nv-l

RE: [nv-l] SNMP monitoring anomaly

2004-06-23 13:19:01
Subject: RE: [nv-l] SNMP monitoring anomaly
From: "Evans, Bill" <Bill.Evans AT hq.doe DOT gov>
To: "'nv-l AT lists.us.ibm DOT com'" <nv-l AT lists.us.ibm DOT com>
Date: Wed, 23 Jun 2004 13:07:47 -0400

NV 7.1.3.0 on Solaris 2.8.  Yes, I'm a bit behind.

Our system has a number of firewalls which will only respond to a ping on the NetView facing interface.  I do have ACLs set which will allow the NetView machine to manage the firewalls using SNMP.  The boxes in question are mostly Cisco PIX and Cisco VPN 3000 plus a couple Nokia boxes supplied by a services vendor.  Regardless they all behave the same. 

The netmon.seed file is set for monitoring on all our core routers and the firewalls using SNMP.  The routers will allow ICMP to query all interfaces but firewalls will allow ICMP only to inward facing interfaces. 

The problem which has occurred a couple times is that NetView seems to forget it's supposed to use SNMP on the firewalls.  The symptoms:

·       I can browse the boxes using SNMP
·       Demand poll displays the Admin/Op status of the interfaces
·       NetView will only show the inward facing interfaces for firewalls as normal and all outward facing interfaces as down.

·       Quick Test will not find the true state of the outward facing interfaces on the firewalls.
·       The routers show no changes in behavior.
·       Functional operation of the firewalls continued without interruption.

In the heat of the incident last evening I tried to restart NetView (shutdown the X-console and issue OVSTOP then OVSTART and netview -dconsole) and see if it helped.  It did not.  I acknowledged the outward facing interfaces and planned to investigate further this morning. 

The event log shows that normal SNMP monitoring of the firewalls resumed about five minutes after I went home.  This was about twenty minutes after restarting NetView and ten minutes after acknowledging the interfaces.

Can anyone propose an explanation of what happened?  Is there a patch addressing anything like this?  Anyone else experienced it?  Could this similar to the November 2000 problem in the archives where SNMP timeouts may have caused different community names to be tried? 

As the King said to Anna, "Is a puzzlement!"

Bill Evans

Tivoli NetView Support for DOE

<Prev in Thread] Current Thread [Next in Thread>