Home / Monitoring Cisco 3000 VPN Concentrators

Monitoring Cisco 3000 VPN Concentrators

Device Monitoring Templates > Monitoring-Cisco-3000-VPN-Concentrators
 Summary >> What to monitor? >> Related Topics
Summary 
Device Type Object Identifier Mibs
Cisco 3000 Series VPN Concentrators
  • .1.3.6.1.4.1.3076.1.2.1.1.2.1
 
  • .1.3.6.1.4.1.3076.1.2.1.1.1.2


What to Monitor
The VPN Concentrators are used for remote VPN connections and they either use IPSec or SSL for the VPN. VPNCs are also used in environments that need to encrypt LAN or WAN traffic, specially for administrative needs such as encrypting the passwords etc. In the networks where Cisco 3000 Series VPNCs are deployed to deliver these services, administrators have a huge task on hand managing and monitoring the health of the system. Like the other network devices, the VPNCs too need holistic monitoring which includes the hardware resources, the traffic throughput, the number of active sessions and failures if any etc. That said, SNMP does not provide a straight forward OID that can be queried to measure and monitor the throughput. Including the throughput, following are the key resources that mandate monitoring to assure high availability of a VPNC:
Performance of the CPU : A quick Google search confirms that high CPU utilization (often 100%) is a frequent problem with this device type. If the number of active connections does not explain the high cpu utilization, you may need to check the other factors using up the resource. It is possible that the number of users connected at a time far exceeds the threshold. Again, the routing functions also take up a huge share of the CPU. It might also help to check with the vendor if there are any 'known' issues with the particular model and if there is a fix. A high CPU renders the system inaccessible and makes it useless. Setting up a meaningful threshold on the system and watching for a pattern if there is deep surge in the resource utilization, helps avert potential problems.
Active Sessions Count: Active Sessions Count is the number of active HTTP connections on the Cisco VPN Concentrator.
Temperature: The Route Processor divides its processor memory into 6 pools with each pool comprising of many memory blocks of equal size. These memory blocks are called buffers. The buffers are used for handling traffic landing on the router or when packets are being switched. When a requested buffer is not available, a 'buffer failure' is detected and the buffer pool manager process tries creating new buffer to avert further failures. Insufficient memory limits creating of new buffers. So buffers are crucial resources to be monitored on a router, especially the number of failures and buffer-create failures due ti inadequate memory. A consistent failure of buffers requires tuning.



  • Tunnel Throughput : As mentioned earlier, SNMP does not provide a direct means to measure the throughput. You can query the incoming or the out going traffic at two consequetive points and the delta difference can be treated as a 'benchmark' or similar to a 'payload'. Here is a nice post, particularly useful for arriving at the throughput. 

  • Bandwidth Utilization: The percentage of network bandwidth used by the traffic coming into and going out of the network needs monitoring. If there is a consistent increase in the bandwidth utilized by the Rx Traffic (incoming) or the Tx Traffic(out-going), errors and discards occur leading to data loss.
       
    Monitor SNMP OID Details Additional Resources

    CPU Monitors
    CPU Usage (5 mins average)

    .1.3.6.1.4.1.9.2.1.58.0

     

    This variable returns the 5 minute 'exponentially-decayed moving average' of the CPU busy percentage. Which means that it is an averaging model that gives higest weight to the latest data points and also eliminates the transcient wild spikes in the last 5 minutes


    		 Collecting CPU Utilization data
    CPU Usage (1 min average) .1.3.6.1.4.1.9.2.1.57

    This variable returns the1 minute 'exponentially-decayed moving average' of the CPU busy percentage. Which means that it is an averaging model that gives higest weight to the latest data points and also eliminates the transcient wild spikes in the last minute.

     
    CPU Usage (1 sec) .1.3.6.1.4.1.15497.1.1.1.2.0

    It is the CPU busy percentage in the last 5 second period. Not the last 5 realtime seconds but the last 5 second period in the scheduler. Note that the utilization bits 99 % when continuously polled at one-second
    intervals, an overkill.

     

    Memory Monitors
    Memory Utilization

    .1.3.6.1.4.1.9.9.48.1.1.1.5.1*100)/
    (.1.3.6.1.4.1.9.9.48.1.1.1.5.1)+ (.1.3.6.1.4.1.9.9.48.1.1.1.6.1)

    		It is the percentage of memory used from the total memory available on the router. The expression used here is : (Memory used X 100)/(Memory used + Free Memory).  

    Traffic Monitors
    Throughput

    Wikepedia definition : Average rate of successful message delivery over a communication channel. These data may be delivered over a physical or logical link, or pass through a certain network node.

    Measuring Throughput: http://en.wikipedia.org/wiki/Measuring_network_throughput

    Difference between Bandwidth and Throughput: http://www.ipbalance.com/traffic-analysis/traffic-analysis-general/239-internet-speed-issue-throughput-vs-bandwidth.html
    Rx Traffic .1.3.6.1.2.1.2.2.1.10

    Rx Utilization is the percentage of the network bandwidth currently used by the received traffic on the network. A consistent high utilization indicates bottlenecks in the network and needs further troubleshooting.

    		 
    Tx Traffic .1.3.6.1.2.1.2.2.1.16

    Tx utilization is the percentage of the network bandwidth used up by the transmitted traffic. Again, a high utilization indicates network performance bottlenecks. Indepth traffic analysis using the Netflow module helps identify and free-up the bandwidth quickly.

    		  
    Rx/Tx Errors

    Rx- .1.3.6.1.2.1.2.2.1.14

    Tx - .1.3.6.1.2.1.2.2.1.20

    The number of inbound packets (Rx) or out-bound packets (Tx) containing errors, preventing them from being delivered to the next layer protocol.

    		 

    Other Monitors
    Active Session Count

    .1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40.6

    (implemented in Cisco Firewall Mib)

    There are 6 models in this series and each model supports somewhere between 50 and 500 simultaneous sessions. Check the Cisco documentation for the details.

    Monitoring this variable gives a count of the currently open sessions. You might want to restrict the max connections at a given time to some number. Watching this count helps you take action when the session count exceeds a certain number.

    		 
    Temperature

    .1.3.6.1.4.1.15497.1.1.1.9.1.2

    (implemented in the IronPort Mib)

     

    According to Cisco, here is the temperature range:

    • Operating temperature: 32o F to 131o F (0 to 55oC)
    • Non-operating temperature: 4o to 176°F (-40 to 70°C)

    This temperature monitor on the devices shows the temperature in Celcius.

    		  


    Related Topics

     

     

     

    		•

      Post a comment

      Your Name or E-mail ID (mandatory)

       

      Note: Your comment will be published after approval of the owner.



      		 RSS of this page