05-12-2008 04:48 PM
I'm trying to use Cacti to monitor several SSGs and an ISG, and I've come across an issue with subinterfaces on the ISG.
I created a host template here that works great for the SSG series. I can monitor VPN tunnels, subinterfaces, etc. However, when I try to apply the same template to the ISG, the values are all wrong. I notice that when I snmpwalk the ISG the interfaces only increment up to .7 (i.e. ifInOctets.1-7) when this device has at least 14 subinterfaces.
I've attached graphs between two interconnected interfaces on an ISG and an SSG. Traffic should be inversely mirrored on these graphs, but the ISG graph just seems to be all wrong. The SSGs are all running 6.1 and the ISG is running 6.0. Is there something different between the two hardware platforms or is the difference in the ScreenOS version or both that would be causing this?
Solved! Go to Solution.
05-13-2008 12:58 PM
The script was calling the specific oids, but I went ahead and loaded the mibs anyway to verify. I did a manual walk, but I still don't understand what these values are for. Do these counters display bandwidth or something else?
Here is are the snippets of an interface when I did an snmpwalk.
snmpwalk -v 2c -O n -c community 18.104.22.168 nsIfName
.22.214.171.124.4.1.3126.96.36.199.2.19 = STRING: aggregate1.14
snmpwalk -v 2c -c community 188.8.131.52 nsIfFlowInByte
NETSCREEN-INTERFACE-MIB::nsIfFlowInByte.19 = Counter32: 1321866481
snmpwalk -v 2c -O n -c community 184.108.40.206 nsIfFlowInByte
.220.127.116.11.4.1.318.104.22.168.3.19 = Counter32: 1321866481
05-13-2008 03:51 PM
Wow. I asked JTAC and this is the response I got:
The RFC MIBs will respond back with hardware counter statistics that will correlate to a GET COUNTER STAT command. The Netscreen Private MIBS will return Flow statistics. The flow counters will only show traffic that passed the CPU. On an ASIC based system such as the ISG-1000 this will cause a difference in the numbers as most traffic will not pass through the CPU but be processed by the ASIC. Traffic that would pass by the CPU would be first packets, ICMP traffic, ALG traffic such as SQL H323, or packets needing fragmentation. The Netscreen MIB counters should match the GET COUNTER FLOW statistics.
As the SSG5 does not use an ASIC chip all traffic would pass by the CPU and the numbers would not match as you noted.
So everything is actually working as intended...