SNMP Object Identifiers to Monitor ASR 1000 System Utilization
Available Languages
Download Options
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Contents
Introduction
This document describes the recommended Object Identifiers (OIDs) to be used in order to monitor the CPU and memory resources on the Cisco ASR 1000 Series modular routers. Unlike the software-based forwarding platforms, the ASR 1000 Series comprises these functional elements in its system:
- ASR 1000 Series Route Processor (RP)
- ASR 1000 Series Embedded Services Processor (ESP)
- ASR 1000 Series SPA Interface Processor (SIP)
As such, it is required to monitor the CPU and memory utilization by each of these processors in a production environment which results in additional OIDs to be polled per managed device.
Prerequisites
Requirements
Cisco recommends that you have knowledge of these topics:
- Simple Network Management Protocol (SNMP)
- Cisco IOS®-XE
Components Used
This document is not restricted to specific software and hardware versions.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
SNMP OID to Monitor Cisco IOSd Memory Utilization
On the ASR 1000, you need to use the OIDs designed for 64-bit architecture platforms in order to monitor memory usage:
| Processor Pool Free Memory | 1.3.6.1.4.1.9.9.221.1.1.1.1.20.7000.1 | (MIB-cempMemPoolHCFree) |
| Processor Pool Largest Memory | 1.3.6.1.4.1.9.9.221.1.1.1.1.22.7000.1 | (MIB-cempMemPoolHCLargestFree) |
| Processor Pool Used Memory | 1.3.6.1.4.1.9.9.221.1.1.1.1.18.7000.1 | (MIB-cempMemPoolHCUsed) |
| Processor Pool Lowest Memory | 1.3.6.1.4.1.9.9.221.1.1.1.1.24.7000.1 | (MIB-cempMemPoolHCLowestFree) |
Note: If you use the less specific OID in order to poll the Cisco IOSd memory statistics, the system yields two outputs - Cisco IOSd free memory (OID-7000.1) and Linux Shared Memory Punt Interface (LSMPI) memory (OID-7000.2). This might cause the management station to report a low memory alert for the LSMPI pool. The LSMPI memory pool is used in order to transfer packets from the forwarding processor to the route processor. On the ASR 1000 platform, the lsmpi_io pool has little free memory - generally less than 1000 bytes which is normal. Cisco recommends that you disable monitoring of the LSMPI pool by the network management applications in order to avoid false alarms.
SNMP OID to Monitor RP/ESP/SIP CPU Utilization
ASR1K#show platform software status control-processor brief | section Load
Load Average
Slot Status 1-Min 5-Min 15-Min
RP0 Healthy 0.75 0.47 0.41
ESP0 Healthy 0.00 0.00 0.00
SIP0 Healthy 0.00 0.00 0.00
It corresponds to:
1.3.6.1.4.1.9.9.109.1.1.1.1.24.2 = Gauge32: 75 -- 1 min RP0
1.3.6.1.4.1.9.9.109.1.1.1.1.24.3 = Gauge32: 0 -- 1 min ESP0
1.3.6.1.4.1.9.9.109.1.1.1.1.24.4 = Gauge32: 0 -- 1 min SIP0
1.3.6.1.4.1.9.9.109.1.1.1.1.25.2 = Gauge32: 47 -- 5 min RP0
1.3.6.1.4.1.9.9.109.1.1.1.1.25.3 = Gauge32: 0 -- 5 min ESP0
1.3.6.1.4.1.9.9.109.1.1.1.1.25.4 = Gauge32: 0 -- 5 min SIP0
1.3.6.1.4.1.9.9.109.1.1.1.1.26.2 = Gauge32: 41 -- 15 min RP0
1.3.6.1.4.1.9.9.109.1.1.1.1.26.3 = Gauge32: 0 -- 15 min ESP0
1.3.6.1.4.1.9.9.109.1.1.1.1.26.4 = Gauge32: 0 -- 15 min SIP0
Refer to Monitoring ASR Kernel Load CPU with EEM Script which explains how to use the above OIDs in order to monitor ASR 1000 kernel load CPUs.
Note: The RP2 contains two physical CPUs, but the CPUs are not monitored separately. The CPU utilization is the aggregate result of both the CPUs and therefore the cpmCPUTotalTable object contains only one entry for RP CPU. This might occasionally cause the management stations to report CPU utilization above 100%.
SNMP OID to Monitor RP/ESP/SIP Memory Utilization
These outputs list the OIDs to poll the individual memory statistics of each processor perceived by the show platform software status control-processor brief command.
ASR1K#show platform software status control-processor brief | s Memory
Memory (kB)
Slot Status Total Used(Pct) Free (Pct) Committed (Pct)
RP0 Healthy 3874504 2188404 (56%) 1686100 (44%) 2155996 (56%)
ESP0 Healthy 969088 590880 (61%) 378208 (39%) 363840 (38%)
SIP0 Healthy 471832 295292 (63%) 176540 (37%) 288540 (61%)
(cpmCPUMemoryHCUsed)
1.3.6.1.4.1.9.9.109.1.1.1.1.17.2 = Counter64: 590880 -ESP Used memory
1.3.6.1.4.1.9.9.109.1.1.1.1.17.3 = Counter64: 2188404 -RP used memory
1.3.6.1.4.1.9.9.109.1.1.1.1.17.4 = Counter64: 295292 -SIP used memory
(cpmCPUMemoryHCFree)
1.3.6.1.4.1.9.9.109.1.1.1.1.19.2 = Counter64: 378208 -ESP free Memory
1.3.6.1.4.1.9.9.109.1.1.1.1.19.3 = Counter64: 1686100 -RP free Memory
1.3.6.1.4.1.9.9.109.1.1.1.1.19.4 = Counter64: 176540 -SIP free memory
cpmCPUMemoryHCCommitted)
1.3.6.1.4.1.9.9.109.1.1.1.1.29.2 = Counter64: 363840 -ESP Committed Memory
1.3.6.1.4.1.9.9.109.1.1.1.1.29.3 = Counter64: 2155996 -RP Committed Memory
1.3.6.1.4.1.9.9.109.1.1.1.1.29.4 = Counter64: 288540 -SIP committed memory
Note: The previous OIDs yields only a single output for 1RU (rack unit) platforms such as the ASR 1001 and ADR 1002-X. The control CPU on ASR 1001 has three logical functions - RP, FP (Forwarding Processor), and CC (Carrier Card). All the functions that would normally be spread across different boards in an ASR 1002 run on the same CPU in ASR 1001.
Enable CoPP in Order to Protect from SNMP Overpolling
The configuration of Control Plane Policing (CoPP) provides better platform reliability and availability in the event of a Denial of Service (DoS) attack. The CoPP feature treats the control plane as a separate entity with its own interface for ingress and egress traffic. This interface is called the punt/inject interface. The deployment of the CoPP policy needs to be done in a phased approach. The initial phase should police packets at a liberal state in order to allow for analysis in the testing and initial migration/deployment phases. Once deployed, each of the classes associated with the CoPP policy should be checked and rates adjusted. A typical example of how to enable CoPP in order to protect the control plane against overpolling is shown here:
class-map match-all SNMP
match access-group name SNMP
!
!
ip access-list extended SNMP
permit udp any any eq snmp
!
policy-map CONTROL-PLANE-POLICY
description CoPP for snmp
class SNMP
police rate 10 pps burst 10 packets
conform-action transmit
exceed-action drop
!
Activate the policy-map as indicated here:
ASR1K(config)#control-plane
ASR1K(config-cp)#service-policy input CONTROL-PLANE-POLICY
ASR1K(config-cp)#end
Contributed by Cisco Engineers
- Vishnu AsokCisco TAC Engineer
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)