DFE's SNMP MIB Walk Runs Slow when encountering TimeFiltered OIDs

  • 0
  • 1
  • Article
  • Updated 5 years ago
  • (Edited)
Article ID: 10162 

Products
Matrix N-Series 

Changes
Performing an SNMP MIB walk. 

Symptoms
High CPU utilization. 

Some OIDs such as...
                lldpRemEntry=1.0.8802.1.1.2.1.4.1.1            (ieee/lldp-mib)
dot1qVlanCurrentEntry=1.3.6.1.2.1.17.7.1.4.2.1 (ietf/Q-BRIDGE-MIB)
ptopoConnEntry=1.3.6.1.2.1.79.1.1.1.1 (ietf/PTOPO-MIB)
ctDot1qVlanForbidEgressPorts=1.3.6.1.4.1.52.4.1.2.16.7.1.3.1.1 (ctron-q-bridge-mib-ext)
ctCDPNeighborEntry=1.3.6.1.4.1.52.4.1.2.19.1.3.1 (ctron-cdp-mib)
ctAliasEntry=1.3.6.1.4.1.52.4.1.3.7.1.1.1.1 (ctron-alias-mib)
                                          ...take a long time to parse. 

Cause
These OIDs are time-filtered, so per the RFCs (e.g. RFC3512RFC4502) must return entries for all valid timeMarks. 

The SNMP browser should understand the behavior of a timeFiltered MIB and move on after seeing the timeFilter index increment. However, not all browsers behave in this manner. 

Solution/Workaround
Ensure you are using an appropriate SNMP tool - such as NetSight MIB tools - that behaves correctly. 

Workaround:
DFE firmware 6.01.01.0020 introduced a new command which can accommodate SNMP browsers that are not timeFilter-aware. 

Release notes state, in the "Software Changes and Enhancements" section:
A new SNMP control, "set snmp timefilter break", allows users to configure the
GET-NEXT behavior of MIBs indexed with timeMark. When this is set to 'enabled',
SNMP will not return incrementing index values. Many SNMP tools do not properly
support timefiltered MIBs and will benefit from this new setting. When disabled,
SNMP returns RFC conformant indexing.

Here is the command syntax, as seen in a sample cli session:
  NSeries(rw)->set snmp timefilter

Command: set snmp Create SNMP agent entries

Object: timefilter SNMP timefilter configuration
Usage: set snmp timefilter break {disable | enable}

break Set SNMP timefilter break (default: disabled)
disable Disable timefilter break
enable Enable timefilter break
NSeries(rw)->

Pre-upgrade workaround:
In the SNMP configuration, exclude (5610) the lldpRemEntry, dot1qVlanCurrentEntry,ptopoConnEntry, ctDot1qVlanForbidEgressPorts, ctCDPNeighborEntry, and ctAliasEntrybranches from the visible MIB Tree:
  set snmp view viewname All subtree 1
set snmp view viewname All subtree 0.0
set snmp view viewname All subtree 1.0.8802.1.1.2.1.4.1.1 excluded
set snmp view viewname All subtree 1.3.6.1.2.1.17.7.1.4.2.1 excluded
set snmp view viewname All subtree 1.3.6.1.2.1.79.1.1.1.1 excluded
set snmp view viewname All subtree 1.3.6.1.4.1.52.4.1.2.16.7.1.3.1.1 excluded
set snmp view viewname All subtree 1.3.6.1.4.1.52.4.1.2.19.1.3.1 excluded
set snmp view viewname All subtree 1.3.6.1.4.1.52.4.1.3.7.1.1.1.1 excluded
Photo of FAQ User

FAQ User, Official Rep

  • 13,610 Points 10k badge 2x thumb

Posted 5 years ago

  • 0
  • 1

There are no replies.

This conversation is no longer open for comments or replies.