Here I am, back from summer vacation, ready to update my little blog again!
I would like to talk about another Cisco SNMP MIB…
Starting from release 12.4(20)T IOS offers a powerful tool to manage and monitor enterprise class products performances: SNMP CEF MIB.
CISCO-CEF-MIB is available for large scale Service Provider releases too, such as 12.2(33)SB, but 12.4(20)T is the first release to make it available on low and mid-range products.
The CEF-MIB is quite big and covers a lot of topics about CEF configuration, monitoring and managing; in this topic I will talk about a little, specific branch of this MIB, about stats collection, and how to use it for routers performances monitoring.
As you can see from the Cisco SNMP Object Navigator there are many tables describing CEF: FIB, prefixes, Adjacencies and stats.
In this post I focus on the switching stats table: cefSwitchingStatsTable.
Switching stats table
This table offers statistics related to packets dropping and punting. The CLI command show ip cef switching statistics gives the same view about these stats.
As you know, while packets dropping is not a resource intensive process, packets punting may lead to a huge CPU load, because punted packets need to be switched with a less fast switching method, such as process switching.
cefSwitchingStatsTable ---------------------- # snmpwalk -v 2c -c public -m ALL 192.168.0.8 .184.108.40.206.220.127.116.11.418.104.22.168 CISCO-CEF-MIB::cefSwitchingPath.9.1.1 = STRING: RP RIB CISCO-CEF-MIB::cefSwitchingPath.9.1.2 = STRING: RP LES CISCO-CEF-MIB::cefSwitchingPath.9.1.3 = STRING: RP PAS CISCO-CEF-MIB::cefSwitchingPath.9.2.1 = STRING: RP LES CISCO-CEF-MIB::cefSwitchingDrop.9.1.1 = Counter32: 0 packets CISCO-CEF-MIB::cefSwitchingDrop.9.1.2 = Counter32: 0 packets CISCO-CEF-MIB::cefSwitchingDrop.9.1.3 = Counter32: 3265 packets CISCO-CEF-MIB::cefSwitchingDrop.9.2.1 = Counter32: 0 packets CISCO-CEF-MIB::cefSwitchingPunt.9.1.1 = Counter32: 0 packets CISCO-CEF-MIB::cefSwitchingPunt.9.1.2 = Counter32: 3505 packets CISCO-CEF-MIB::cefSwitchingPunt.9.1.3 = Counter32: 3506 packets CISCO-CEF-MIB::cefSwitchingPunt.9.2.1 = Counter32: 0 packets CISCO-CEF-MIB::cefSwitchingPunt2Host.9.1.1 = Counter32: 0 packets CISCO-CEF-MIB::cefSwitchingPunt2Host.9.1.2 = Counter32: 0 packets CISCO-CEF-MIB::cefSwitchingPunt2Host.9.1.3 = Counter32: 8 packets CISCO-CEF-MIB::cefSwitchingPunt2Host.9.2.1 = Counter32: 0 packets
The table presents an index composed by three elements: entPhysicalIndex, cefFIBIpVersion and cefSwitchingIndex.
The first, entPhysicalIndex, is the value of the entPhysicalTable‘s index (.iso.org.dod.internet.mgmt.mib-2.entityMIB.entityMIBObjects.entityPhysical.entPhysicalTable); it describes the CEF-enabled hardware module the stats refer to.
[...].entPhysicalTable.entPhysicalEntry.entPhysicalDescr.9 = Cisco 7200VXR Network Processing Engine NPE-400 [...].entPhysicalTable.entPhysicalEntry.entPhysicalClass.9 = module [...].entPhysicalTable.entPhysicalEntry.entPhysicalName.9 = NPE400 0
The second element, cefFIBIpVersion, of type CefIpVersion (see CISCO-CEF-TC MIB), describes the IP protocol: IPv4 (1) or IPv6 (2).
The third, cefSwitchingIndex, is the local identifier: indeed, you may have more switching paths for each module/IP-version.
Switching paths are platform dependent and may be RIB (process switching with CEF assistance), LES (low-end switching CEF), PAS (CEF turbo switch path)… you can find a more comprehensive list on the Cisco Command Lookup Tool, looking for show ip cef switching statistics command.
Why to use CEF monitoring?
To monitor punted packets value, for example by using a SNMP-enabled NMS, may be useful to get an overview about routers and network performances and health, and to lower response time and MTTR in case of degradation. A fast increase on punted packets may be a sign of DOS attacks against routers, or if you have a total packets over punted packets disproportion maybe you have to revise your network design, offloading some work to other routers.
Cisco.com: Cisco Express Forwarding (CEF)
Latest posts by Pier Carlo Chiodi (see all)
- RIPE Atlas Tracepath v0.3.0 - 4 September 2015
- Certificate Transparency: manually verify SCT with openssl - 29 April 2015
- SHA-1 sunset: valid SHA-2 chains treated as insecure - 11 April 2015