Forum Discussion
NimbostratusSNMP GetBulk monitoring requests do not seem to work
Hi,
I'm trying to set up monitoring of the F5 devices using nagios scripts written in Perl (check_f5 and check_nwc_health) and they respond with timeouts to the requests.
Doing some investigation into this I discovered that the snmpget and snmpwalk commands on the F5 management addresses work just fine: snmpwalk -m ALL -v2c -c public F5ManagementIP 1.3.6.1.4.1.3375.2.1.1.2 | head SNMPv2-SMI::enterprises.3375.2.1.1.2.1.1.0 = INTEGER: 0 SNMPv2-SMI::enterprises.3375.2.1.1.2.1.2.0 = Counter64: 983340798 SNMPv2-SMI::enterprises.3375.2.1.1.2.1.3.0 = Counter64: 112772159957 SNMPv2-SMI::enterprises.3375.2.1.1.2.1.4.0 = Counter64: 585644606
Tcpdump seems to indicate that the GetBulk SNMP commands do not return a reply:
tcpdump -n host F5ManagementIP -vvv
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 09:15:58.877738 IP (tos 0x0, ttl 64, id 56416, offset 0, flags [DF], proto UDP (17), length 71) sourceIP.43657 > F5ManagementIP.161: [bad udp cksum 0xc481 -> 0xeae2!] { SNMPv2c { GetRequest(28) R=538669756 .1.3.6.1.2.1.1.3.0 } } 09:15:58.878928 IP (tos 0x0, ttl 62, id 0, offset 0, flags [DF], proto UDP (17), length 75) F5ManagementIP.161 > sourceIP.43657: [udp sum ok] { SNMPv2c { GetResponse(32) R=538669756 .1.3.6.1.2.1.1.3.0=1190441519 } } 09:15:58.879750 IP (tos 0x0, ttl 64, id 56417, offset 0, flags [DF], proto UDP (17), length 73) sourceIP.43657 > F5ManagementIP.161: [bad udp cksum 0xc483 -> 0xda2f!] { SNMPv2c { GetRequest(30) R=266087414 .1.3.6.1.6.3.10.2.1.3.0 } } 09:15:58.881019 IP (tos 0x0, ttl 62, id 0, offset 0, flags [DF], proto UDP (17), length 77)
...
sourceIP.43657 > F5ManagementIP.161: [bad udp cksum 0xc485 -> 0x09b7!] { SNMPv2c { GetBulk(32) R=83392938 N=0 M=100 .1.3.6.1.4.1.3375.2.1.3.1.2 } }
09:16:03.933493 IP (tos 0x0, ttl 64, id 56431, offset 0, flags [DF], proto UDP (17), length 75) sourceIP.43657 > F5ManagementIP.161: [bad udp cksum 0xc485 -> 0x09b7!] { SNMPv2c { GetBulk(32) R=83392938 N=0 M=100 .1.3.6.1.4.1.3375.2.1.3.1.2 } } 09:16:08.940560 IP (tos 0x0, ttl 64, id 56488, offset 0, flags [DF], proto UDP (17), length 75)
So it seems that the SNMPv2c commands GetRequest and GetNextRequest work just fine, but GetBulk does not for some reason.
The software version of the devices is BIG-IP 11.6.0 Build 3.36.412 Engineering Hotfix HF3.
The SNMP related configuration is: SNMP Access - allow the sourceIP SNMP Access (v1, v2c) - IPv4 public :
I also tried to add the specific host to the "SNMP Access (v1, v2c)" access list with RO access to all the OIDs, but that did not seem to make a difference.
If I understand correctly then this should allow all SNMP v1, v2c read only queries from the sourceIP.
Am I missing something in the configuration to allow full SNMP read only access? Or could there be something else that is misconfigured?
Thank you, Kalju
1 Reply
kaljusaks_20700I believe the problem was in the FW that did not allow bigger SNMP packets through. Unfortunately there does not seem to be a way to increase the allowed packet size in the FW.
The workaround to the problem is to force the checks to use SNMP version 1 which does not have the GetBulk request defined and therefore does not exceed the FW packet size limit.
This will decrease the performance, though.
