From: Mike C. <mco...@ma...> - 2006-10-23 13:06:31
|
Chris & Bill, Thanks for the replies. I absolutely will try both. In fact I've already tried the collectd-configuration.xml change and it doesn't seem to have helped. In fact I'm not collecting any SNMP data now so maybe I have to rediscover my nodes. I tried letting the natural rescan work as well as manually rescanning but neither method helped. Maybe I also have to update my capsd and poller configurations? If I may - since I'm going to start a "Best Practices" section on the ONMS WIKI - using ACL's on the router/switch is fine from a security standpoint and may well solve this issue BUT I'm always trying to ensure that traffic that enters my network is supposed to be on my network. So in that vein of thought even though I can control ONMS with ACL's shouldn't ONMS be in control of itself. I agree with having ACL's, I just don't agree with why I need them. In thinking about this issue throughout the weekend I seems to me that if you are relying on ONMS to auto-discover what's on your network then we need ONMS in its current state. Unfortunately as networks get more complex and more accurate data collection is needed for many different reasons I think we need more control over how ONMS collects its data and what/how it should be looking at interfaces. To me it would be very simple to add a new parameter to the snmp-config.xml file that would allow an administrator to specify the primary SNMP collection interface IP. This would force ONMS to perform SNMP collection on that interface and make ONMS not try to calculate the primary interface. (I'm just starting to get into the code so I will be working on this shortly.) Any thoughts? -- Mike Coakley Managed Business http://www.managedbusiness.com http://my.managedbusiness.com Voice - 973-252-0770 x2100 Fax - 973-252-1797 > From: Chris Phillips <chr...@un...> > Reply-To: General OpenNMS Discussion <ope...@li...> > Date: Sun, 22 Oct 2006 11:33:26 +0100 > To: General OpenNMS Discussion <ope...@li...> > Subject: Re: [opennms-discuss] Manipulation of SNMP Primary Interface > > > Alternatively, what about a simple ACL on the hsrp ip addresses, so that > snmp is only accessible via the static addresses? just housekeeping on > the ios side and OpenNMS never has to care about it. > > -Chris > > On Sat, 2006-10-21 at 16:13 -0700, bill ayres wrote: >> Mike, >> >> You can control what interfaces are primary by customizing >> collectd-configuration.xml, which can have multiple packages if >> needed. >> It seems like this should address your concerns. Just leave out the >> x.x.x.1 addresses to avoid the HSRP interfaces, and/or omit any >> addresses lower >> than your maintenance interface addresses for those devices. >> >> --Bill-- >> >> On 10/21/06, Mike Coakley <mco...@ma...> wrote: >> Everyone, >> >> I know I can manipulate the primary interface of an SNMP >> interface via >> direct access to the database. I'm also sure that I could >> write an automated >> routine to keep stuff the way I want them even after capsd >> runs. I'm >> wondering if anyone else has dealt with this in the past, if >> so, how? >> >> The reason I would like to do this is because ONMS always >> picks the lowest >> IP interface as the primary interface. This, on my network at >> least, is not >> generally the best interface. Two primary cases: >> >> Redundant Interfaces - Using Cisco HSRP the interface IP is >> x.x.x.1 - this >> IP will be present on the active HSRP node in the HSRP group. >> Group memebers >> typically have IP addresses on x.x.x.2, x.x.x.3 and so on. So >> SNMP data >> collection SHOULD be coming from the physical address (i.e. >> x.x.x.2, x.x.x.3 >> and so on) not the HSRP IP address of x.x.x.1. This IP will >> move around from >> node to node in outage or maintenance situations and capsd >> could rewrite the >> node information improperly. >> >> Maintenance Interface - another more prevalent reason I want >> to be able to >> dictate the SNMP primary interface is to specify the >> maintenance interfaces >> on my systems as the SNMP primary interface. (A) this keeps >> management/maintenance traffic out of band from the normal >> data traffic >> (i.e. It makes QoS rules easier to manage and numerous other >> reasons). (B) >> Normally I can get to the maintenance interface in periods of >> congestion >> which would mean that SNMP could be more accurately collected >> and therefore >> give me more accurate diagnostic information. >> >> SO - has anyone thought along these lines and/or implemented >> something like >> this. >> >> Thanks, >> >> -- >> Mike Coakley >> Managed Business >> http://www.managedbusiness.com >> http://my.managedbusiness.com >> Voice - 973-252-0770 x2100 >> Fax - 973-252-1797 >> >> >> >> >> >> ------------------------------------------------------------------------- >> Using Tomcat but need to do more? Need to support web >> services, security? >> Get stuff done quickly with pre-integrated technology to make >> your job easier >> Download IBM WebSphere Application Server v.1.0.1 based on >> Apache Geronimo >> >> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 >> _______________________________________________ >> Please read the OpenNMS Mailing List FAQ: >> http://www.opennms.org/index.php/Mailing_List_FAQ >> >> opennms-discuss mailing list >> >> To *unsubscribe* or change your subscription options, see the >> bottom of this page: >> https://lists.sourceforge.net/lists/listinfo/opennms-discuss >> >> ------------------------------------------------------------------------- >> Using Tomcat but need to do more? Need to support web services, security? >> Get stuff done quickly with pre-integrated technology to make your job easier >> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo >> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 >> _______________________________________________ Please read the OpenNMS >> Mailing List FAQ: http://www.opennms.org/index.php/Mailing_List_FAQ >> opennms-discuss mailing list To *unsubscribe* or change your subscription >> options, see the bottom of this page: >> https://lists.sourceforge.net/lists/listinfo/opennms-discuss > > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > Please read the OpenNMS Mailing List FAQ: > http://www.opennms.org/index.php/Mailing_List_FAQ > > opennms-discuss mailing list > > To *unsubscribe* or change your subscription options, see the bottom of this > page: > https://lists.sourceforge.net/lists/listinfo/opennms-discuss |