SNMP Interface Index Persistence

The premiere source of truth powering network automation. Open and extensible, trusted by thousands.

NetBox is now available as a managed cloud solution! Stop worrying about your tooling and get back to building networks.

By stretch | Thursday, April 22, 2010 at 2:09 a.m. UTC

A reader who wishes to remain anonymous recently suggested a post on an IOS feature known as SNMP interface index persistence.

Network monitoring systems like MRTG or Cacti use SNMP polling to record throughput and other statistics of various interfaces. Each interface is referenced by its unique index number as assigned by IOS. The index of each interface can be determined with the command show snmp mib ifmib ifindex:

Router# show snmp mib ifmib ifindex detail
Description                     ifIndex  Active  Persistent 
----------------------------------------------------------------

FastEthernet0/0                  1      yes      disabled  
Null0                            4      yes      disabled  
VoIP-Null0                       3      yes      disabled  
FastEthernet0/1                  2      yes      disabled

There is a problem lurking here, however. By default, interface indexes are assigned dynamically at boot time. Observe what happens when a new WIC is installed and the router is reloaded:

Router# show snmp mib ifmib ifindex detail
Description                     ifIndex  Active  Persistent 
----------------------------------------------------------------

FastEthernet0/0                  1      yes      disabled  
Null0                            5      yes      disabled  
Serial0/0                        2      yes      disabled
VoIP-Null0                       4      yes      disabled  
Async1                           6      no       disabled  
FastEthernet0/1                  3      yes      disabled

Serial0/0 was assigned the interface index 2 this time, forcing a new number for FastEthernet0/1 and the remaining interfaces. This behavior can very easily break network monitoring systems, as the interface indexes they request can be dynamically assigned to different interfaces during a reboot.

This is where SNMP interface index persistence can help. The feature is enabled globally:

Router(config)# snmp-server ifindex persist

Now when the running configuration is saved to NVRAM, the table of current interface index assignments is also recorded:

Router# dir nvram:
Directory of nvram:/

  124  -rw-         953                    <no date>  startup-config
  125  ----          46                    <no date>  private-config
    1  -rw-         180                    <no date>  ifIndex-table

If we remove the WIC and reload our router to restore it to its original state, enable interface index persistence, and then reinsert the WIC and reload the router, we can see that our interface index for FastEthernet0/1 is now preserved across the reboot:

Router# show snmp mib ifmib ifindex detail
Description                     ifIndex  Active  Persistent 
----------------------------------------------------------------

FastEthernet0/0                  1      yes      enabled   
Null0                            4      yes      enabled   
Serial0/0                        5      yes      enabled   
VoIP-Null0                       3      yes      enabled   
Async1                           6      no       enabled   
FastEthernet0/1                  2      yes      enabled

Posted in Configuration Management

Comments

Marco Rizzi
April 22, 2010 at 7:49 a.m. UTC

Yeah, good one.

@ my workplace there is a special "trap" if you forget to put ifindex persist on a L3 interface: one of the big bosses that stay all day watching mrtg graphs will complain via e-mail (not immediatly, but after a couple of days) with something that sounds like "still unsolved network issues for building xy, the graphs are empty, any advice?"

:-) :-D

Marco

froztbyte
April 22, 2010 at 8:36 a.m. UTC

Just yesterday I was going on about this on the Linux side of things when someone pointed out this feature of IOS. Quite nifty. Now if only I wouldn't have to write my own method for this for snmpd at the moment..

Adrian
April 22, 2010 at 9:04 a.m. UTC

Hi,

Do you know if this is possible with virtual-access interfaces too ?

oruma
April 22, 2010 at 11:56 a.m. UTC

thanks to your lesson~^^

amcneal
April 22, 2010 at 12:41 p.m. UTC

One word of caution if you are polling statistics on policy-maps. The snmp oid used to poll the statistics will change at reboot every time, regardless of the "snmp-server ifindex persist" command.

nola
April 22, 2010 at 12:43 p.m. UTC

Any way to put ingress/egress ACL's on SNMP traffic?

gradgrind
April 22, 2010 at 2:35 p.m. UTC

@nola..

I'm not sure about ingress/egress, however you can put an ACL on the snmp community string pretty easily..

eg.

snmp-server community BLABLA RO 10

where 10 is your ACL.

stretch
April 22, 2010 at 5:29 p.m. UTC

One can also apply access lists to the control plane.

David
April 24, 2010 at 12:41 p.m. UTC

Regarding polling statistics on policy-maps. At least for Cacti, theres the possibility of using its PHP Script Server (or an input method that uses indexes) and use the policy-maps custom name as an index instead of the OID index. Since a policy-maps name is pretty static (unless you remove it and re-add it with a new name) its a very safe method. It takes a little more checks to use, you do have to link the name to the oid, but in the script.

ravidn22
March 12, 2012 at 1:57 p.m. UTC

Thank you :). It was easy to understand the purpose ifindex.

A guest
May 16, 2014 at 3:55 a.m. UTC

So good, thanks author so much.

Comments have closed for this article due to its age.