monitoring routing table stability (# of routes) and some other questions

Unanswered Question
Dec 22nd, 2009

Hi,

I have a fairly complex routing set-up with mutual redistribution between BGP and EIGRP. I would like to monitor any kind of change in the routing table,  or the underlying databases (BGP table, EIGRP topology) by using SNMP (similar to monitoring the router's CPU). Also, because it's a handy means to quickly identify other problems in the network.

Currently I have only found two relevant OIDs, i.e. cEigrpTopoRoutes and ipCidrRouteNumber. I am polling these values every 10s.

Are there any other relevant values? Most of the MIBs have the full tables, while I only need "summary" values.

I am particularly interested in the "equivalent" of the IOS commands:

show ip route summary

show ip bgp summary

With the OIDs found so far, it's not very clear on how they relate to the output of the commands above.

Final question:

in the output of the show ip route summary command there is a line indicating "internal". The documentation says that these are routes that are not owned by any routing protocol, but where do those routes actually come from?

Thanks.

Jan.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Giuseppe Larosa Tue, 12/22/2009 - 02:53

Hello Jan,

>> Currently I have only found two relevant OIDs, i.e. cEigrpTopoRoutes and ipCidrRouteNumber. I am polling these values every 10s.

every 10 seconds looks like too much to me.

about the internal routes in sh ip route summary: connected interfaces and static routes are candidated to this definition but they are classified with their names so I agree that internal is not clear.


http://www.cisco.com/en/US/docs/ios/iproute/command/reference/irp_pi2.html#wp1016199

An interesting feature that is not widely used is the the ip route profile. In the above command reference you can see an example of sh ip route profile.

Use this command in combination with the ip route profile global configuration command to validate the routing table change statistics.

That is decribed here:

http://www.cisco.com/en/US/docs/ios/iproute/command/reference/irp_pi1.html#wp1012879

have you tried to use SNMP MIB navigator?  it may help in finding the correct OIDs

http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en

I will try to see if there any MIB equivalent of sh ip route sum

Hope to help

Giuseppe

JAN MARIS Thu, 12/24/2009 - 05:35

Hello Giuseppe,

thanks for the useful feedback and the suggestion of the "ip route profile" command.

I used the Object Navigator extensively, but unfortunately it seems that the MIBs are much more "full table" oriented rather than "summary" oriented. I would hope that future MIBs would pick up such requirements.

Finally, I admit that 10s polling is rather unusual, but my network has a "per-second" packet relevance. So 10s is already one order of magnitude lower than what I ideally would need, but it is sufficient for my current purposes.

Moreover, I use a Quad-Core Linux server which is fast and big enough to poll nearly 4000 OIDs within 5 seconds (cacti, spine), even with some sites having a considerable latency. The days of 5-min polling with MRTG are long gone ;-)

Jan

Giuseppe Larosa Thu, 12/24/2009 - 05:55

Hello Jan,

when I say every 10 seconds can be too much I'm worried for the network devices not for the NME server the poller.

In the past, also very powerful GSRs have been stressed for example by asking with a single GET the whole BGP table!

Try to do this every few minutes on a device with full internet table and extensive BGP prefixes in a service provider environment and you can even get a crash!.

That is an event driven approach instead of  very frequent polling may be less intensive for network devices.

Of course it requires a lot of job for example with EEM

or more simply expression MIB

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_configuration_example09186a008023267a.shtml

Merry Christmas

Hope to help

Giuseppe

marikakis Sat, 12/26/2009 - 07:45

Very interesting thread. Regarding the Event MIB, I think the following excerpts from the document posted by Giuseppe mean that some internal polling/waiting occurs, instead of an external one:

"event that checks the output value of the first expression every 60 seconds and compares it with a reference. When the reference matches the expression value, a trap is triggered"

"mteTriggerFrequency—This determines the number of seconds to wait between trigger samples.

The minimum value is set with the object mteResourceSampleMinimum (default is 60 seconds), lowering this value increases the CPU usage, so it must be done carefully."

I am also curious about the 'internal' designation in the 'sh ip route sum' output. Can anyone check if it generally seems to coincide with the number of connected routes on the router or the number of loopbacks configured?

Actions

This Discussion