SNMP ifHCInOctets/ifHCOutOctets are missing on SG-3100

candlerb

One of our firewalls is an SG-3100 running 2.4.4-RELEASE-p1

It seems that the 64-bit counters ifHCInOctets and ifHCOutOctets are missing - except I briefly saw them from one interface, although they were zero.

# snmpwalk -v2c 192.168.7.2 ifXTable | grep ifHC
IF-MIB::ifHCInOctets.3 = Counter64: 0
IF-MIB::ifHCInUcastPkts.3 = Counter64: 0
IF-MIB::ifHCInMulticastPkts.3 = Counter64: 0
IF-MIB::ifHCInBroadcastPkts.3 = Counter64: 0
IF-MIB::ifHCOutOctets.3 = Counter64: 0
IF-MIB::ifHCOutUcastPkts.3 = Counter64: 0
IF-MIB::ifHCOutMulticastPkts.3 = Counter64: 0
IF-MIB::ifHCOutBroadcastPkts.3 = Counter64: 0

And oddly, they vanished when I tried it again:

# snmpwalk -v2c 192.168.7.2 ifXTable | grep '\.3 = '
IF-MIB::ifName.3 = STRING: e6000sw0port1
IF-MIB::ifInMulticastPkts.3 = Counter32: 0
IF-MIB::ifInBroadcastPkts.3 = Counter32: 0
IF-MIB::ifOutMulticastPkts.3 = Counter32: 0
IF-MIB::ifOutBroadcastPkts.3 = Counter32: 0
IF-MIB::ifLinkUpDownTrapEnable.3 = INTEGER: enabled(1)
IF-MIB::ifHighSpeed.3 = Gauge32: 0
IF-MIB::ifPromiscuousMode.3 = INTEGER: false(2)
IF-MIB::ifConnectorPresent.3 = INTEGER: true(1)
IF-MIB::ifAlias.3 = STRING:
IF-MIB::ifCounterDiscontinuityTime.3 = Timeticks: (0) 0:00:00.00

Here are all the configured interfaces:

# snmpwalk -v2c 192.168.7.2 ifXTable | grep ifName
IF-MIB::ifName.1 = STRING: mvneta0
IF-MIB::ifName.2 = STRING: mvneta1
IF-MIB::ifName.3 = STRING: e6000sw0port1
IF-MIB::ifName.4 = STRING: e6000sw0port2
IF-MIB::ifName.5 = STRING: e6000sw0port3
IF-MIB::ifName.6 = STRING: e6000sw0port4
IF-MIB::ifName.7 = STRING: e6000sw0port5
IF-MIB::ifName.8 = STRING: mvneta2
IF-MIB::ifName.9 = STRING: enc0
IF-MIB::ifName.10 = STRING: lo0
IF-MIB::ifName.11 = STRING: pflog0
IF-MIB::ifName.12 = STRING: pfsync0
IF-MIB::ifName.13 = STRING: mvneta1.2
IF-MIB::ifName.14 = STRING: mvneta1.4
IF-MIB::ifName.15 = STRING: mvneta1.7
IF-MIB::ifName.16 = STRING: mvneta1.9
IF-MIB::ifName.17 = STRING: mvneta1.257

I would very much like to have 64-bit counters, since all our other equipment does, and so our dashboards have been configured to use 64-bit counters. Besides, you only need 140Mbps of traffic for a 32-bit counter to wrap around within 5 minutes.

Notice that I'm forcing SNMP v2c, so it's not v1 versus v2c:

# snmpbulkwalk -v1 192.168.7.2 ifHCInOctets
snmpbulkwalk: Cannot send V2 PDU on V1 session (Sub-id not found: (top) -> ifHCInOctets)
# snmpbulkwalk -v2c 192.168.7.2 ifHCInOctets
IF-MIB::ifHCInOctets = No Such Instance currently exists at this OID

Is this a limitation of SG-3100 hardware? Or might it be fixed in a newer release? I don't see any SNMP-related information in 2.4.4-p2 or 2.5.0 release notes.

Many thanks,

Brian.

jimp

Probably a limitation of the platform. The SG-3100 is running on 32-bit ARM

rcork

@jimp I don't think that's the reason because i have an SG-3100 and the WAN interface supports 64 bit counters but the LAN interface does not. I just noticed the same thing in the software i use to monitor network bandwidth (Peakhour 4).

candlerb

@rcork Interesting. Are your WAN/LAN interfaces mvneta0/1/2, and are you using tagging anywhere?

Currently I'm using tagged VLANs on mvneta1 for WAN/LAN/OPT ("firewall on a stick"). So maybe it's to do with counters on tagged interfaces?

jimp

If it works on WAN and not LAN then it may be a difference in the OS handling of the drivers. The WAN and DMZ interfaces are tied to hardware ports and the LAN is internal going to the switch.

There wouldn't be anything in the release notes about SNMP since it's an add-on package.

pfSense 2.4.4 uses FreeBSD 11.2 and the SG-3100 is using the armv6 platform. On pfSense 2.5 development snapshots, it's running FreeBSD 12 and armv7. Looks better there:

: snmpwalk -v2c -c pfSense 127.0.0.1 ifXTable | egrep '(ifName|HC).*\.2'
IF-MIB::ifName.2 = STRING: mvneta1
IF-MIB::ifHCInOctets.2 = Counter64: 13376
IF-MIB::ifHCInUcastPkts.2 = Counter64: 91
IF-MIB::ifHCInMulticastPkts.2 = Counter64: 0
IF-MIB::ifHCInBroadcastPkts.2 = Counter64: 0
IF-MIB::ifHCOutOctets.2 = Counter64: 22110
IF-MIB::ifHCOutUcastPkts.2 = Counter64: 161
IF-MIB::ifHCOutMulticastPkts.2 = Counter64: 320
IF-MIB::ifHCOutBroadcastPkts.2 = Counter64: 0

In yours you are looking at the switch port and not the mvneta1 interface which may explain the difference.

I don't see the switch ports at all in my output.

candlerb

@jimp said in SNMP ifHCInOctets/ifHCOutOctets are missing on SG-3100:

There wouldn't be anything in the release notes about SNMP since it's an add-on package.

No, I have not installed a net-snmp add-on package. I just went to Services > SNMP to turn on SNMP.

The only packages I have installed are: acme, arping, iperf, Quagga_OSPF, softflowd

So as far as I can see, SNMP is core pfSense functionality. The process running is /usr/sbin/bsnmpd

jimp

OK, for some reason I assumed it was the NET-SNMP package. The built-in snmpd is from FreeBSD, so we still wouldn't necessarily have called out any specific changes to it like that.

Try the NET-SNMP package and see if it gives you better output.

rcork

@jimp on my SG-3100, mvneta2 is the WAN, which has 64 bit counters. mvneta1 is the LAN which does not show 64 bit counters, and mvneta0 is OPT, which has 64 bit counters.

WAN

snmpwalk -v2c -c public 192.168.10.1 ifXTable | grep '\.8 = '
IF-MIB::ifName.8 = STRING: mvneta2
IF-MIB::ifInMulticastPkts.8 = Counter32: 12326502
IF-MIB::ifInBroadcastPkts.8 = Counter32: 0
IF-MIB::ifOutMulticastPkts.8 = Counter32: 5
IF-MIB::ifOutBroadcastPkts.8 = Counter32: 0
IF-MIB::ifHCInOctets.8 = Counter64: 994265568957
IF-MIB::ifHCInUcastPkts.8 = Counter64: 922188553
IF-MIB::ifHCInMulticastPkts.8 = Counter64: 12326502
IF-MIB::ifHCInBroadcastPkts.8 = Counter64: 0
IF-MIB::ifHCOutOctets.8 = Counter64: 473762049701
IF-MIB::ifHCOutUcastPkts.8 = Counter64: 562053412
IF-MIB::ifHCOutMulticastPkts.8 = Counter64: 5
IF-MIB::ifHCOutBroadcastPkts.8 = Counter64: 0
IF-MIB::ifLinkUpDownTrapEnable.8 = INTEGER: enabled(1)
IF-MIB::ifHighSpeed.8 = Gauge32: 1000
IF-MIB::ifPromiscuousMode.8 = INTEGER: false(2)
IF-MIB::ifConnectorPresent.8 = INTEGER: true(1)
IF-MIB::ifAlias.8 = STRING: 
IF-MIB::ifCounterDiscontinuityTime.8 = Timeticks: (0) 0:00:00.00

LAN

snmpwalk -v2c -c public 192.168.10.1 ifXTable | grep '\.2 = '
IF-MIB::ifName.2 = STRING: mvneta1
IF-MIB::ifInMulticastPkts.2 = Counter32: 27641867
IF-MIB::ifInBroadcastPkts.2 = Counter32: 0
IF-MIB::ifOutMulticastPkts.2 = Counter32: 1506618
IF-MIB::ifOutBroadcastPkts.2 = Counter32: 0
IF-MIB::ifLinkUpDownTrapEnable.2 = INTEGER: enabled(1)
IF-MIB::ifHighSpeed.2 = Gauge32: 10
IF-MIB::ifPromiscuousMode.2 = INTEGER: false(2)
IF-MIB::ifConnectorPresent.2 = INTEGER: true(1)
IF-MIB::ifAlias.2 = STRING: 
IF-MIB::ifCounterDiscontinuityTime.2 = Timeticks: (0) 0:00:00.00

OPT

IF-MIB::ifName.1 = STRING: mvneta0
IF-MIB::ifInMulticastPkts.1 = Counter32: 12
IF-MIB::ifInBroadcastPkts.1 = Counter32: 0
IF-MIB::ifOutMulticastPkts.1 = Counter32: 2
IF-MIB::ifOutBroadcastPkts.1 = Counter32: 0
IF-MIB::ifHCInOctets.1 = Counter64: 21916545
IF-MIB::ifHCInUcastPkts.1 = Counter64: 240126
IF-MIB::ifHCInMulticastPkts.1 = Counter64: 12
IF-MIB::ifHCInBroadcastPkts.1 = Counter64: 0
IF-MIB::ifHCOutOctets.1 = Counter64: 13991635
IF-MIB::ifHCOutUcastPkts.1 = Counter64: 160844
IF-MIB::ifHCOutMulticastPkts.1 = Counter64: 2
IF-MIB::ifHCOutBroadcastPkts.1 = Counter64: 0
IF-MIB::ifLinkUpDownTrapEnable.1 = INTEGER: enabled(1)
IF-MIB::ifHighSpeed.1 = Gauge32: 100
IF-MIB::ifPromiscuousMode.1 = INTEGER: false(2)
IF-MIB::ifConnectorPresent.1 = INTEGER: true(1)
IF-MIB::ifAlias.1 = STRING: 
IF-MIB::ifCounterDiscontinuityTime.1 = Timeticks: (0) 0:00:00.00

So both WAN and OPT are showing 64 bit counters but LAN is only exposing 32 bit.

jimp

Try NET-SNMP, in my setup it does have 64 bit counters for mvneta1.

rcork

@jimp That worked! I had to make sure to disable the standard built in SNMP service and then enable NET-SNMP and it worked.