FW: Graphing Peering

[Daniel Golding <dgolding () burtongroup com>]

Additional information on MAC accounting from Hakan Lindholm...

(specifically, the SNMPv2c object to pull 64bit MAC accounting counters)

- Dan

------ Forwarded Message
From: Hakan Lindholm <hakan () staff spray se>
Date: Fri, 21 Jan 2005 20:36:45 +0100 (CET)
To: Daniel Golding <dgolding () burtongroup com>
Cc: <druid () softdust com>, andrew matthews <exstatica () gmail com>
Subject: Re: Graphing Peering

I'm not registerred to post on nanog.
You may send this info in, with or without quoting me..

On Thu, 20 Jan 2005, Daniel Golding wrote:

> Andrew,
>
> The 32 bit counters are a significant problem when using gigabit ethernet
> public peering interfaces. Needless to say, MAC accounting was not designed
> for gigabit speeds. Frequent polling is, sadly the only solution. If you
> write your own scripts, make sure to account for counter wrapping.

What about the .1.3.6.1.4.1.9.9.84.1.2.3.1.2 tree?
Remeber to use SNMPv2c.

We use the following to generate some MRTG config:


while (!$session->{ErrorStr} and
        $$vars[0]->tag eq "ipNetToMediaNetAddress"){

     if ($type eq "dynamic") {

         @mac = split(/:/, $mac);
         $decmac = join('.', hex $mac[0], hex $mac[1], hex $mac[2], hex
$mac[3], hex $mac[4], hex $mac[5]);
         ($iname, @junk) = gethostbyaddr( pack( "C4", split( "\\.", $ip )),
AF_INET );

         if (-z $iname) {$iname = $ip};
         if (!defined($peers{$ip})) {$peers{$ip} = "no BGP peer"};

         $ifi = $ix{$router}[1];

         print "\n";
         print "Target\[$ip\]:
1.3.6.1.4.1.9.9.84.1.2.3.1.2.$ifi.1.$decmac\&1.3.6.1.4.1.9.9.84.1.2.3.1.2.$i
fi.2.$decmac:$ARGV[1]\@$ARGV[0]:::::2\n",

         "MaxBytes\[$ip\]: 25000000\n",
         "Title\[$ip\]: $ix{$router}[0]: $peers{$ip}\n",
         "PageTop\[$ip\]: <H1>$ix{$router}[0]: $peers{$ip}</H1>\n",
         "\tIP: $ip, DNS: ", $iname, "\n";
     }
     ($ip,$mac,$type) = $session->getnext($vars);
};

(This is only part of the script.  You should make it work in your
environment quite easy though.)


> - Dan
>
> on 1/20/05 9:45 AM, "druid () softdust com" <druid () softdust com> wrote:
>
> > On Wed, 2005-01-19 at 22:41, andrew matthews wrote:

> > Another problem you might run into is counter wrapping. When polling
> > every 5 minutes, some counters may wrap. (there is no 64 bit counter for
> > the mac-address accounting). So you have to run it in short timeframes,
> > causing more cpu utilization.

Talking about Cisco, see above.  There is such counters.


> > But all in all, mac-accounting and Netflow source-as give you a very
> > good overview of your network flows.

Yes indeed.

/H

------ End of Forwarded Message