3.6.1.2.1.1.3.0',
sysDescr => '1.3.6.1.2.1.1.1.0',
cpmCPUTotal1minRev=> '1.3.6.1.4.1.9.9.109.1.1.1.1.7.1',
cpmCPUTotal5minRev=> '1.3.6.1.4.1.9.9.109.1.1.1.1.8.1' );

my ($session, $err) = Net::SNMP->session( -version => '3',
-hostname => '188.165.125.125',
-username => 'MonitorUser',
-authpassword => 'pass-monitor',
-authprotocol => 'sha' );
die 'Error: '. $err unless $session;
my $result = $session->get_request( -varbindlist => [values %oids] );

unless(defined $result) {
warn $session->error();
$session->close();
exit 1;
}

print "Report from ACE. Example info:\n";
foreach(sort keys %oids){
print $_ . ': ' . $result->{$oids{$_}} . "\n";
}
$session->close();
exit 0;


And the result:
[root@server ~] perl script.pl
Report from ACE. Example info:
cpmCPUTotal1minRev: 6
cpmCPUTotal5minRev: 4
sysDescr: Application Control Engine Service Module
sysUpTimeInstance: 320 days, 06:12:51.79


Then we can compare this information with the "real ones":
rbx-99-6k-ace-1/vrack2070# sh processes cpu

CPU utilization for five seconds: 3%; one minute: 6%; five minutes: 4%
PID Runtime(ms) Invoked uSecs 1Sec 5 Sec 1 Min 5 Min Process

1 412654 5652836 72 0.0 0.0 % 0.0 % 0.0 % init
2 14 2946 5 0.0 0.0 % 0.0 % 0.0 % keventd
3 40191 17823851 2 0.0 0.0 % 0.0 % 0.0 % ksoftirqd_CPU0
4 70517 17202179 4 0.0 0.0 % 0.0 % 0.0 % ksoftirqd_CPU1
5 0 1 10 0.0 0.0 % 0.0 % 0.0 % kswapd
...


As we can see CPU utilization data are the same (one and five minute periods).


MRTG, RRD, SNMP v.3 and putting all this things together


Now we're going to configure mrtg and present cpu utilization (one and five min. periods) on the charts.

MRTG example configuration for SNMP v3:
WorkDir: /home/ovh/aceMonitor/www

LogFormat: rrdtool
PathAdd: /usr/bin/
LibAdd: /usr/share/perl5
Options[$]: noborder nobanner growright

TimeStrFmt[_]: %Y-%m-%d %H:%M:%S

Target[ace-2070-load]: 1.3.6.1.4.1.9.9.109.1.1.1.1.7.1&1.3.6.1.4.1.9.9.109.1.1.1.1.8.1:public@188.165.125.125
:
3
SnmpOptions[ace-2070-load]: authpassword=>'pass-monitor',authprotocol=>'sha',username=>'MonitorUser'
noHC[ace-2070-load]: yes
SetEnv[ace-2070-load]: MRTG_INT_IP="188.165.125.125" MRTG_INT_DESCR=""
MaxBytes[ace-2070-load]: 100
Title[ace-2070-load]: CPU usage for rbx-99-6k-ace-1/vrack2070
PageTop[ace-2070-load]: <h1>CPU usage for rbx-99-6k-ace-1/vrack2070</h1>
LegendI[ace-2070-load]: cpu 1min:
LegendO[ace-2070-load]: cpu 5min:
Options[ace-2070-load]: gauge
Ylegend[ace-2070-load]: percent
ShortLegend[ace-2070-load]: %
Legend1[ace-2070-load]: CPU utilisation 1 min avg
Legend2[ace-2070-load]: CPU utilisation 5 min avg

enablesnmpv3: yes


And the result:



Additional documents

-Cisco SNMP Object Navigator
-Cisco Application Control Engine Module Load Balancing Guide
-MRTG reference