SRX

Hi All,

  I have an SRX-650 where all my SNMP requests get dropped, a look at the statistics on the box show that the SNMP Input Throttle Drops counter goes up every time I attemp any type of snmp walk or query from an outside box.

SNMP walk on the device itself is fine.

Looking up what a Throttle Drop is in the Juniper Docs gives me this Great and descriptive answer

Throttle drops—Number of SNMP packets for any requests dropped reaching the throttle limit.

*You know I would have never guessed that a throttle drop is a dropped packet due to throttling....lol*

snmpd process manages two queues "destination queue" and "throttle queue" ...

throttle queue is using in trap generation process .... throttling controls the no of traps generated per second ...

If very large no traps are there or due to non-aval of snmp destinations, throttle queuing is undertaken (dictated by throttle interval and throttle threshold) ..

so you might be getting this error due to large snmp traffic ....

ref: http://juniperyourjob.net/techpubs/en_US/junos/topics/concept/snmp-best-practices-intro.html

ref: http://www.juniper.net/techpubs/software/junos/junos93/swconfig-net-mgmt/understanding-snmp-junos-nm.html

regards

Thanks for the reply.  I dont think it would be related to high SNMP traffic since I only get the throttle drops if I try to issue an SNMP command such as walk.  If I dont do anything then the drops dont go up ( which they would If my box was sending too many traps).

hi,

I understand Magraw asks about snmp queries, not traps, so rasmus' comment doesn't apply.

Magraw, could you show the show snmp statistics output ? Have you tried to enable traceoptions for snmp ?

Was SNMP working with that SRX in the past ?

jtb

It never worked.  What is strange is i have another SRX-650 cluster with the same configuration and it seems to work fine.

Here is the stats, I cleared them 15 minutes ago.  If I issue an SNMP walk from my NMS station the Throttle drops will just go really high.  I have not enabled traceoptions for snmp what flags would you recommend?

Input:
    Packets: 0, Bad versions: 0, Bad community names: 0,
    Bad community uses: 0, ASN parse errors: 0,
    Too bigs: 0, No such names: 0, Bad values: 0,
    Read onlys: 0, General errors: 0,
    Total request varbinds: 0, Total set varbinds: 0,
    Get requests: 0, Get nexts: 0, Set requests: 0,
    Get responses: 0, Traps: 0,
    Silent drops: 0, Proxy drops: 0, Commit pending drops: 0,
    Throttle drops: 24, Duplicate request drops: 0
  V3 Input:
    Unknown security models: 0, Invalid messages: 0
    Unknown pdu handlers: 0, Unavailable contexts: 0
    Unknown contexts: 0, Unsupported security levels: 0
    Not in time windows: 0, Unknown user names: 0
    Unknown engine ids: 0, Wrong digests: 0, Decryption errors: 0
  Output:
    Packets: 0, Too bigs: 0, No such names: 0,
    Bad values: 0, General errors: 0,
    Get requests: 0, Get nexts: 0, Set requests: 0,
    Get responses: 0, Traps: 0

config is below

interface reth1.0;
community shhItsAsecret {
    authorization read-only;
    clients {
        10.19.110.5/32;
    }
}
trap-group ALL-SNMP-TRAPS {
    version v2;
    categories {
        authentication;
        chassis;
        link;
        remote-operations;
        routing;
        startup;
        rmon-alarm;
        vrrp-events;
        configuration;
    }
    targets {
        10.19.110.5/32;
    }
}

hi,

I understand 10.19.110.5 is the NMS;  try snmpwalk with incorrect community, I expect 'Bad community uses:' will not increase. 

Regarding traceoptions, not sure about the flags, but it shouldn't made any harm to enable all.

And you can always try restarting snmp (restart snmp ...) if you are tired.

jtb

Hi jtb,

  You are correct.  I used a wrong community and Bad community uses did NOT increase, just the throttle drops.  Whats is strange is aI turned on traceoptions for snmp with flag all and I get no messages at all.  The throttle drops keep going up which tells me my requests do make it to the box but no snmp messages as to why it was dropped.

Restart process worked.  Thanks