Forum Discussion

mindraghanti_61's avatar
mindraghanti_61
Icon for Nimbostratus rankNimbostratus
Jun 14, 2011

Issue with snmp response on BigIP LTM 1600 10.2.1

Hi folks,

 

 

I have 2 x snmp communities configured on a BigIP 1600 LTM running version 10.2.1 with the latest hotfixes.

 

 

One of the snmp communiy hosts the cacti server and there is no issue with the snmpwalk from the cacti server.

 

 

The problem on the 2nd snmp community with a snmpwalk from a HPOV machine is the problem.

 

 

there is no issue in routing and reachability - ping and routing works. I can see the snmpwalk request come in (running tcpdump), however the BigIP LTM fails to responds back to the snmp query and eventaully the HPOV hosts timesout -

 

 

Any ideas if we are able to run 2 x snmp communites and 2 x seperate hosts gatering stats for the BigIP LTM?

 

 

My tcpdump is as below - Please note I have changed the comm string and source and dest IP for security reasons however the example below is close as it can get to the actual tcpdump.

 

 

I would appreciate if anyone has come across this issue before I raise a case with F5.

 

 

Thanks and regards

 

Indy

 

 

 

[root@melltm1f1600:Active] / tcpdump -ni 1.2 host 210.50.172.20 -v tcpdump: listening on 1.2, link-type EN10MB (Ethernet), capture size 108 bytes 13:38:25.935602 IP (tos 0x0, ttl 250, id 35971, offset 0, flags [DF], proto: UDP (17), length: 72) 210.50.172.20.64455 > 202.138.20.6.snmp: { SNMPv2c C=******** { GetNextRequest(19) R=19651 .1.3 } } 13:38:29.742596 IP (tos 0x0, ttl 250, id 35972, offset 0, flags [DF], proto: UDP (17), length: 72) 210.50.172.20.64455 > 202.138.20.6.snmp: { SNMPv2c C=******** { GetNextRequest(19) R=19651 .1.3 } } 13:38:37.756657 IP (tos 0x0, ttl 250, id 35973, offset 0, flags [DF], proto: UDP (17), length: 72) 210.50.172.20.64455 > 202.138.20.6.snmp: { SNMPv2c C=******** { GetNextRequest(19) R=19651 .1.3 } } 13:38:53.787804 IP (tos 0x0, ttl 250, id 35974, offset 0, flags [DF], proto: UDP (17), length: 72) 210.50.172.20.64455 > 202.138.20.6.snmp: { SNMPv2c C=******** { GetNextRequest(19) R=19651 .1.3 } } 13:38:54.787806 IP (tos 0x0, ttl 250, id 35975, offset 0, flags [DF], proto: ICMP (1), length: 84) 210.50.172.20 > 202.138.20.6: ICMP echo request, id 16444, seq 28140, length 64 13:38:54.787806 IP (tos 0x0, ttl 255, id 7486, offset 0, flags [DF], proto: ICMP (1), length: 84) 202.138.20.6 > 210.50.172.20: ICMP echo reply, id 16444, seq 28140, length 64 13:40:29.375023 IP (tos 0x0, ttl 250, id 15556, offset 0, flags [DF], proto: ICMP (1), length: 84) 210.50.172.20 > 202.138.56.6: ICMP echo request, id 16444, seq 33558, length 64 13:40:29.375023 IP (tos 0x0, ttl 255, id 7591, offset 0, flags [DF], proto: ICMP (1), length: 84) 202.138.56.6 > 210.50.172.20: ICMP echo reply, id 16444, seq 33558, length 64 13:41:54.535432 IP (tos 0x0, ttl 250, id 35976, offset 0, flags [DF], proto: ICMP (1), length: 84) 210.50.172.20 > 202.138.20.6: ICMP echo request, id 16444, seq 34155, length 64 13:41:54.535432 IP (tos 0x0, ttl 255, id 7687, offset 0, flags [DF], proto: ICMP (1), length: 84) 202.138.20.6 > 210.50.172.20: ICMP echo reply, id 16444, seq 34155, length 64 13:43:29.113277 IP (tos 0x0, ttl 250, id 15557, offset 0, flags [DF], proto: ICMP (1), length: 84) 210.50.172.20 > 202.138.56.6: ICMP echo request, id 16444, seq 39575, length 64 13:43:29.113277 IP (tos 0x0, ttl 255, id 7801, offset 0, flags [DF], proto: ICMP (1), length: 84) 202.138.56.6 > 210.50.172.20: ICMP echo reply, id 16444, seq 39575, length 64 13:44:54.683822 IP (tos 0x0, ttl 250, id 35977, offset 0, flags [DF], proto: ICMP (1), length: 84) 210.50.172.20 > 202.138.20.6: ICMP echo request, id 16444, seq 40173, length 64 13:44:54.683822 IP (tos 0x0, ttl 255, id 7896, offset 0, flags [DF], proto: ICMP (1), length: 84) 202.138.20.6 > 210.50.172.20: ICMP echo reply, id 16444, seq 40173, length 64

 

  • Here's a cleaner version of the tcpdump:

     tcpdump -ni 1.2 host 210.50.172.20 -v tcpdump: listening on 1.2, link-type EN10MB (Ethernet), capture size 108 bytes 
    
    13:38:25.935602 IP (tos 0x0, ttl 250, id 35971, offset 0, flags [DF], proto: UDP (17), length: 72) 210.50.172.20.64455 > 202.138.20.6.snmp: { SNMPv2c C=******** { GetNextRequest(19) R=19651 .1.3 } } 
    13:38:29.742596 IP (tos 0x0, ttl 250, id 35972, offset 0, flags [DF], proto: UDP (17), length: 72) 210.50.172.20.64455 > 202.138.20.6.snmp: { SNMPv2c C=******** { GetNextRequest(19) R=19651 .1.3 } } 
    13:38:37.756657 IP (tos 0x0, ttl 250, id 35973, offset 0, flags [DF], proto: UDP (17), length: 72) 210.50.172.20.64455 > 202.138.20.6.snmp: { SNMPv2c C=******** { GetNextRequest(19) R=19651 .1.3 } } 
    13:38:53.787804 IP (tos 0x0, ttl 250, id 35974, offset 0, flags [DF], proto: UDP (17), length: 72) 210.50.172.20.64455 > 202.138.20.6.snmp: { SNMPv2c C=******** { GetNextRequest(19) R=19651 .1.3 } } 
    
    13:38:54.787806 IP (tos 0x0, ttl 250, id 35975, offset 0, flags [DF], proto: ICMP (1), length: 84) 210.50.172.20 > 202.138.20.6: ICMP echo request, id 16444, seq 28140, length 64 
    13:38:54.787806 IP (tos 0x0, ttl 255, id 7486, offset 0, flags [DF], proto: ICMP (1), length: 84) 202.138.20.6 > 210.50.172.20: ICMP echo reply, id 16444, seq 28140, length 64 
    13:40:29.375023 IP (tos 0x0, ttl 250, id 15556, offset 0, flags [DF], proto: ICMP (1), length: 84) 210.50.172.20 > 202.138.56.6: ICMP echo request, id 16444, seq 33558, length 64 
    13:40:29.375023 IP (tos 0x0, ttl 255, id 7591, offset 0, flags [DF], proto: ICMP (1), length: 84) 202.138.56.6 > 210.50.172.20: ICMP echo reply, id 16444, seq 33558, length 64 
    13:41:54.535432 IP (tos 0x0, ttl 250, id 35976, offset 0, flags [DF], proto: ICMP (1), length: 84) 210.50.172.20 > 202.138.20.6: ICMP echo request, id 16444, seq 34155, length 64 
    13:41:54.535432 IP (tos 0x0, ttl 255, id 7687, offset 0, flags [DF], proto: ICMP (1), length: 84) 202.138.20.6 > 210.50.172.20: ICMP echo reply, id 16444, seq 34155, length 64 
    13:43:29.113277 IP (tos 0x0, ttl 250, id 15557, offset 0, flags [DF], proto: ICMP (1), length: 84) 210.50.172.20 > 202.138.56.6: ICMP echo request, id 16444, seq 39575, length 64 
    13:43:29.113277 IP (tos 0x0, ttl 255, id 7801, offset 0, flags [DF], proto: ICMP (1), length: 84) 202.138.56.6 > 210.50.172.20: ICMP echo reply, id 16444, seq 39575, length 64 
    13:44:54.683822 IP (tos 0x0, ttl 250, id 35977, offset 0, flags [DF], proto: ICMP (1), length: 84) 210.50.172.20 > 202.138.20.6: ICMP echo request, id 16444, seq 40173, length 64 
    13:44:54.683822 IP (tos 0x0, ttl 255, id 7896, offset 0, flags [DF], proto: ICMP (1), length: 84) 202.138.20.6 > 210.50.172.20: ICMP echo reply, id 16444, seq 40173, length 64 
    

    I think you should be able to use multiple community strings and polling hosts. If you swap the community strings that the pollers use do they still fail? Do you have any packet filters enabled?

    Aaron
  • have u checked /config/snmp/snmpd.conf and /etc/hosts.allow? is there anything suspicious there?