0

Iam trying to get data from HP switches and Juniper firewalls and its port via snmp.

I am looking for the way how to analyze live traffic on port so I can create a graph of utilization of the ports like on Solarwinds or Observium.

So far I have the results I am getting are from the formula on How to calculate traffic on cisco

It works fine, however, every couple of readings I get abnormal speeds. I.e. for a virtual interface on the firewall, which is limited to 4MB I get 20+ MB every now and then.

I have a cron job which polls the devices every 5 minutes so the formula is using 300 seconds as a delta of time.

So the question is, is it possible for a port to be showing these abnormalities or am I doing something wrong? Any insight would be amazing :-)

Jakub Koudela
  • 160
  • 1
  • 18

1 Answers1

1

The problem is that you are using ifTable defined in RFC1213. It is sort of outdated due to ifInOctets and ifOutOctets are defined as 32-bit counters. So they will overflow and reset real fast and you'll face abnormal results when this happens. I'd suggest switching to ifXTable (IF-MIB) where these counters are defined as 64-bit values.

Andrew Komiagin
  • 6,446
  • 1
  • 13
  • 23
  • Or handle the "counter rollover" in your code. Google it for others' algorithms. – Gambit Support Oct 14 '19 at 14:30
  • Hey, This is now working as expected. I was using 64-bit values already but the formula in the article in my original post was not the same as the one used in observium. I have deleted the multiplication by 100 and iam getting same result now as observium/solarwinds :-) Thank you – Jakub Koudela Oct 16 '19 at 09:25