|
|
Does cisco 1921 router support site to site VPNs using IPSec?
|
|
Smokeping_probes_CiscoRTTMonEchoICMP(3) SmokePing Smokeping_probes_CiscoRTTMonEchoICMP(3) NAME
Smokeping::probes::CiscoRTTMonEchoICMP - Probe for SmokePing SYNOPSIS
*** Probes *** +CiscoRTTMonEchoICMP forks = 5 offset = 50% step = 300 timeout = 15 # The following variables can be overridden in each target section ioshost = RTTcommunity@Myrouter.foobar.com.au # mandatory iosint = 10.33.22.11 packetsize = 56 pings = 5 timeout = 15 tos = 160 vrf = INTERNET # [...] *** Targets *** probe = CiscoRTTMonEchoICMP # if this should be the default probe # [...] + mytarget # probe = CiscoRTTMonEchoICMP # if the default probe is something else host = my.host ioshost = RTTcommunity@Myrouter.foobar.com.au # mandatory iosint = 10.33.22.11 packetsize = 56 pings = 5 timeout = 15 tos = 160 vrf = INTERNET DESCRIPTION
A probe for smokeping, which uses the ciscoRttMon MIB functionality ("Service Assurance Agent", "SAA") of Cisco IOS to measure ICMP echo ("ping") roundtrip times between a Cisco router and any IP address. VARIABLES
Supported probe-specific variables: forks Run this many concurrent processes at maximum Example value: 5 Default value: 5 offset If you run many probes concurrently you may want to prevent them from hitting your network all at the same time. Using the probe- specific offset parameter you can change the point in time when each probe will be run. Offset is specified in % of total interval, or alternatively as 'random', and the offset from the 'General' section is used if nothing is specified here. Note that this does NOT influence the rrds itself, it is just a matter of when data acqusition is initiated. (This variable is only applicable if the variable 'concurrentprobes' is set in the 'General' section.) Example value: 50% step Duration of the base interval that this probe should use, if different from the one specified in the 'Database' section. Note that the step in the RRD files is fixed when they are originally generated, and if you change the step parameter afterwards, you'll have to delete the old RRD files or somehow convert them. (This variable is only applicable if the variable 'concurrentprobes' is set in the 'General' section.) Example value: 300 timeout How long a single 'ping' takes at maximum Example value: 15 Default value: 5 Supported target-specific variables: ioshost The (mandatory) ioshost parameter specifies the Cisco router, which will execute the pings, as well as the SNMP community string on the router. Example value: RTTcommunity@Myrouter.foobar.com.au This setting is mandatory. iosint The (optional) iosint parameter is the source address for the pings sent. This should be one of the active (!) IP addresses of the router to get results. IOS looks up the target host address in the forwarding table and then uses the interface(s) listed there to send the ping packets. By default IOS uses the (primary) IP address on the sending interface as source address for a ping. The RTTMon MIB versions before IOS 12.0(3)T didn't support this parameter. Example value: 10.33.22.11 packetsize The packetsize parameter lets you configure the packetsize for the pings sent. The minimum is 8, the maximum 16392. Use the same number as with fping, if you want the same packet sizes being used on the network. Default value: 56 pings How many pings should be sent to each target, if different from the global value specified in the Database section. Note that the number of pings in the RRD files is fixed when they are originally generated, and if you change this parameter afterwards, you'll have to delete the old RRD files or somehow convert them. Example value: 5 timeout How long a single RTTMonEcho ICMP 'ping' take at maximum plus 10 seconds to spare. Since we control our own timeout the only purpose of this is to not have us killed by the ping method from basefork. Example value: 15 Default value: 15 tos The (optional) tos parameter specifies the value of the ToS byte in the IP header of the pings. Multiply DSCP values times 4 and Precedence values times 32 to calculate the ToS values to configure, e.g. ToS 160 corresponds to a DSCP value 40 and a Precedence value of 5. The RTTMon MIB versions before IOS 12.0(3)T didn't support this parameter. Example value: 160 Default value: 0 vrf The the VPN name in which the RTT operation will be used. For regular RTT operation this field should not be configured. The agent will use this field to identify the VPN routing Table for this operation. Example value: INTERNET AUTHORS
Joerg.Kummer at Roche.com NOTES
IOS VERSIONS It is highly recommended to use this probe with routers running IOS 12.0(3)T or higher and to test it on less critical routers first. I managed to crash a router with 12.0(9) quite consistently ( in IOS lingo 12.0(9) is older code than 12.0(3)T ). I did not observe crashes on higher IOS releases, but messages on the router like the one below, when multiple processes concurrently accessed the same router (this case was IOS 12.1(12b) ): Aug 20 07:30:14: %RTT-3-SemaphoreBadUnlock: %RTR: Attempt to unlock semaphore by wrong RTR process 70, locked by 78 Aug 20 07:35:15: %RTT-3-SemaphoreInUse: %RTR: Could not obtain a lock for RTR. Process 80 INSTALLATION To install this probe copy ciscoRttMonMIB.pm files to ($SMOKEPINGINSTALLDIR)/lib/Smokeping and CiscoRTTMonEchoICMP.pm to ($SMOKEPINGINSTALLDIR)/lib/Smokeping/probes. V0.97 or higher of Simon Leinen's SNMP_Session.pm is required. The router(s) must be configured to allow read/write SNMP access. Sufficient is: snmp-server community RTTCommunity RW If you want to be a bit more restrictive with SNMP write access to the router, then consider configuring something like this access-list 2 permit 10.37.3.5 snmp-server view RttMon ciscoRttMonMIB included snmp-server community RTTCommunity view RttMon RW 2 The above configuration grants SNMP read-write only to 10.37.3.5 (the smokeping host) and only to the ciscoRttMon MIB tree. The probe does not need access to SNMP variables outside the RttMon tree. BUGS
The probe sends unnecessary pings, i.e. more than configured in the "pings" variable, because the RTTMon MIB only allows to set a total time for all pings in one measurement run (one "life"). Currently the probe sets the life duration to "pings"*5+3 seconds (5 secs is the ping timeout value hardcoded into this probe). SEE ALSO
<http://oss.oetiker.ch/smokeping/> <http://www.switch.ch/misc/leinen/snmp/perl/> The best source for background info on SAA is Cisco's documentation on <http://www.cisco.com> and the CISCO-RTTMON-MIB documentation, which is available at: ftp://ftp.cisco.com/pub/mibs/v2/CISCO-RTTMON-MIB.my <ftp://ftp.cisco.com/pub/mibs/v2/CISCO-RTTMON-MIB.my> 2.6.8 2013-03-17 Smokeping_probes_CiscoRTTMonEchoICMP(3)
