[mrtg] fwsm context traffic
Justin M. Streiner
mrtg at cluebyfour.org
Wed Mar 25 03:09:12 CET 2009
On Tue, 24 Mar 2009, paolo wrote:
> Right, I'm polling each context individually. I get the interfaces list
> for each one properly populated with the right name and gigabit speed, but
> it fails getting the counters (no V2 counters, dropping back to V1).
> But neither V1 counters are there when I poll with the proper OID.
> I think it has to do with the fact they are virtual interfaces. I can
> measure overall traffic in the 6 Gb backplane etherchannel but I
> need traffic per context (DMZ, Intranet....).
At this point I'm not doing per-context statistics. I also checked and I
don't see any Counter64s when I walk the MIB-II tree or the
vendor-specific MIB tree on one of my FWSMs, which leads me to believe
that the HC counters are not implemented in the FWSM 3.2 MIB. I don't
have any FWSMs running 4.0 at this point, but I should probably stand one
up in my lab at some point.
I'm running 3.2(7) on most of my FWSMs at the moment.
As a work-around you could probably poll the HC counters for the Vlan
interfaces that are getting sent into the FWSM. Are you running in
transparent mode or routed mode?
> --- On Tue, 3/24/09, McDonald, Dan <Dan.McDonald at austinenergy.com> wrote:
>> From: McDonald, Dan <Dan.McDonald at austinenergy.com>
>> Subject: Re: [mrtg] fwsm context traffic
>> To: mrtg at lists.oetiker.ch
>> Date: Tuesday, March 24, 2009, 3:41 PM
>> On Tue, 2009-03-24 at 11:55 -0700,
>> paolo wrote:
>>> I use the 6500 fw service module (v3.2) and I'm trying
>> to measure
>>> traffic in the interfaces of my virtual firewalls
>> -contexts- using
>>> mrtg. But when the mrtg snmp poller contacts the
>> virtual firewall, it
>>> answers that no V2 counters (high speed counters) were
>> found despite
>>> it properly reports the interface name and speed.
>> Odd, I've not had any problem detecting HC counters on fwsm
>> 2.3.5 using
>> snmp v2c
>>> Has anybody been successful in measuring traffic of
>> this fwsm contexts
>>> using mrtg or similar? Maybe this counters are not
>> filled by the fw
>>> and then there's no way?
>> Yes, but I'm not using contexts. I think you have to
>> monitor every
>> context individually (meaning, treat them as separate
>> firewalls, each
>> with its own snmp config...)
>> Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
>> Austin Energy
>> -----Inline Attachment Follows-----
>> mrtg mailing list
>> mrtg at lists.oetiker.ch
> mrtg mailing list
> mrtg at lists.oetiker.ch
More information about the mrtg