Header Only - DO NOT REMOVE - Extreme Networks

High cpu in monitoring because of SnmpSubagent andf SnmpMaster processes


Userlevel 1
Hi all,

Can anybody help explain why the snmpMaster and snmpSubagent processes are using a lot of cpu during snmp polls? Maybe misconfiguration?

Running image is 16.1.3.6-patch1-9

In our monitoring we see that every few minutes the cpu utilisation of one of our X440's is abnormal high. Our monitoring server uses snmp polls every minute to get the switch cpu utilization (among other things).

This is happening when there is almost no traffic even, for example during nights. See the image below the cpu utilization every few minutes around 40%:



Now the top command on the switch shows more info, clearly the SnmpMaster and SnmpSubagent are using a lot of CPU during the poll:



Kind regards,

Frank

11 replies

I have seen this happen when components the SNMP is polling are damaged. Are there any log messages? I have also seen this as the result of a misconfiguration. But can't remember the details of that, or how we corrected it.
Also, are you using SNMPv3? I have seen V2 on a large stack cause high CPU, because SNMPv2c and 1 are inefficient compared to V3.
Userlevel 4
There's an article on GTAC knowledge base explains similar issue.

https://gtacknowledge.extremenetworks.com/articles/Solution/snmpMaster-process-runs-high/

Basically, the CPU utilization goes high when there's an excessive number of snmp request.
So I think you'd better check the numbers of snmp request first.

And if so, the article suggest a solution for that with installing access profile.

I hope this might be helpful.
Userlevel 6
Make sure SNMPv1 is not being used. SNMPv1 doesn't have GetBulkRequest like V2 whitch can cause the CPU to go high when requesting a lot of data.
Userlevel 1
Hi,

Thanks for helping out,
We are using snmp v2, the server is a remote (Zabbix) monitoring server.
The are no relevant messages in the logging.

Do I need to explicitly add the deny all in the acl ?

The configuration on switch:

X440 # show configuration | incl snmp
configure snmp sysName "X440"
configure snmp sysLocation "xxx"
configure snmp sysContact "xxx"
# Module snmpMaster configuration.
configure snmp access-profile "snmpACL" readonly
X440.2 #

The snmpACL.pol file:

entry allow_zabbix_bnc {if match all {
source-address x.x.x.x/32;
}
then {
permit;
}
}

Kind regards,

Frank
Userlevel 6
Frank Veen wrote:

Hi,

Thanks for helping out,
We are using snmp v2, the server is a remote (Zabbix) monitoring server.
The are no relevant messages in the logging.

Do I need to explicitly add the deny all in the acl ?

The configuration on switch:

X440 # show configuration | incl snmp
configure snmp sysName "X440"
configure snmp sysLocation "xxx"
configure snmp sysContact "xxx"
# Module snmpMaster configuration.
configure snmp access-profile "snmpACL" readonly
X440.2 #

The snmpACL.pol file:

entry allow_zabbix_bnc {if match all {
source-address x.x.x.x/32;
}
then {
permit;
}
}

Kind regards,

Frank

Yes, You do need a deny all ACL.
Userlevel 1
Frank Veen wrote:

Hi,

Thanks for helping out,
We are using snmp v2, the server is a remote (Zabbix) monitoring server.
The are no relevant messages in the logging.

Do I need to explicitly add the deny all in the acl ?

The configuration on switch:

X440 # show configuration | incl snmp
configure snmp sysName "X440"
configure snmp sysLocation "xxx"
configure snmp sysContact "xxx"
# Module snmpMaster configuration.
configure snmp access-profile "snmpACL" readonly
X440.2 #

The snmpACL.pol file:

entry allow_zabbix_bnc {if match all {
source-address x.x.x.x/32;
}
then {
permit;
}
}

Kind regards,

Frank

Ok I will add the deny all rule to see if I get any logging.

Another / maybe linked "problem", I see that two processes are using +-10% cpu all the time bcmLINK.0 and bcmLINK.1. Can anybody tell me if this is normal behaviour? I can't find any documentation about these processes.
*Edit: I did find docu :):
https://gtacknowledge.extremenetworks.com/articles/Q_A/What-is-the-functional-responsibility-of-bcmL...

Userlevel 4
Frank Veen wrote:

Hi,

Thanks for helping out,
We are using snmp v2, the server is a remote (Zabbix) monitoring server.
The are no relevant messages in the logging.

Do I need to explicitly add the deny all in the acl ?

The configuration on switch:

X440 # show configuration | incl snmp
configure snmp sysName "X440"
configure snmp sysLocation "xxx"
configure snmp sysContact "xxx"
# Module snmpMaster configuration.
configure snmp access-profile "snmpACL" readonly
X440.2 #

The snmpACL.pol file:

entry allow_zabbix_bnc {if match all {
source-address x.x.x.x/32;
}
then {
permit;
}
}

Kind regards,

Frank

Looking at the above output i could say "bcmlink.0" and "bcmlink.1" can show even maximum 20-22% each while using default config. The cause which i would feel here is the use of default config in the setup.
Userlevel 1
Frank Veen wrote:

Hi,

Thanks for helping out,
We are using snmp v2, the server is a remote (Zabbix) monitoring server.
The are no relevant messages in the logging.

Do I need to explicitly add the deny all in the acl ?

The configuration on switch:

X440 # show configuration | incl snmp
configure snmp sysName "X440"
configure snmp sysLocation "xxx"
configure snmp sysContact "xxx"
# Module snmpMaster configuration.
configure snmp access-profile "snmpACL" readonly
X440.2 #

The snmpACL.pol file:

entry allow_zabbix_bnc {if match all {
source-address x.x.x.x/32;
}
then {
permit;
}
}

Kind regards,

Frank

What default config are you referring to?
Userlevel 4
Frank Veen wrote:

Hi,

Thanks for helping out,
We are using snmp v2, the server is a remote (Zabbix) monitoring server.
The are no relevant messages in the logging.

Do I need to explicitly add the deny all in the acl ?

The configuration on switch:

X440 # show configuration | incl snmp
configure snmp sysName "X440"
configure snmp sysLocation "xxx"
configure snmp sysContact "xxx"
# Module snmpMaster configuration.
configure snmp access-profile "snmpACL" readonly
X440.2 #

The snmpACL.pol file:

entry allow_zabbix_bnc {if match all {
source-address x.x.x.x/32;
}
then {
permit;
}
}

Kind regards,

Frank

Default config is nothing but If you forget your password while logged out of the CLI, you can use the boot loader to reinstall a default switch configuration, which allows access to the switch without a password. Note that this process re configures all
switch settings back to the initial default configuration.
Userlevel 1
Frank Veen wrote:

Hi,

Thanks for helping out,
We are using snmp v2, the server is a remote (Zabbix) monitoring server.
The are no relevant messages in the logging.

Do I need to explicitly add the deny all in the acl ?

The configuration on switch:

X440 # show configuration | incl snmp
configure snmp sysName "X440"
configure snmp sysLocation "xxx"
configure snmp sysContact "xxx"
# Module snmpMaster configuration.
configure snmp access-profile "snmpACL" readonly
X440.2 #

The snmpACL.pol file:

entry allow_zabbix_bnc {if match all {
source-address x.x.x.x/32;
}
then {
permit;
}
}

Kind regards,

Frank

Are you sure you are employee? 🙂

Reply