SNMP Interface Index Persistence
By stretch | Thursday, April 22, 2010 at 2:09 a.m. UTC
A reader who wishes to remain anonymous recently suggested a post on an IOS feature known as SNMP interface index persistence.
Network monitoring systems like MRTG or Cacti use SNMP polling to record throughput and other statistics of various interfaces. Each interface is referenced by its unique index number as assigned by IOS. The index of each interface can be determined with the command show snmp mib ifmib ifindex
:
Router# show snmp mib ifmib ifindex detail Description ifIndex Active Persistent ---------------------------------------------------------------- FastEthernet0/0 1 yes disabled Null0 4 yes disabled VoIP-Null0 3 yes disabled FastEthernet0/1 2 yes disabled
There is a problem lurking here, however. By default, interface indexes are assigned dynamically at boot time. Observe what happens when a new WIC is installed and the router is reloaded:
Router# show snmp mib ifmib ifindex detail Description ifIndex Active Persistent ---------------------------------------------------------------- FastEthernet0/0 1 yes disabled Null0 5 yes disabled Serial0/0 2 yes disabled VoIP-Null0 4 yes disabled Async1 6 no disabled FastEthernet0/1 3 yes disabledSerial0/0 was assigned the interface index 2 this time, forcing a new number for FastEthernet0/1 and the remaining interfaces. This behavior can very easily break network monitoring systems, as the interface indexes they request can be dynamically assigned to different interfaces during a reboot.
This is where SNMP interface index persistence can help. The feature is enabled globally:
Router(config)# snmp-server ifindex persist
Now when the running configuration is saved to NVRAM, the table of current interface index assignments is also recorded:
Router# dir nvram: Directory of nvram:/ 124 -rw- 953 <no date> startup-config 125 ---- 46 <no date> private-config 1 -rw- 180 <no date> ifIndex-table
If we remove the WIC and reload our router to restore it to its original state, enable interface index persistence, and then reinsert the WIC and reload the router, we can see that our interface index for FastEthernet0/1 is now preserved across the reboot:
Router# show snmp mib ifmib ifindex detail Description ifIndex Active Persistent ---------------------------------------------------------------- FastEthernet0/0 1 yes enabled Null0 4 yes enabled Serial0/0 5 yes enabled VoIP-Null0 3 yes enabled Async1 6 no enabled FastEthernet0/1 2 yes enabled
Posted in Configuration Management
Comments
April 22, 2010 at 7:49 a.m. UTC
Yeah, good one.
@ my workplace there is a special "trap" if you forget to put ifindex persist on a L3 interface: one of the big bosses that stay all day watching mrtg graphs will complain via e-mail (not immediatly, but after a couple of days) with something that sounds like "still unsolved network issues for building xy, the graphs are empty, any advice?"
:-) :-D
Marco
April 22, 2010 at 8:36 a.m. UTC
Just yesterday I was going on about this on the Linux side of things when someone pointed out this feature of IOS. Quite nifty. Now if only I wouldn't have to write my own method for this for snmpd at the moment..
April 22, 2010 at 9:04 a.m. UTC
Hi,
Do you know if this is possible with virtual-access interfaces too ?
April 22, 2010 at 11:56 a.m. UTC
thanks to your lesson~^^
April 22, 2010 at 12:41 p.m. UTC
One word of caution if you are polling statistics on policy-maps. The snmp oid used to poll the statistics will change at reboot every time, regardless of the "snmp-server ifindex persist" command.
April 22, 2010 at 12:43 p.m. UTC
Any way to put ingress/egress ACL's on SNMP traffic?
April 22, 2010 at 2:35 p.m. UTC
@nola..
I'm not sure about ingress/egress, however you can put an ACL on the snmp community string pretty easily..
eg.
snmp-server community BLABLA RO 10
where 10 is your ACL.
April 22, 2010 at 5:29 p.m. UTC
One can also apply access lists to the control plane.
April 24, 2010 at 12:41 p.m. UTC
Regarding polling statistics on policy-maps. At least for Cacti, theres the possibility of using its PHP Script Server (or an input method that uses indexes) and use the policy-maps custom name as an index instead of the OID index. Since a policy-maps name is pretty static (unless you remove it and re-add it with a new name) its a very safe method. It takes a little more checks to use, you do have to link the name to the oid, but in the script.
March 12, 2012 at 1:57 p.m. UTC
Thank you :). It was easy to understand the purpose ifindex.
May 16, 2014 at 3:55 a.m. UTC
So good, thanks author so much.