Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
23542
Views
0
Helpful
4
Replies

SNMP vs ICMP For Monitoring

mfarrenkopf
Level 1
Level 1

‎12-29-2011 09:43 AM

We're using a layer 3 routed access model.  In our monitoring systems, we typically use ICMP to ping the access layer end of the /30 link.  It's simple, it works, but I'm just wondering if anyone has any opinions on whether it is better to do a ping or to query the status of the uplink interface via SNMP.  Our system polls once a minute, so for each device we're typically looking at two SNMP queries or two pings per minute.  Once an hour the system checks for ifindex updates.

I can see advantages and disadvantages either way.  My inclination would be to make it all SNMP-based.  But I'd be interested in opinions for or against.

Labels:
0 Helpful
4 Replies 4

mvsheik123
Level 7
Level 7

‎12-29-2011 09:57 AM

Hello,

It really depends on how much info/alerts you want to receive about the device. I presonally prefer SNMP for all the devices that we manage than simply ICMP. ICMP just tells you whether the IP is up/down but with SNMP, you get more than that.

hth

MS

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-29-2011 10:15 AM

For simple availability, ICMP is usually effectively as good an indicator as SNMP (over UDP). Lots of folks use simple tools like Nagios or homegrown scripts to do just that quite successfully.

It's only in a more full-featured situation where one might be able to better leverage the wealth of information provided by SNMP queries - such as is done in LMS's Fault tools. Many vendors have done lots of work on correlation rules and such to do that.

Generally your tool choice will drive which approach is used.

0 Helpful

mfarrenkopf
Level 1
Level 1
In response to Marvin Rhoads

‎12-29-2011 10:39 AM

And you hit it -- I created an instance of Nagios to monitor our network.  I was originally using ICMP, but I'm having second thoughts.

One of the advantages of SNMP is you can report back the status of the port -- is it up, is it down, is it admin down.  The disadvantage is if the port gets changed for whatever reason, now you have to go and change the monitoring.  But if you test by IP address, it's good either way.

But if you test by IP address and someone else has duplicated it elsewhere in the network (never happens, right??), then if the uplink port goes down, you don't know it.

So I'm just looking for how others feel about this value judgment.  As I mentioned, I'm leaning toward converting everything to SNMP ifOperStatus/ifAdminStatus queries.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to mfarrenkopf

‎12-29-2011 12:04 PM

One can argue the theoretical advantages back and forth from either side.

You certainly make a good point that knowing 'admin down'  status is more useful than a simple failure to reply to ping. I've seen people play with ping timing to reduce false positives that can be generated on long distance and/or heavilty used links that may drop ICMP packets more regualarly than one would like. I've also seen a script using tcping work quite nicely as well.

OTOH in the case of the port being a routed port and the distant end of your /30 you won't be able to reach it either way. :-p

If you have tools in place that can just as easily use an SNMP query instead of a ping check that would be my preference.

0 Helpful
Customers Also Viewed These Support Documents