Re: Backbone Monitoring Tools

["Alexei Roudnev" <alex () relcom net>]

Snmpstat was esigned for ISP in Russia, and is used actively by a few ISP. I
modified it for enterprise here in USA and use for entyerprise monitoring as
well. It if _fixed parameter system_ so it imonitors just
routeres/switches/firewalls for a limited set of parameters (interfaes and
ports) but do it very well and have very useful compactt view, tickets,
sopund alerts for opertators, etc.

It uses simple config file which can be easily generated or can be modified
by the web. I use it (Poll.conf file) as a primary documentation (saving it
into CVS on each change). We are using snmpstat in combination with cricket
or mtg (which monitors parameters not covered by snmpstat), and combine it
with CCR - cisco configuration repository (track cisco config changes),
ProBIND2 (control all DNS'es around), acid (snort viewer), inventory
database (shows hardware in the racks), alert aliasing system (just set of
aliases + archive for alerts, warnings and so on), osiris (control server's
changes), and few other tools (you can see short description on the snmpstat
page).

It is not (yes; I have it in TODO but did not had demand so it was not
completed) packed as 'rpm' or well auto-configured (but the only problem we
hais usually _fix small inconsistancy in include files of embeddded snmp
package), but is very fast (we monitor 1,000 - 2,000 interfaces without any
visible impact on our FreeBSD servers) and relatively simple.




----- Original Message ----- 
From: "Jim Trocki" <trockij () arctic org>
To: "Alexei Roudnev" <alex () relcom net>
Cc: "Ray Burkholder" <ray () oneunified net>; "'Ashe Canvar'"
<acanvar () gmail com>; <nanog () nanog org>
Sent: Wednesday, March 29, 2006 5:09 AM
Subject: Re: Backbone Monitoring Tools


> On Wed, 29 Mar 2006, Alexei Roudnev wrote:
>
> > I use snmpstatd - snmpstat.sf.net .
>
> Oooh, looks nice!
>
> > > From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of
> > > Ashe Canvar
>
> > >  2. actively detect routing changes / failover to redundant paths using
> > > traceroutes
> > >      i.e. alert if  SFO->CHG->NYC changes to SFO->LXE->HOU->NYC
> > >      ( link state protocols suck as far as testing backup paths go)
>
> Ashe,
>
> I've done this using "mon" (http://www.kernel.org/software/mon/). It comes
with
> two traceroute monitors which remember the past paths and alert when that
path
> changes. In fact, one of the monitors can even detect load-balanced
alternate
> paths, e.g. if there are multiple possible intermediate paths during
normal
> operation.
>
> You'll want to look at the latest 1.1 release from CVS:
>
>      http://www.kernel.org/software/mon/development.html
>
> > > 3. actively transfer a fixed file
> > >    i.e. draw a datarate grid between every datacenter and every other
> > > datacenter
>
> In fact, I belive people have done precisely this with mon before.
> Try asking on the mailing list, I'm quite sure someone will respond.
>
> > > I am in a buy vs. build debate with my boss ;)
>
> Build! I think mon gets you at least 90% to where you want to go.