SNMP - LTM v9.x MIB Navigation
I had the opportunity to dissect the new LTM SNMP v9 MIB back when 9.0 first rolled. Here's a quick overview of how to navigate in its sometimes murky waters.
The LTM v9 MIB is considerably different from the BIG-IP 4.x MIB, and some of the new OIDs are not exactly intuitive, so I built a spreadsheet breaking out the MIB into tabs for each feature (LTMv9.0_MIB_deconstructed.zip) and some navigation techniques that have been really helpful in finding specific object OIDs. (Note: The spreadsheet only touches the most commonly used parts, and not all current features existed then.)
The spreadsheet correlates OIDs with human-readable names for the permanent branches of the MIB, so you can search by either one. That should save you some time, because it actually can be surprisingly difficult to find what you're looking for from the command line.
I've included in the spreasheet only the base OIDs, the ones that are permanent in the MIB. Wherever you see a "*", that means there are OIDs below that enumerate automatically for each object added. You'll want to check out the "Interesting Stats" tab in the spreadsheet for the specific OIDs you'll most likely be interested in. The "tree-relationships" tab shows the MIB-2 relationships for the non-F5 system MIBs, in case cross-referencing is required. The other tabs contain related MIBs or an entire MIB section for an LTM feature or feature set, and the purple highlighted rows are the ones that populate the "Interesting Stats" tab.
But perusing the spreadsheet will only get you so far. Once you've found the base OID, you may need to get a specific numeric OID for a single object.
Leaf objects are enumerated under the base branch in name-specific OIDs constructed using the ASCII-encoding decimal values for each character in the VS name.
For instance, the OID below is the base "VS client bytes out" OID:
.1.3.6.1.4.1.3375.2.2.10.2.3.1.9
To find an exact OID, you can figure out the ASCII equivalent of the VS/object name using your secret ASCII decoder ring
118.115.95.116.101.115.116 = "vs_test"
For OIDs related to objects with variable length string names or IP addresses, you'll also have to determine the "prefix" for the OID leaf. For string named objects, just count the number of characters in the object name (7 in this case). For IP address objects, the prefix will be either 4 for IPv4 or 6 for IPv6.
then construct the OID from these parts:
Base branch: .1.3.6.1.4.1.3375.2.2.10.2.3.1.9
Leaf prefix (# chars or version) .7
Object name (ASCII): .118.115.95.116.101.115.116
so the "VS client bytes out" OID for a specific VS named "vs_test" would be:
.1.3.6.1.4.1.3375.2.2.10.2.3.1.9.7.118.115.95.116.101.115.116
Alternatively, you can walk down the MIB branch to find the sepcific OID you want like this:
1. snmpwalk one or 2 levels above the base OID with -On output flag, grepping for object name:
snmpwalk -c public -v2c localhost -On .1.3.6.1.4.1.3375.2.2.10.2.3.1| grep test
which returns:
.1.3.6.1.4.1.3375.2.2.10.2.3.1.1.7.118.115.95.116.101.115.116 = STRING: vs_test
2. examine output for encoding of object name -- will be end of numeric OID:
118.115.95.116.101.115.116 = "vs_test"
3. snmpwalk the base OID with -On flag, grepping for encoded name, and examine output for the numeric OID:
snmpwalk -c public -v2c localhost -On .1.3.6.1.4.1.3375.2.2.10.2.3.1.9 | grep 118.115.95.116.101.115.116
which returns:
.1.3.6.1.4.1.3375.2.2.10.2.3.1.9.7.118.115.95.116.101.115.116 = Counter64: 0
Note the ".7" sandwiched between the base OID and the encoded VS name.
.1.3.6.1.4.1.3375.2.2.10.2.3.1.9.7.118.115.95.116.101.115.116 = Counter64: 0
It's that automagically inserted decimal counter of the total number of characters in the object name that I mentioned previously.
11 Comments
- You can translate between different formats of OIDS using the SNMP translate command. Using the net-snmp command set, you should do the following:
At the beginning of your session, you should make the MIB files in /usr/share/snmp/mibs known to the net-snmp commands (if you have a device with its own MIB, then put that file in /usr/share/snmp/mibs)
export MIBS=ALL
Then you may use the OIDs in ASCII to do the same thing.
[root@lovely ~] snmptranslate -On F5-BIGIP-SYSTEM-MIB::sysInterfaceStatPktsIn.\"1.1\"
.1.3.6.1.4.1.3375.2.1.2.4.4.3.1.2.3.49.46.49
[root@lovely mibs] snmptranslate -Oa .1.3.6.1.4.1.3375.2.1.3.1.2
F5-BIGIP-SYSTEM-MIB::sysCpuTable
[silverman@lovely C363773]$ snmptranslate -Of .1.3.6.1.4.1.3375.2.1.3.1.2
.iso.org.dod.internet.private.enterprises.f5.bigipTrafficMgmt.bigipSystem.sysPlatform.sysCpu.sysCpuTable
The S in SNMP stands for Simple, but I don't believe that:
snmpwalk -v2c -On -c public 172.24.74.3 F5-BIGIP-COMMON-MIB::f5 | wc -l
8471
For more information on these options. see
man snmpcmd - A case study
One of my fellow NSEs came to me with a problem: a customer is concerned about running out of memory on his LTM, and is there an SNMP OID he can monitor memory usage with it.
I had previously copied the F5 MIB files to /usr/share/snmp/mibs. I then grep'd for the word memory and I found a bunch of occurances. There were 4 which had descriptions that looked like what I was looking for: sysStatMemoryTotal, sysStatMemoryUsed, sysHostMemoryTotal and sysHostMemoryUsed. I did a little testing for reasonableness:
[silverman@cute mibs]$ snmpget -v2c -c public 172.24.2.68 F5-BIGIP-SYSTEM-MIB::sysStatMemoryUsed.0
F5-BIGIP-SYSTEM-MIB::sysStatMemoryUsed.0 = Counter64: 39706804
[silverman@cute mibs]$
tmstat says 39,816,296 but it is constantly changing slightly, so I am inclined to believe that this is what the customer wanted. 
Jose_Santiago_ONimbostratus
About the .7 between the base OID and the encoded vs name, that number is not the order in which the virtual server was created.
I have found all the statistics from my virtual servers and I have found this number is repeated several times in different virtual servers.
I hope someone could tell us how to find this number without doing a snmpwalk.- josantia: We've discovered there are a couple of branches for which an undocumented prefix is inserted into the OID before the object identifier (.7 for virtual servers, .4 for virtual IP addresses).
We are looking into the reason for that and a solution for bringing the textual and numeric representations of each object into alignment.
I'll be posting an update to this article when I have more information.
/deb - I have found 2 useful documents if you are looking to customise SNMP trap configurations on your BIG-IP:
1) Determining which alarms are pre-configured to trigger an SNMP trap
https://tech.f5.com/home/solutions/sol6414.html
2) Configuring custom SNMP traps
https://tech.f5.com/home/solutions/sol3727.html - OK, here's the scoop on the the "prefix" to the OID leaf values for virtual server names & addresses (the .4 and .7 previously mentioned).
For MIB objects that are named using variable length strings, the value is the number of characters in the object name string. So for a virtual server named "test", one OID would be:
.1.3.6.1.4.1.3375.2.2.10.13.2.1.1.4.116.101.115.116
Branch: .1.3.6.1.4.1.3375.2.2.10.13.2.1.1
Length: .4
Name: .116.101.115.116
For MIB objects representing IP addresses, the value is the IP address type (or version), so will be either 4 or 6. So for an IPv4 node address of 10.10.10.1, the OID would be:
.1.3.6.1.4.1.3375.2.2.4.1.2.1.2.1.4.10.10.10.1
Branch: .1.3.6.1.4.1.3375.2.2.4.1.2.1.2.1
Length: .4
Name: .10.10.10.1
HTH
/deb 
Ben_Wilson_2412Cirrus
Thanks for clearing this up. I am trying to create some graphs for Zenoss and this has been a headache.
Here's some perl to get the ordinal string:
perl -e "print join('.', map(ord, split('','vs_test')))"- To see an example of what you can do with SNMP in a simple bash script, point your browser at
http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=127 - Updating most recent comments to improve accuracy, will be re-posted soon...
DaveC_21078Altostratus
This is a big help. Thanks. I have a question. I want to look at and graph VS current connections, but all of those OIDs return zero for all VS's. OIDs like vs_addr ClientCurrConns * and vs EphemeralCurrConns *, while the BigIP shows curent connections. Does something need to be enabled to get these counters to report so I can graph them?
