Forum Discussion
Sudheer_Nair_88
Cirrus
CirrusNeed help understanding SNMPTrap::::::Connection Limit Exceeded
Device: Bigip LTM running 9.4.5
Issue:
We are seeing regular occurence of the below SNMP alert in our monitoring console, but we were unable to find an issue or a relating log in the LTM.
SNMPTrap::::::Connection Limit Exceeded Connection Limit Exceeded
This alert occurs almost everyday, sometimes twice a day from only a couple of LTMs in our network. We are using EMC Smarts Incharge to monitor the network devices, and here is where we receive the alerts. In few cases, whenever this alert appeared, we have seen logs like below on the LTMs, but this is not the case always.
tmm tmm[1666]: 011e0001:4: Limiting closed port RST response from 324 to 250 packets/sec
tmm tmm[1666]: 01200006:4: Packet rejected remote IP 10.2.2.1 port 55409 local IP 10.10.10.4 port 443 proto TCP: Destination VIP disabled.
I did verify the SNMP configs at etc/alertd/alert.conf, config/user_alert.conf but did not see an alert configured for this. Also the EMC Smarts Incharge console doesnt display SNMP OID information for this alert ( I can see SNMP OID info for other alerts though).
Also, we do not have connection limit configured for any objects in our LTM.
I am trying to understand the cause behind this alert, any help or suggestion is highly appreciated.
- The MIB that is in EMC is probably old and this is why you are seeing this message.
We get this with our monitoring system as well and when I asked the vendor they said that it was from the MIB.
We cannot update MIBs with our system. This occurred when we when to V10 and we are stuck with it. It is very annoying and we have had to write extra parsing on the message to filter this rubbish out.
Cheers
David.
hooleylistCirrostratus
Hi Sudheer,
That pair of alerts indicates that the 10.10.10.4:443 VS is disabled (or maybe the virtual address, 10.10.10.4 is disabled) and TMM is rejecting packets sent to it. Can you check if the VS is disabled?
Aaron
Sudheer_Nair_88Hi Aron
Yes, the VS is disabled, so TMM rejecting traffic is normal.
My worry is about the SNMPTrap: Connection Limit Exceed, for which i have been not able to find a clue.
Also, this log doesn't appear every time i see the SNMPTrap, it is only in few cases that the log followed the trap.
Michael_YatesNimbostratus
If I am reading your post correctly you said that you are getting the "SNMPTrap::::::Connection Limit Exceeded Connection Limit Exceeded" alert in your monitoring console.
I don't believe that this is a problem with your BigIP, it might be a limitation of your monitoring console getting flooded with SNMP Traps from the BigIP. The notifications should be proportional to the amount of incidents that the BigIP is trying to notify you about (in this case it could be the traffic rejected by a disabled VIP or a combination with other events).
I've gotten the same type of Packet rejected messages that you are getting in your LTM Log, they are just informational. They only impact they have is increasing your LTM Log File Size. If you want to get rid of the alerts you can enable the VIP and apply a traffic drop iRule on it.- Sudheer_Nair_88Thanks Michael Even i suspect, if the EMC Smarts monitoring tool is misconfigured. Let me dig further..
RACQ_74493The MIB that is in EMC is probably old and this is why you are seeing this message.
We get this with our monitoring system as well and when I asked the vendor they said that it was from the MIB.
We cannot update MIBs with our system. This occurred when we when to V10 and we are stuck with it. It is very annoying and we have had to write extra parsing on the message to filter this rubbish out.
Cheers
David.- Sudheer_Nair_88Yeppy :) the mystery unwinded atlast, it was a wrong SNMP OID that's configured on the monitoring console..
The SNMP guys are correcting it, happy that we wont see the false alarm again :)
LTM was reporting the event "Packet rejected for disabled VIP" but the monitoring tool was sensing it as "Connection Limit Exceed" due to the misconfigured SNMP OID.
Thanks for all inputs throughout.