IPSEC tunnel count continuously increments
I've built a DMVPN test network with one hub and one spoke and upon monitoring them, I notice the graph for IPSEC Active Tunnels (/graphs/type=device_cipsec_flow_tunnels) increments by one every hour - only on the spoke router, not on the hub.
So I'm wondering where Observium is grabbing that piece of data from? Which SNMP OID?
If I do a "show crypto eli" on the spoke, I have 2 active sessions (Observium now reports 66), and 12 on the hub (Observium reports 5).
Any ideas?
Thanks!
Upgrade your IOS. It's probably not decrementing the gauge when a tunnel goes down, or something.
#alpha:/home/observium/dev# snmpbulkwalk -v2c -c XXXXX -M mibs -m CISCO-IPSEC-FLOW-MONITOR-MIB cisco.3925 cipSecGlobalStats #CISCO-IPSEC-FLOW-MONITOR-MIB::cipSecGlobalActiveTunnels.0 = Gauge32: 10
adam.
On 20/12/2012 12:01, Alex Pressé wrote:
I've built a DMVPN test network with one hub and one spoke and upon monitoring them, I notice the graph for IPSEC Active Tunnels (/graphs/type=device_cipsec_flow_tunnels) increments by one every hour
- only on the spoke router, not on the hub.
So I'm wondering where Observium is grabbing that piece of data from? Which SNMP OID?
If I do a "show crypto eli" on the spoke, I have 2 active sessions (Observium now reports 66), and 12 on the hub (Observium reports 5).
Any ideas?
Thanks!
Alex Presse "How much net work could a network work if a network could net work?"
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
includes/polling/cisco-ipsec-flow-monitor.inc.php
is the module polling that MIB
adam.
On 20/12/2012 12:01, Alex Pressé wrote:
I've built a DMVPN test network with one hub and one spoke and upon monitoring them, I notice the graph for IPSEC Active Tunnels (/graphs/type=device_cipsec_flow_tunnels) increments by one every hour
- only on the spoke router, not on the hub.
So I'm wondering where Observium is grabbing that piece of data from? Which SNMP OID?
If I do a "show crypto eli" on the spoke, I have 2 active sessions (Observium now reports 66), and 12 on the hub (Observium reports 5).
Any ideas?
Thanks!
Alex Presse "How much net work could a network work if a network could net work?"
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
State your IOS release, because there is one which does increment them all time until you reboot router ;)
On 20.12.2012 22:01, Alex Pressé wrote:
I've built a DMVPN test network with one hub and one spoke and upon monitoring them, I notice the graph for IPSEC Active Tunnels (/graphs/type=device_cipsec_flow_tunnels) increments by one every hour - only on the spoke router, not on the hub.
So I'm wondering where Observium is grabbing that piece of data from? Which SNMP OID?
If I do a "show crypto eli" on the spoke, I have 2 active sessions (Observium now reports 66), and 12 on the hub (Observium reports 5).
Any ideas?
Thanks!
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Thanks guys. The spoke with weird counters is running "Cisco IOS Software, C890 Software (C890-UNIVERSALK9-M), Version 15.2(4)M2, RELEASE SOFTWARE (fc2)"
Sure enough; CISCO-IPSEC-FLOW-MONITOR-MIB::cipSecGlobalActiveTunnels.0 = Gauge32: 67
The hub is running 15.0(1)M4
I'll go bug Cisco.
Thanks again!
On Thu, Dec 20, 2012 at 11:09 AM, Nikolay Shopik shopik@inblock.ru wrote:
State your IOS release, because there is one which does increment them all time until you reboot router ;)
On 20.12.2012 22:01, Alex Pressé wrote:
I've built a DMVPN test network with one hub and one spoke and upon monitoring them, I notice the graph for IPSEC Active Tunnels (/graphs/type=device_cipsec_flow_tunnels) increments by one every hour - only on the spoke router, not on the hub.
So I'm wondering where Observium is grabbing that piece of data from?
Which
SNMP OID?
If I do a "show crypto eli" on the spoke, I have 2 active sessions (Observium now reports 66), and 12 on the hub (Observium reports 5).
Any ideas?
Thanks!
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
participants (3)
-
Adam Armstrong -
Alex Pressé -
Nikolay Shopik