Category list

2.5 Maintaining SNMP Tools

The net-snmp package requires little maintenance. Occasionally, you may wish to add a MIB or update the software, but other than that, there is no routine maintenance necessary.

2.6 References and Further Study

There are a number of books available that discuss SNMP in greater depth, including Essential SNMP (O'Reilly and Associates, 2001) by Douglas R. Mauro and Kevin J. Schmidt. Both TCP/IP Illustrated, Volume 1 (Addison-Wesley, 1994) by W. Richard Stevens and Internetworking with TCP/IP (Prentice Hall, 2000) by Douglas Comer have sections with details about the SNMP protocol and associated standards.

RFCs 1155, 1156, and 1157, available from http://www.ietf.org/, are the original standards for SNMP. RFC 1157 defines SNMP itself, and RFC 1156 is the standard for MIB-I, now replaced by RFC 1213 for MIB-II. RFC 1155 defines the SMI and should now be read in conjunction with RFC 1212, which describes a concise format for use in a MIB.

Additionally, http://www.simpleweb.org/ has information on many MIBs, including a tool for browsing through MIB variables . It also has SNMP tutorials and references. Detailed information on using and writing MIBs can be found in the book Understanding SNMP MIBS (Prentice Hall PTR, 1996) by David Perkins and Evan McGinnis.

Chapter 3. MRTG

Section 3.1. Overview of MRTG

Section 3.2. What MRTG Can Help You Do

Section 3.3. Installing MRTG

Section 3.4. Configuring MRTG

Section 3.5. Using MRTG

Section 3.6. Maintaining MRTG

Section 3.7. References and Further Study

3.1 Overview of MRTG

MRTG is the Multi Router Traffic Grapher, a piece of free software released under the GNU General Public License. ^[1] It was written primarily by Tobias Oetiker and Dave Rand. MRTG produces Web pages that display graphs of bandwidth use on network links on daily, weekly, monthly, and yearly scales . This can be an invaluable tool for diagnosing network problems because it not only indicates the current status of the network but also lets you visually compare this with the history of network utilization.

^[1] The GNU General Public License can be found linked under "licenses" on http://www.gnu.org/.

MRTG relies on SNMP version one, and optionally SNMP version two, to obtain data from routers or other network hardware. Using the variables described in Chapter 1, MRTG sends SNMP requests every five minutes and stores the responses in a specialized data format. This format allows MRTG to present the daily, weekly, monthly, and yearly graphs without the data files forever growing larger. It does this by summarizing the older data as necessary. The graphs themselves are created in Portable Network Graphics (PNG) format and can be included in Web pages or used in other applications.

3.2 What MRTG Can Help You Do

In the middle of a crisis, or when you are debugging an immediate network problem, MRTG will allow you to view the traffic patterns of many networks at once and quickly determine if one or more is experiencing an abnormal traffic load. The fact that the graphs display the history of the network is key. In practice, it can be difficult to tell from immediate bandwidth and packet-per-second counts alone whether a network is operating normally. If a 100Mb/s link is carrying 85Mb/s of traffic, is this heavy but normal use or is the network straining under an attack? By having the history of the network available, you can look for sudden changes that might account for an operational problem. A denial-of-service attack that attempts to exhaust the available bandwidth on a network nearly always presents as a sudden, sustained increase in traffic levels; the attackers do not have much to gain by slowly ramping up the attack over a period of time.

When you are not tending to an immediate problem, MRTG is useful for studying trends in traffic on your network. It will help you understand how traffic is distributed across your network, plan capacity needs for the future, and so on.

A sample MRTG graph of a day's worth of network traffic is depicted in Figure 3.1. Note that time progresses to the left, not to the right. This is the default configuration and it is indicated at the bottom of the graph both by the small arrow at the left and by the direction of the time scale. Some MRTG configurations choose to increase time to the right, so be sure examine the graph first. The data at the top of the graph represents the amount of traffic sent into an interface, while the data at the bottom represents the amount of traffic sent out from an interface. You can see that over the past day, this router interface typically received about 20Mb/s of traffic and sent about 10Mb/s. You will also notice that just after 3:00 p.m. yesterday , there was a short spike in traffic out of the interface.

Figure 3.1. Sample Daily MRTG Graph.

graphics/03fig01.gif

While MRTG is most often used to collect data from router interfaces, it can also collect traffic data from switches or servers. In this way, you can monitor the bandwidth use of a particular machine. In fact, MRTG can be configured to collect any statistical data that a device makes available via SNMP.