在尝试诊断网络问题时,我经常问的一个问题是"连接到模块接口的交换机端口是什么状态?"。典型的回答是"我需要问网络人员"。现在利用简单网络管理协议(SNMP)的魔力和附带的命令宏,可能就不用问了。
所有可管理的交换机(包括同时作为交换机的路由器)都会响应SNMP请求。SNMP协议受密码保护,即所谓的社区字符串。通常有一个密码用于读取,另一个用于写入。我当然可以理解你的网络人员不想给你写的社区字符串,但如果你问得好,他们可能会给你读的字符串。毕竟,读应该没有什么坏处,如果你自己能做到,就不用麻烦他们了。不过,在问之前,你不妨试试标准的默认字符串,也就是"public"。如果行得通,根本不用问。
SNMP数据是由MIB(管理信息库)组织的。"接口"表在MIB-II MIB中,敢说所有支持SNMP的设备都支持该表。该表包括错误、字节和数据包计数器。虽然信息量不大,但足以确定你的模块接口与网络之间连接的基本健康状况。接口MIB在RFC-1213"基于TCP/IP的内部网的网络管理信息库。MIB-II" 你可以在http://www.ietf.org/rfc/rfc1213.txt 找到一份。
该宏提供了三种方式来确定要查询的交换机上的各个端口。第一种是通过接口名称。利用名称它使用netstat命令确定接口的MAC地址,并查询交换机的转发表,确定哪个端口与MAC地址相关联。
get_switch_interface_stats 172.16.1.222 #sdlmux.m16.11-3
名字前面的IP地址是交换机的IP地址。
也可以提供MAC地址,格式为XX-XX-XX-XX-XX-XX-XX。这是查看备用适配器的交换机连接的一种方式。
get_switch_interface_stats 172.16.1.222 00-00-a8-44-52-22 -type mac
最后你可以只提供端口索引。根据交换机的不同,这可能是实际的端口号或基于端口号的东西。在下面的例子中,端口号是48,但索引是1048。
get_switch_interface_stats.cm 172.16.1.222 1048 -type port
在下面的示例输出中,你会注意到,第一道和第二道之间的时间戳相差略多于60秒。这是因为时间戳是在查询之前打印的,而查询需要时间。
为什么有两个通道?计数器通常不会被清除,所以一个单一的值并不能让你了解计数器的变化速度。宏会同时显示第一个和第二个值,并为您做减法。
get_switch_interface_stats.cm 172.16.1.222 1048 -type port 172.16.1.222 1048 -type port public -sleep 60
Collecting results pass 1 10-01-20.11:32:21 sleeping for 60 seconds Collecting results pass 2 10-01-20.11:33:23
Port Index : 1048 Port name : "X350-48t Port 48" Speed : 1000 Administrative Status : up(1) up(1) Operation Status : up(1) up(1) In Octets : 205663121 - 205568072 = 95049 In Unicast Packets : 1336981429 - 1336981157 = 272 In non-Unicast Packets : 330419202 - 330418397 = 805 In Discards : 0 - 0 = 0 In Errors : 0 - 0 = 0 In Unknown Protocols : 0 - 0 = 0 Out Octets : 290040991 - 290003159 = 37832 Out Unicast Packets : 1570859994 - 1570859741 = 253 Out non-Unicast Packets : 4386374 - 4386362 = 12 Out Discards : 0 - 0 = 0 Out Errors : 0 - 0 = 0 Out Q Length : 0 - 0 = 0 |
在理想的情况下,永远不会出现任何错误或丢弃,所以如果这些计数器是非零,应该调查原因。数据包计数可以让你了解数据包的数量。如果出站数据包(从交换机到接口的数据包)的数量非常少,你就知道交换机与网络其他部分的连接可能存在问题。异常高的非单播传出数据包数量可能表明网络上的某些主机正在用广播或组播充斥网络。如果传入的数据包数很低,你必须问为什么模块上的应用程序没有以预期的速率传输。这里的关键是要知道什么是不寻常的,这就需要建立一个基线。
唯一不明确的值是管理状态和操作状态。如果操作状态显示下降,你就知道交换机和接口之间的连接出现了问题;如果管理状态显示下降,你就知道有人禁用了你的网络连接。如果管理状态显示下降,你就知道有人禁用了你的网络连接。
如果链路断了,如何查询交换机端口知道链路断了?可以通过其他模块的mac地址或者端口索引来查询交换机。但是,如果链路已经宕机了一段时间,有可能MAC地址已经从交换机的转发表中清除了。如果是这种情况,你将需要使用端口索引形式的命令。
SNMP 命令可以在 >system>maint_library 中找到。它们是 NET-SNMP 命令的一个端口,文档可以在http://www.net-snmp.org/ 找到。请注意,不需要在模块上运行 SNMP 服务器 (snmpd),即可对交换机运行这些命令。
& get_switch_interface_stats.cm begins here
& & get_switch_interface_stats.cm & version 1.0 10-01-20 & noah.davids@stratus.com & & &begin_parameters SWITCH switch:string,req ID id:string,req TYPE option(-type),name,allow(int,mac,port),=int COMMUNITY community:string=public SLEEP option(-sleep),number,=60 &end_parameters & & &if (process_type) = 'batch' &then &do set_ready -format off &echo no_command_lines no_macro_lines no_input_lines &end & & & display input arguments display_line &SWITCH& &ID& -type &TYPE& &COMMUNITY& -sleep &SLEEP& & & &set_string INTERFACE_NAME '' &set_string MAC_ADDR '' &set_string IDX '' &if &TYPE& = int &then &set_string INTERFACE_NAME &ID& &if &TYPE& = mac &then &set_string MAC_ADDR &ID& &if &TYPE& = port &then &set_string IDX &ID& & & &set_string TEST (process_dir)>test &set_string INTERFACE (process_dir)>interface &set_string MAC (process_dir)>mac &set_string INDEX (process_dir)>index &set_string R1 (process_dir)>r1 &set_string R2 (process_dir)>r2 & & & make sure we can get a response from the switch attach_default_output &TEST& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::sysName.0 detach_default_output &if (file_info &TEST& blocks_used) = 0 &then &goto NOSWITCH
& &if (length &IDX&) = 0 &then &do &if (length &INTERFACE_NAME&) > 0 &then &do attach_default_output &INTERFACE& netstat -interface &INTERFACE_NAME& detach_default_output &if (file_info &INTERFACE& blocks_used) = 0 &then &goto NOINTERFACE display &INTERFACE& -match 'MAC Address' -no_header -output_path &MAC& &set_string MAC_ADDR (substr (contents &MAC& 1) 14) &end &if (length &MAC_ADDR&) < 17 &then &goto BADMAC &set_string OCT1 (decimal (substr &MAC_ADDR& 1 2)x) &set_string OCT2 (decimal (substr &MAC_ADDR& 4 2)x) &set_string OCT3 (decimal (substr &MAC_ADDR& 7 2)x) &set_string OCT4 (decimal (substr &MAC_ADDR& 10 2)x) &set_string OCT5 (decimal (substr &MAC_ADDR& 13 2)x) &set_string OCT6 (decimal (substr &MAC_ADDR& 16 2)x) & & & query the forwarding table using the MAC adress to get the switch & port number. The forwarding table is in the BRIDGE-MIB and is the & dot1dTpFdbPort attach_default_output &INDEX& snmpget -v 2c -c &COMMUNITY& &SWITCH& &+ .1.3.6.1.2.1.17.4.3.1.2.&OCT1&.&OCT2&.&OCT3&.&OCT4&.&OCT5&.&OCT6& detach_default_output &set_string TEMP (reverse (contents &INDEX& 1)) &set_string IDX (index (string &TEMP&) ' ') &set_string IDX (reverse (substr (string &TEMP&) 1 (calc &IDX& - 1))) & if after all that manipulation IDX is "OID" it means that the & forwarding table did not contain the MAC address &if &IDX& = OID &then &goto NOTFOUND & & dump the entire interface index table and use the port number from above & to index into the table to get the port index attach_default_output &INDEX& snmpwalk -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifIndex detach_default_output &set_string IDX (substr (contents &INDEX& &IDX&) 22) &set_string IDX (substr (string &IDX&) 1 &+ (calc (index (string &IDX&) ' ') - 1)) &end & & display_line display_line Collecting results pass 1 (date).(time) & & attach_default_output &R1& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifDescr.&IDX& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifSpeed.&IDX& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifAdminStatus.&IDX& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifOperStatus.&IDX& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifLastChange.&IDX& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifInOctets.&IDX& <snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifInUcastPkts.&IDX& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifInNUcastPkts.&IDX& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifInDiscards.&IDX& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifInErrors.&IDX& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifInUnknownProtos.&IDX& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifOutOctets.&IDX& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifOutUcastPkts.&IDX& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifOutNUcastPkts.&IDX& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifOutDiscards.&IDX& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifOutErrors.&IDX& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifOutQLen.&IDX& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifSpecific.&IDX& <detach_default_output & & & if the last 3 characters of the first line are OID it means that the & switch does not suppor the query - probably the index is index is wrong. &if (substr (reverse (contents &R1& 1)) 1 3) = DIO &then &goto NOIDX & & display_line sleeping for &SLEEP& seconds sleep -seconds &SLEEP& & & display_line Collecting results pass 2 (date).(time) attach_default_output &R2& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifDescr.&IDX& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifSpeed.&IDX& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifAdminStatus.&IDX& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifOperStatus.&IDX& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifLastChange.&IDX& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifInOctets.&IDX& <snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifInUcastPkts.&IDX& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifInNUcastPkts.&IDX& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifInDiscards.&IDX& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifInErrors.&IDX& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifInUnknownProtos.&IDX& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifOutOctets.&IDX& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifOutUcastPkts.&IDX& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifOutNUcastPkts.&IDX& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifOutDiscards.&IDX& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifOutErrors.&IDX& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifOutQLen.&IDX& snmpget -v 2c -c &COMMUNITY& &SWITCH& RFC1213-MIB::ifSpecific.&IDX& detach_default_output & & display_line display_line display_line Port Index : ' ' &IDX&
&set LIDX (length &IDX&)
&set START (calc 33 + &LIDX&) display_line Port name : ' ' (substr (contents &R1& 1) &START&)
&set START (calc 34 + &LIDX&) display_line Speed : ' ' &+ (calc (substr (contents &R1& 2) &START&) / 1000000)
&set START (calc 40 + &LIDX&) display_line Administrative Status : ' ' &+ (substr (contents &R2& 3) &START&) (substr (contents &R1& 3) &START&)
&set START (calc 39 + &LIDX&) display_line Operation Status : ' ' &+ (substr (contents &R2& 4) &START&) (substr (contents &R1& 4) &START&)
&set START (calc 39 + &LIDX&) &set V1 (substr (contents &R1& 6) &START&) &set V2 (substr (contents &R2& 6) &START&) display_line In Octets : ' ' &V2& - &V1& = (calc &V2& - &V1&)
&set START (calc 42 + &LIDX&) &set V1 (substr (contents &R1& 7) &START&) &set V2 (substr (contents &R2& 7) &START&) display_line In Unicast Packets : ' '&V2& - &V1& = (calc &V2& - &V1&)
&set START (calc 43 + &LIDX&) &set V1 (substr (contents &R1& 8) &START&) &set V2 (substr (contents &R2& 8) &START&) display_line In non-Unicast Packets : ' ' &V2& - &V1& = (calc &V2& - &V1&)
&set START (calc 41 + &LIDX&) &set V1 (substr (contents &R1& 9) &START&) &set V2 (substr (contents &R2& 9) &START&) display_line In Discards : ' ' &V2& - &V1& = (calc &V2& - &V1&)
&set START (calc 39 + &LIDX&) &set V1 (substr (contents &R1& 10) &START&) &set V2 (substr (contents &R2& 10) &START&) display_line In Errors : ' ' &V2& - &V1& = (calc &V2& - &V1&)
&set START (calc 46 + &LIDX&) < &set V1 (substr (contents &R1& 11) &START&) &set V2 (substr (contents &R2& 11) &START&) display_line In Unknown Protocols : ' ' &V2& - &V1& = (calc &V2& - &V1&)
&set START (calc 40 + &LIDX&) &set V1 (substr (contents &R1& 12) &START&) &set V2 (substr (contents &R2& 12) &START&) display_line Out Octets : ' ' &V2& - &V1& = (calc &V2& - &V1&)
&set START (calc 43 + &LIDX&) &set V1 (substr (contents &R1& 13) &START&) &set V2 (substr (contents &R2& 13) &START&) display_line Out Unicast Packets : ' ' &V2& - &V1& = (calc &V2& - &V1&)
&set START (calc 44 + &LIDX&) &set V1 (substr (contents &R1& 14) &START&) &set V2 (substr (contents &R2& 14) &START&) display_line Out non-Unicast Packets : ' ' &V2& - &V1& = (calc &V2& - &V1&)
&set START (calc 42 + &LIDX&) &set V1 (substr (contents &R1& 15) &START&) &set V2 (substr (contents &R2& 15) &START&) display_line Out Discards : ' ' &V2& - &V1& = (calc &V2& - &V1&)
&set START (calc 40 + &LIDX&) &set V1 (substr (contents &R1& 16) &START&) &set V2 (substr (contents &R2& 16) &START&) display_line Out Errors : ' ' &V2& - &V1& = (calc &V2& - &V1&)
&set START (calc 36 + &LIDX&) &set V1 (substr (contents &R1& 17) &START&) &set V2 (substr (contents &R2& 17) &START&) display_line Out Q Length : ' ' &V2& - &V1& = (calc &V2& - &V1&) &return
& &label NOSWITCH display_line display_line <span style="font-family: Courier New,monospace;"display_line &SWITCH& is not responding to SNMP queries using &+ the community string &COMMUNITY& &return & & &label NOINTERFACE display_line display_line display_line &INTERFACE_NAME& is not an STCP interface on this module &return &
&
&label BADMAC
display_line
display_line
display_line MAC address &MAC_ADDR& is not in the format of XX:XX:XX:XX:XX:XX
display_line each octet must be 2 characters
&return & & &label NOTFOUND display_line display_line &if (length &INTERFACE_NAME&) > 0 &then &do display_line MAC address &MAC_ADDR& for interface &INTERFACE_NAME& display_line not found in switch &SWITCH& &end &else &do display_line MAC address &MAC_ADDR& not found in switch &SWITCH& &end &return & & &label NOIDX display_line display_line display_line No data found for switch port &IDX& in switch &SWITCH& & & & get_switch_interface_stats.cm ends here |