We had a large carrier call us the other day with a messed up interface names issue in Scrutinizer.  The customer was exporting cflowd (NetFlow v5) from an Alcatel-Lucent SR 7750 running TMOS-C-5.0.R21. 

After a lengthy discussion, he feels the 7450 model might be using the same set of SNMP OIDs.  I thought I’d outline how we resolved the issue as this is a problem with another customer (carrier in Europe) that we helped with a similar problem involving Huawei switches.

What an Enigma

Anyway, here is the problem: Scrutinizer was displaying interface 68 with the wrong interface name:

Sorry my screen captures are a bit blurry.  I was using gotomeeting and his resolution was pretty high. Anyway, we figured out that the interface name we wanted was on instance 58:

What an Enigma.  So, as my statistics professor in graduate school said “so whatcha gunna doo”.  We got out a trusty MIB browser and started querying OIDs.  Right away we noticed that the SR 7750 cflowd was kicking out enterprise OIDs as the indexes in lieu of the traditional MIB-2 ifIndex.

Above you will see line 40 is instance 64 but, it is an enterprise OID: 1.3.6.1.4.1.6527.3.1.2.3.4.  Hmmm, we then scrolled to the left in this huge table and found that the interface name for line 40 was ATTIS2 which was displayed on instance 58 in Scrutinizer (see the 2nd screen capture way up above).    AAAAARG!

Check the router
We went in on the router and check to see what it would report for instance information.

You can see above that 58 and 68 are mapped together on the interface.  And, look at the OID below: 1.3.6.1.4.1.6527.3.1.2.3.4.1.4.1.58.  So what is the instance 68 displayed by Scrutinizer?

The instance 68 displayed by Scrutinizer is a proprietary description and by using the instance of this OID, we were able to find out that the instance for the description of ‘68’ is actually ‘58’.  From here we were able to map to the correct interface name.  We modified the Huawei script to work with the new OID scheme and voila:

Became:

FIXED, you can see above that instance 68 now has the description from 58.  Sweet!  The customer is happy as network traffic analysis  with your NetFlow Reporting tool is much easier when the interfaces make sense.  Call us if you are seeing a similar issue.  Our A Team might be able to help you out as well.

“I love it when a plan comes together”  Hannibal – The A Team

Mike Patterson author pic

Michael

Michael is one of the Co-founders and the former product manager for Scrutinizer. He enjoys many outdoor winter sports and often takes videos when he is snowmobiling, ice fishing or sledding with his kids. Cold weather and lots of snow make the best winters as far as he is concerned. Prior to starting Somix and Plixer, Mike worked in technical support at Cabletron Systems, acquired his Novell CNE and then moved to the training department for a few years. While in training he finished his Masters in Computer Information Systems from Southern New Hampshire University and then left technical training to pursue a new skill set in Professional Services. In 1998 he left the 'Tron' to start Somix which later became Plixer.

Related

Big Data

Sankey Flow Graph

One of the greatest benefits of NetFlow collection for traffic analysis, is we’re provided with the ability to visualize the…

Leave a Reply