[rrd-users] Cisco NAM + Perl + SNMP + RMON2 + RRDtool

jon.hartman at verizon.com jon.hartman at verizon.com
Thu Dec 2 20:34:14 MET 2004 

Content-Type: text/plain;
 charset=us-ascii
Content-Transfer-Encoding: 7bit
Since I didn't have any bamboo shoots to shove under my fingernails, I
decided to look for something similarly painful and found it. In one fell
swoop I'm attempting to master several different technologies at once. I
have all of the above areas nailed down, except the RRDtool part.
 
Basically, we've got traffic passing through our residential email system
and I've been asked to come up with a way to break it down into a couple
of categories and graph it. Cisco's Network Analysis module extracts the
data from a spanned network connection and in turn populates RMON2 SNMP
counters. There is a counter per protocol and I'm polling every minute,
but since the traffic is bi-directional, I easily surpass the ~550Mbps
that causes a double counter-rollover on a 32-byte value. Apparently there
is another value stored that counts the number of times the counter has
rolled over.
 
So, I'm polling a total of 8 values. The first four reflect # of packets
of SMTP, POP3, HTTP, and IP and the next four reflect the number of times
the corresponding counter rolled over. I'm tracking IP because
theoretically I can use it to reflect all the other traffic, once I
subtract the other three.
 
To get the deltas, I'm clearly going to need to know the actual values of
the last polling cycle and not an average. I was attempting to store all 8
values in one RRD but am wondering if instead I'll need to use multiple
ones. I created a script that pulls the snmp values, writes them to a log
(for troubleshooting) and then updates the RRD. It takes about 3 seconds
to execute and aside from some weirdness appears to update the RRD just
fine, but I'm having trouble getting to the values I want. Ultimately, I'd
like an MRTG/14all style page that shows the last 24 hours, as well as a
weekly, monthly, & yearly average. I created the RRD as follows:
 
/usr/bin/rrdtool create /tmp/dfw-core1-nam-packets.rrd -s 60
DS:SMTP:GAUGE:60:0:U DS:POP3:GAUGE:60:0:U DS:HTTP:GAUGE:60:0:U
DS:LEFTOVER:GAUGE:60:0:U DS:SMTP-OVERFLOW:GAUGE:60:0:U
DS:POP3-OVERFLOW:GAUGE:60:0:U DS:HTTP-OVERFLOW:GAUGE:60:0:U
DS:LEFTOVER-OVERFLOW:GAUGE:60:0:U RRA:LAST:0.5:1:4000 RRA:LAST:0.5:30:800
RRA:LAST:0.5:120:800 RRA:LAST:0.5:1440:800 RRA:MAX:0.5:1:4000
RRA:MAX:0.5:30:800 RRA:MAX:0.5:120:800 RRA:MAX:0.5:1440:800
 
Here's an XML dump example (some of the fields)
 
<!-- 2004-12-02 13:08:00 CST / 1102014480 --> <row><v> 1.7739076461e+09
</v><v> 7.0686167367e+08 </v>
<!-- 2004-12-02 13:09:00 CST / 1102014540 --> <row><v> 1.7741392930e+09
</v><v> 7.0697975800e+08 </v>
<!-- 2004-12-02 13:10:00 CST / 1102014600 --> <row><v> 1.7880091150e+09
</v><v> 7.1402227600e+08 </v>
<!-- 2004-12-02 13:11:00 CST / 1102014660 --> <row><v> 1.7951044406e+09
</v><v> 7.1739369903e+08 </v>
<!-- 2004-12-02 13:12:00 CST / 1102014720 --> <row><v> 1.8023629629e+09
</v><v> 7.2081122800e+08 </v>
<!-- 2004-12-02 13:13:00 CST / 1102014780 --> <row><v> 1.8091557305e+09
</v><v> 7.2432633387e+08 </v>
 
As well as a capture screen output.
 
2004-12-02 13:08:02 -
1774139293:706979758:1392602737:1997278484:91:48:14:157
2004-12-02 13:09:03 -
1781003644:710538208:1393945692:2009291558:91:48:14:157
2004-12-02 13:10:02 -
1788009115:714022276:1395263788:2021324726:91:48:14:157
2004-12-02 13:11:02 -
1795349107:717509955:1396633974:2033725442:91:48:14:157
2004-12-02 13:12:02 -
1802604820:720925065:1397952033:2045915605:91:48:14:157
2004-12-02 13:13:02 -
1809381624:724443619:1399215688:2057693353:91:48:14:157

A couple of things I don't understand would be:
1) Why is the data stored one polling cycle behind? Is that because it
gets stored in the last PDP field and tagged on in the next cycle?
2) Why are the values not matching in all cases? I specified "last" and
not "average," so I would expect them to. My updates are being performed
via the included RRDs perl module like so: RRDs::update
("/tmp/dfw-core1-nam-packets.rrd",
"N:$packets_smtp:$packets_pop3:$packets_http:$packets_leftover:$packets_sm
tp_roll:$packets_pop3_roll:$packets_http_roll:$packets_leftover_roll");
3) Should I actually be storing the values in one RRD that I use to
calculate the deltas and then storing those in another RRD that I graph,
instead of trying to cram it all into one RRD?
 
Thanks in advance,
 
  _____  

 	  Jon Hartman
  Network Engineering
  Verizon Internet Operations
	

  Phone:
  Cell: 	214-513-6792
940-453-1111 	
 



-- Attached file removed by Ecartis and put at URL below --
-- Type: application/octet-stream
-- Size: 4k (4796 bytes)
-- URL : http://www.ee.ethz.ch/~slist/p/at.jpg


--
Unsubscribe mailto:rrd-users-request at list.ee.ethz.ch?subject=unsubscribe
Help        mailto:rrd-users-request at list.ee.ethz.ch?subject=help
Archive     http://www.ee.ethz.ch/~slist/rrd-users
WebAdmin    http://www.ee.ethz.ch/~slist/lsg2.cgi

More information about the rrd-users mailing list