[mrtg] Re: HTTP OIDs on Cisco

Daniel J McDonald dmcdonald at digicontech.com
Fri Apr 27 19:05:56 MEST 2001 

Nabil wrote:
>I want to monitor all http traffic on our routers, do you guys know the
>OIDs?  We have mix Cisco routers (25xx, 36XX and 7XXX).


I Replied:
>If you are running fairly recent code, you can use CAR to tag all of this
>traffic and monitor it.  See my web page at
>http://www.geocities.com/djmcdon1/ <corrected>
>for a brief example.

Patrick followed up:
>As I understand Nabil's original question, he is looking to monitor all the
>http through a router and graph it. Would a CAR work in this instance?
Isn't
>a CAR set to limit traffic? I don't think he wants to limit the traffic,
>just measure it.

The actions that can be taken by car are:
Transmit
set precedence and transmit
drop

These actions occur for the "conform" and "exceed" states.
Among the information kept is the number of packets that "conformed", and
the number of bytes that "conformed", plus the number of packets and bytes
that "exceeded".
So, if the conformance traffic allowance is larger than the physical
capacity of the interface, all traffic will "conform".  You can then use
this to count bytes that "conformed" to a specific rule.


>Also, I guess I'm being a little dense this morning. I can't follow the
>connection between setting a CAR and then how do you figure out the OID
that
>reflects how that CAR is utilized.

The root is ccarStatSwitchedBytes (.1.3.6.1.4.1.9.9.113.1.2.1.1.2)
There are three instance variables:
The first instance is the ifIndex of the interface that has CAR applied
the second instance is the direction of the CAR rule
the last instance is the rule number

So, let's say I have the following router config:
WichitaFalls#sh run int e 0/0
Building configuration...

Current configuration:
!
interface Ethernet0/0
 ip address 172.16.12.1 255.255.255.0
 ip helper-address 172.16.0.15
 rate-limit input access-group 110 448000 448000 448000 conform-action
set-prec-transmit 4 exceed-action set-prec-transmit 3
 rate-limit input access-group 120 448000 448000 448000 conform-action
set-prec-transmit 3 exceed-action set-prec-transmit 2
 rate-limit input access-group 130 448000 448000 448000 conform-action
set-prec-transmit 2 exceed-action set-prec-transmit 1
 rate-limit input 448000 448000 448000 conform-action set-prec-transmit 1
exceed-action set-prec-transmit 0
 ip route-cache flow
end

First we need to know the ifIndex value:
[dmcdonald at netmon radacct]$ snmpwalk -m CISCO-CAR-MIB -IR -Os 172.16.152.56
public ifName
ifName.1 = Se0/0
ifName.2 = Et0/0
ifName.3 = BR0/0
ifName.4 = BR0/0:1
[20 more elided]

So, the if index is '2'.
next the direction is "input", which is '1'.
finally, the order, no's 1,2,3,4.

So, we end up with:
[dmcdonald at netmon radacct]$ snmpwalk -m CISCO-CAR-MIB -IR -Os 172.16.152.56
public ccarStatSwitchedBytes
ccarStatSwitchedBytes.2.1.1 = 148 bytes
ccarStatSwitchedBytes.2.1.2 = 14298018 bytes
ccarStatSwitchedBytes.2.1.3 = 10859868 bytes
ccarStatSwitchedBytes.2.1.4 = 112516143 bytes

These values match what is in the cli (well, a minute or two elapsed, so
they aren't exact):
WichitaFalls#sh int rate
Ethernet0/0
  Input
    matches: access-group 110
      params:  448000 bps, 448000 limit, 448000 extended limit
      conformed 2 packets, 148 bytes; action: set-prec-transmit 4
      exceeded 0 packets, 0 bytes; action: set-prec-transmit 3
      last packet: 2511474520ms ago, current burst: 0 bytes
      last cleared 4w1d ago, conformed 0 bps, exceeded 0 bps
    matches: access-group 120
      params:  448000 bps, 448000 limit, 448000 extended limit
      conformed 73238 packets, 14298078 bytes; action: set-prec-transmit 3
      exceeded 0 packets, 0 bytes; action: set-prec-transmit 2
      last packet: 55183ms ago, current burst: 0 bytes
      last cleared 4w1d ago, conformed 0 bps, exceeded 0 bps
    matches: access-group 130
      params:  448000 bps, 448000 limit, 448000 extended limit
      conformed 86765 packets, 10859868 bytes; action: set-prec-transmit 2
      exceeded 0 packets, 0 bytes; action: set-prec-transmit 1
      last packet: 325049ms ago, current burst: 0 bytes
      last cleared 4w1d ago, conformed 0 bps, exceeded 0 bps
    matches: all traffic
      params:  448000 bps, 448000 limit, 448000 extended limit
      conformed 517932 packets, 112516143 bytes; action: set-prec-transmit 1
      exceeded 0 packets, 0 bytes; action: set-prec-transmit 0
      last packet: 5173610ms ago, current burst: 0 bytes
      last cleared 4w1d ago, conformed 0 bps, exceeded 0 bps
WichitaFalls#


>Help me, I'm confused.

let me know if I haven't cleared it up.

Daniel J McDonald - CCIE 2495, CNX
Principal Network Specialist
Digicon Technologies
http://www.digicontech.com
dmcdonald at digicontech.com

Digicon - A Cisco Systems Partner, Silver Certified.


--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive     http://www.ee.ethz.ch/~slist/mrtg
FAQ         http://faq.mrtg.org    Homepage     http://www.mrtg.org
WebAdmin    http://www.ee.ethz.ch/~slist/lsg2.cgi

More information about the mrtg mailing list