SNMP ifHCInOctets/ifHCOutOctets are missing on SG-3100



  • One of our firewalls is an SG-3100 running 2.4.4-RELEASE-p1

    It seems that the 64-bit counters ifHCInOctets and ifHCOutOctets are missing - except I briefly saw them from one interface, although they were zero.

    # snmpwalk -v2c 192.168.7.2 ifXTable | grep ifHC
    IF-MIB::ifHCInOctets.3 = Counter64: 0
    IF-MIB::ifHCInUcastPkts.3 = Counter64: 0
    IF-MIB::ifHCInMulticastPkts.3 = Counter64: 0
    IF-MIB::ifHCInBroadcastPkts.3 = Counter64: 0
    IF-MIB::ifHCOutOctets.3 = Counter64: 0
    IF-MIB::ifHCOutUcastPkts.3 = Counter64: 0
    IF-MIB::ifHCOutMulticastPkts.3 = Counter64: 0
    IF-MIB::ifHCOutBroadcastPkts.3 = Counter64: 0
    

    And oddly, they vanished when I tried it again:

    # snmpwalk -v2c 192.168.7.2 ifXTable | grep '\.3 = '
    IF-MIB::ifName.3 = STRING: e6000sw0port1
    IF-MIB::ifInMulticastPkts.3 = Counter32: 0
    IF-MIB::ifInBroadcastPkts.3 = Counter32: 0
    IF-MIB::ifOutMulticastPkts.3 = Counter32: 0
    IF-MIB::ifOutBroadcastPkts.3 = Counter32: 0
    IF-MIB::ifLinkUpDownTrapEnable.3 = INTEGER: enabled(1)
    IF-MIB::ifHighSpeed.3 = Gauge32: 0
    IF-MIB::ifPromiscuousMode.3 = INTEGER: false(2)
    IF-MIB::ifConnectorPresent.3 = INTEGER: true(1)
    IF-MIB::ifAlias.3 = STRING:
    IF-MIB::ifCounterDiscontinuityTime.3 = Timeticks: (0) 0:00:00.00
    

    Here are all the configured interfaces:

    # snmpwalk -v2c 192.168.7.2 ifXTable | grep ifName
    IF-MIB::ifName.1 = STRING: mvneta0
    IF-MIB::ifName.2 = STRING: mvneta1
    IF-MIB::ifName.3 = STRING: e6000sw0port1
    IF-MIB::ifName.4 = STRING: e6000sw0port2
    IF-MIB::ifName.5 = STRING: e6000sw0port3
    IF-MIB::ifName.6 = STRING: e6000sw0port4
    IF-MIB::ifName.7 = STRING: e6000sw0port5
    IF-MIB::ifName.8 = STRING: mvneta2
    IF-MIB::ifName.9 = STRING: enc0
    IF-MIB::ifName.10 = STRING: lo0
    IF-MIB::ifName.11 = STRING: pflog0
    IF-MIB::ifName.12 = STRING: pfsync0
    IF-MIB::ifName.13 = STRING: mvneta1.2
    IF-MIB::ifName.14 = STRING: mvneta1.4
    IF-MIB::ifName.15 = STRING: mvneta1.7
    IF-MIB::ifName.16 = STRING: mvneta1.9
    IF-MIB::ifName.17 = STRING: mvneta1.257
    

    I would very much like to have 64-bit counters, since all our other equipment does, and so our dashboards have been configured to use 64-bit counters. Besides, you only need 140Mbps of traffic for a 32-bit counter to wrap around within 5 minutes.

    Notice that I'm forcing SNMP v2c, so it's not v1 versus v2c:

    # snmpbulkwalk -v1 192.168.7.2 ifHCInOctets
    snmpbulkwalk: Cannot send V2 PDU on V1 session (Sub-id not found: (top) -> ifHCInOctets)
    # snmpbulkwalk -v2c 192.168.7.2 ifHCInOctets
    IF-MIB::ifHCInOctets = No Such Instance currently exists at this OID
    

    Is this a limitation of SG-3100 hardware? Or might it be fixed in a newer release? I don't see any SNMP-related information in 2.4.4-p2 or 2.5.0 release notes.

    Many thanks,

    Brian.


  • Rebel Alliance Developer Netgate

    Probably a limitation of the platform. The SG-3100 is running on 32-bit ARM



  • @jimp I don't think that's the reason because i have an SG-3100 and the WAN interface supports 64 bit counters but the LAN interface does not. I just noticed the same thing in the software i use to monitor network bandwidth (Peakhour 4).



  • @rcork Interesting. Are your WAN/LAN interfaces mvneta0/1/2, and are you using tagging anywhere?

    Currently I'm using tagged VLANs on mvneta1 for WAN/LAN/OPT ("firewall on a stick"). So maybe it's to do with counters on tagged interfaces?


  • Rebel Alliance Developer Netgate

    If it works on WAN and not LAN then it may be a difference in the OS handling of the drivers. The WAN and DMZ interfaces are tied to hardware ports and the LAN is internal going to the switch.

    There wouldn't be anything in the release notes about SNMP since it's an add-on package.

    pfSense 2.4.4 uses FreeBSD 11.2 and the SG-3100 is using the armv6 platform. On pfSense 2.5 development snapshots, it's running FreeBSD 12 and armv7. Looks better there:

    : snmpwalk -v2c -c pfSense 127.0.0.1 ifXTable | egrep '(ifName|HC).*\.2'
    IF-MIB::ifName.2 = STRING: mvneta1
    IF-MIB::ifHCInOctets.2 = Counter64: 13376
    IF-MIB::ifHCInUcastPkts.2 = Counter64: 91
    IF-MIB::ifHCInMulticastPkts.2 = Counter64: 0
    IF-MIB::ifHCInBroadcastPkts.2 = Counter64: 0
    IF-MIB::ifHCOutOctets.2 = Counter64: 22110
    IF-MIB::ifHCOutUcastPkts.2 = Counter64: 161
    IF-MIB::ifHCOutMulticastPkts.2 = Counter64: 320
    IF-MIB::ifHCOutBroadcastPkts.2 = Counter64: 0
    

    In yours you are looking at the switch port and not the mvneta1 interface which may explain the difference.

    I don't see the switch ports at all in my output.



  • @jimp said in SNMP ifHCInOctets/ifHCOutOctets are missing on SG-3100:

    There wouldn't be anything in the release notes about SNMP since it's an add-on package.

    No, I have not installed a net-snmp add-on package. I just went to Services > SNMP to turn on SNMP.

    The only packages I have installed are: acme, arping, iperf, Quagga_OSPF, softflowd

    So as far as I can see, SNMP is core pfSense functionality. The process running is /usr/sbin/bsnmpd


  • Rebel Alliance Developer Netgate

    OK, for some reason I assumed it was the NET-SNMP package. The built-in snmpd is from FreeBSD, so we still wouldn't necessarily have called out any specific changes to it like that.

    Try the NET-SNMP package and see if it gives you better output.



  • @jimp on my SG-3100, mvneta2 is the WAN, which has 64 bit counters. mvneta1 is the LAN which does not show 64 bit counters, and mvneta0 is OPT, which has 64 bit counters.

    WAN

    snmpwalk -v2c -c public 192.168.10.1 ifXTable | grep '\.8 = '
    IF-MIB::ifName.8 = STRING: mvneta2
    IF-MIB::ifInMulticastPkts.8 = Counter32: 12326502
    IF-MIB::ifInBroadcastPkts.8 = Counter32: 0
    IF-MIB::ifOutMulticastPkts.8 = Counter32: 5
    IF-MIB::ifOutBroadcastPkts.8 = Counter32: 0
    IF-MIB::ifHCInOctets.8 = Counter64: 994265568957
    IF-MIB::ifHCInUcastPkts.8 = Counter64: 922188553
    IF-MIB::ifHCInMulticastPkts.8 = Counter64: 12326502
    IF-MIB::ifHCInBroadcastPkts.8 = Counter64: 0
    IF-MIB::ifHCOutOctets.8 = Counter64: 473762049701
    IF-MIB::ifHCOutUcastPkts.8 = Counter64: 562053412
    IF-MIB::ifHCOutMulticastPkts.8 = Counter64: 5
    IF-MIB::ifHCOutBroadcastPkts.8 = Counter64: 0
    IF-MIB::ifLinkUpDownTrapEnable.8 = INTEGER: enabled(1)
    IF-MIB::ifHighSpeed.8 = Gauge32: 1000
    IF-MIB::ifPromiscuousMode.8 = INTEGER: false(2)
    IF-MIB::ifConnectorPresent.8 = INTEGER: true(1)
    IF-MIB::ifAlias.8 = STRING: 
    IF-MIB::ifCounterDiscontinuityTime.8 = Timeticks: (0) 0:00:00.00
    

    LAN

    snmpwalk -v2c -c public 192.168.10.1 ifXTable | grep '\.2 = '
    IF-MIB::ifName.2 = STRING: mvneta1
    IF-MIB::ifInMulticastPkts.2 = Counter32: 27641867
    IF-MIB::ifInBroadcastPkts.2 = Counter32: 0
    IF-MIB::ifOutMulticastPkts.2 = Counter32: 1506618
    IF-MIB::ifOutBroadcastPkts.2 = Counter32: 0
    IF-MIB::ifLinkUpDownTrapEnable.2 = INTEGER: enabled(1)
    IF-MIB::ifHighSpeed.2 = Gauge32: 10
    IF-MIB::ifPromiscuousMode.2 = INTEGER: false(2)
    IF-MIB::ifConnectorPresent.2 = INTEGER: true(1)
    IF-MIB::ifAlias.2 = STRING: 
    IF-MIB::ifCounterDiscontinuityTime.2 = Timeticks: (0) 0:00:00.00
    
    

    OPT

    IF-MIB::ifName.1 = STRING: mvneta0
    IF-MIB::ifInMulticastPkts.1 = Counter32: 12
    IF-MIB::ifInBroadcastPkts.1 = Counter32: 0
    IF-MIB::ifOutMulticastPkts.1 = Counter32: 2
    IF-MIB::ifOutBroadcastPkts.1 = Counter32: 0
    IF-MIB::ifHCInOctets.1 = Counter64: 21916545
    IF-MIB::ifHCInUcastPkts.1 = Counter64: 240126
    IF-MIB::ifHCInMulticastPkts.1 = Counter64: 12
    IF-MIB::ifHCInBroadcastPkts.1 = Counter64: 0
    IF-MIB::ifHCOutOctets.1 = Counter64: 13991635
    IF-MIB::ifHCOutUcastPkts.1 = Counter64: 160844
    IF-MIB::ifHCOutMulticastPkts.1 = Counter64: 2
    IF-MIB::ifHCOutBroadcastPkts.1 = Counter64: 0
    IF-MIB::ifLinkUpDownTrapEnable.1 = INTEGER: enabled(1)
    IF-MIB::ifHighSpeed.1 = Gauge32: 100
    IF-MIB::ifPromiscuousMode.1 = INTEGER: false(2)
    IF-MIB::ifConnectorPresent.1 = INTEGER: true(1)
    IF-MIB::ifAlias.1 = STRING: 
    IF-MIB::ifCounterDiscontinuityTime.1 = Timeticks: (0) 0:00:00.00
    
    

    So both WAN and OPT are showing 64 bit counters but LAN is only exposing 32 bit.


  • Rebel Alliance Developer Netgate

    Try NET-SNMP, in my setup it does have 64 bit counters for mvneta1.



  • @jimp That worked! I had to make sure to disable the standard built in SNMP service and then enable NET-SNMP and it worked.


Log in to reply