Search This Blog

Thursday, September 11, 2014

Zabbix SNMP Low Level Router Discovery

Using Zabbix SNMP Low Level Discovery to automatically add Cisco Routers, apply Discovery Templates and monitor the devices.
These articles provide additional background on SNMP:
SNMP -- Simple Network Monitoring Protocol for Linux Management Stations
MRTG -- the Multi Router Traffic Grapher
Create the Required Groups

For this model, all of the Discovered routers are Cisco.  Create a Host Group named "Cisco Routers."

Configuring Zabbix Value Mappings

Value Mappings interpret the Values returned by an SNMP query.  The installed SNMP MIB defines a Value List for each relevant OID.  The image below illustrates an snmpwalk for the OSPF MIB's OSPF Area Status OIDs.  Notice the Value List in the lower left.  These values -- and those for other OIDs -- must be mapped in Zabbix prior to importing Template_SNMP_Router_OSPF.  The illustrations below depicts the various Value Mappings that must be configured prior to the OSPF Template import.


Upload the SNMP Discovery Templates

There are three Templates -- on the Zabbix Share -- available at the time of writing:
Template_SNMP_Network_Device_Interfaces
Template_SNMP_Router_Cisco
Template_SNMP_Router_OSPF

Network Device Interfaces Template

This template is generic and will primarily query the IF-MIB tree to develop Interface Item, Trigger and Graph Prototypes.  The Template is valid for any SNMP-compliant networking device -- Layer 1 Hubs, Layer Two and Three Switches and Layer Three Routers.  This article adds Discovery functionality using other Templates and the same may be done for other vendor's equipment.

Cisco SNMP Router Template

This Template will query OIDs under proprietary Cisco MIBs.  This may be problematical for routers running older versions of the Cisco IOS because the SNMP implementations have changed over time.  The Template queries CPU and Memory utilization for recent IOS versions.  It is assumed the Zabbix Server has stock MIBs installed (for instance, the snmp-mibs-downloader MIBs available under Debian Wheezy), but since the Cisco MIBs are proprietary and require additional Zabbix Server SMP configuration, they are queried by numerical OID and not by human-readable text.

OSPF SNMP Router Template

This template is generic and will primarily query the OSPF-MIB tree to develop Item, Trigger and Graph Prototypes.   The Template is valid for any SNMP-compliant OSPF implementation.

Items

Items are single-instance OIDs unique to each device.

Triggers

Triggers use Items and are also derived from single-instance OIDs unique to each device.

Discovery


Discovery is a dynamic and variable process.  Essentially, the Discovery Item queries a single part of the MIB tree using the snmpwalk command.  This query returns a series of Indexes and Values for the MIB tree.  For instance, the snmpwalk query:
$ snmpwalk -v 2c -c public 172.16.0.1 IF-MIB::ifDescr
IF-MIB::ifDescr.1 = STRING: POS3/0
IF-MIB::ifDescr.2 = STRING: POS4/0
IF-MIB::ifDescr.3 = STRING: POS5/0
IF-MIB::ifDescr.4 = STRING: FastEthernet0/0
IF-MIB::ifDescr.5 = STRING: Serial1/0
IF-MIB::ifDescr.6 = STRING: Serial1/1
IF-MIB::ifDescr.7 = STRING: Serial1/2
IF-MIB::ifDescr.8 = STRING: Serial1/3
IF-MIB::ifDescr.9 = STRING: Serial2/0
IF-MIB::ifDescr.10 = STRING: Serial2/1
IF-MIB::ifDescr.11 = STRING: Serial2/2
IF-MIB::ifDescr.12 = STRING: Serial2/3
IF-MIB::ifDescr.13 = STRING: FastEthernet6/0
IF-MIB::ifDescr.14 = STRING: FastEthernet6/1
IF-MIB::ifDescr.15 = STRING: Null0
The format used by Zabbix is
IF-MIB::ifDescr.[INDEX] = STRING: [VALUE]

These INDEX and VALUE returns are passed to Prototypes, which define specific instances.

Item Prototypes



Item Prototypes use the INDEXES and VALUES returned from the Discovery Rule to perform snmpwalk commands on single, specific OID's.  The format of the snmpwalk commands are:
OID.{#SNMPINDEX}
The OID value is specific to each Itemp Prototype definition.

The Key is assigned as a text string to which the [{#SNMPVALUE}] variable is appended.  This Value also passes to the Name using the $1 variable.

Trigger Prototypes



Trigger Prototypes are defined in the same manner as Triggers.  They may use Items or Item Prototypes.

Graph Prototypes

Graph Prototypes are defined in the same manner as Triggers.  They use Item Prototypes.

Discovery Rule(s)

Discovery Rules define the Network Discovery process.  These are covered in this article.

For this Template, define the address range(s) on which routers are found.  There are two checks:
SNMPv2-MIB::sysDescr.0
SNMPv2-MIB::sysName.0
The first, System Description, will return a description that includes general system information, including the manufacturer's name.  The second, System Name, will return (if configured correctly) a unique name assigned to the device.  This unique name is then used to define the Zabbix "Device uniqueness criteria," and will only add the device once, even though it will likely be discovered by several interfaces.

Name

Assign the Name Cisco Routers.

IP Range

Assign as many subnets as necessary to include device IP addresses.  You may subnet these values to search only a portion of the desired subnet.  For instance, if there is a network subnet 10.64.0.0/24 that can accommodate 254 hosts, you may define the Zabbix Discovery IP address range as (for example) 10.64.0.0/28 to only search the lower portion of the subnet's available IP addresses.

Checks

The Checks are used primarily to define device uniqueness (SNMPv2-MIB::sysName.0 as described above) and for passing information to Actions (SNMPv2-MIB::sysDescr.0 as descibed above); Actions are described below.

Device Uniqueness

For a given Discovery Rule, a device -- particularly switches and routers -- may have several interfaces that will show up in Discovery.  Uniqueness definitions assure they will only be added once and that each device has all interfaces encountered by the Discovery Rule included.

Action(s)

Actions instruct Zabbix what to do when an event occurs (Trigger, Discovery, etc.).  For a Network Discovery, the goal is to add and configure each device automatically.  Discovery Prototypes take care of the configuration; Actions take care of adding the device for monitoring.

Action

Create a new Discovery Action named "Cisco Routers."

Conditions


Define Conditions that filter Discovered devices.  Keep in mind interfaces other than Networking Devices may be discovered; we don't want to monitoring these as Cisco Routers.
Received value like Cisco   
Discovery status = Up   
Service type = SNMPv2 agent
The Received value Condition will filter out any device that does not include "Cisco" in the returned Discovery Rules Values (SNMPv2-MIB::sysDescr.0 and SNMPv2-MIB::sysName.0).  The other Conditions are added to make sure we only add UP devices that are responding to SNMP.

Operations


Finally, the device will be added to a Host Group (Cisco Routers) and linked to Templates.
Add to host groups: Cisco Routers
Remove from host groups: Discovered hosts
Link to templates: Template SNMP Network Device Interfaces, Template SNMP Router Cisco, Template SNMP Router OSPF
Linking to Templates assigns the Discovery Rules, etc. that will periodically query and define the device.

Discovered Devices

The Discovery process will not recognize the device's host name and it will be added with the first discovered IP address as the host name.  The host name must be manually modified after Discovery and Actions.

Below is a video that illustrates the Zabbix SNMP LLD Router Discovery process.

Posted by at
Labels: , , ,

1 comment :

  1. Agata BorowskaFebruary 25, 2021 at 1:13 AM

    Bardzo fajnie napisane. Jestem pod wrażeniem i pozdrawiam.

    ReplyDelete

Subscribe to: Post Comments ( Atom )