Simple Network Management Protocol (SNMP) is a protocol widely used since 1988 to monitor and manage network devices such as routers, switches, firewalls, etc. It is still very widely used after 30 years of its introduction, as it makes migrating to other standards practically difficult due to its wide adoption and usage today. Moreover, perhaps some of the reasons why this protocol has been so popular might be that the protocol is very reliable and does not require any licensing to use.

When it comes to monitoring the performance of network activities, being able to ingest data from SNMP interface is therefore very important. If you can collect various network metrics from SNMP, SREs, as well as networking teams, would be able to monitor the majority of your network infrastructure, understand how it is running, and discover more insights by also correlating it to other infrastructure or application metrics, giving you complete observability of all your stacks.

By combining various network devices’ integration using SNMP to Wavefront, you will now be able to keep your eyes on all your networks with enterprise-grade metrics monitoring system, which will collect your data on a per second resolution up to 18 months without any downsampling. But there is more to it. In addition to monitoring much of your network activities, you can now overlay those with other system and application metrics to easily triage incidents. Also, once Wavefront collects all your data, you can use Wavefront Query Language to create state of the art visualization as well as highly accurate alerts to greatly enhance your real-time performance monitoring and achieve faster time to resolution.

Things to Understand About SNMP

Everything is easier once you know a few key concepts. SNMP is no different. Data is stored as either a set or tabular format, and identified by OID (object ID). Objects in SNMP is organized into a hierarchical structure known as MIB (Management Information Base, not Men In Black 🙂 ). OID looks something like this

.1.3.6.1.2.1.4.20

And this sequence or name of ID’s will point to the ipAddrTable, which is the IP table a particular device may have. Obviously, there are standard object IDs coming from a generic MIB, but most vendors will supply their hardware specific MIB, which might require additional effort to locate the particular OID you need.

There is also another easier ‘human readable’ version of OID ID, which may look like this:

SNMPv2-MIB::sysContact.0

Whether you use the numerical format or the String format, both will work just fine, as long as they can be queried on the device.

Telegraf SNMP Plugin

It’s surprising (sometimes) that many people actually do not know that telegraf has a fairly decent SNMP plugin that it can connect and collect metrics via SNMP. You can read how to set it up in the telegraf documentation, and Wavefront also has it covered in its documentation page as well. The idea is to use telegraf as a collecting agent to collect metrics from the SNMP device, and transmit that over to Wavefront using Wavefront output plugin.

Before you do anything with the plugin, however, you need to know your OID’s. Getting the right OID may involve a little bit of investigation. If you already know all your OID’s, that would be sweet. However, in case you need to do some digging in, I would recommend playing around with SNMP commands, or better, use MIB navigator tools (some of them are freely available) to connect to the device (an IP number and port 161 should make it work – and the value of the read community).

The next step would be to use these values to configure and re-start your telegraf agent. Make sure you see the metric that you are collecting in your metrics space so that they can be queried and visualized.


[[inputs.snmp]]
    agents = [ "wxx-xxxx-c02-haas-nexus93120tx-1:161" ]
    version = 2
    community = "VMware-xxxxx"
[[inputs.snmp.field]]
    name = "tcpRtoMin"
    oid = "RFC1213-MIB::tcpRtoMin.0"
[[inputs.snmp.field]]
    name = "tcpRtoMax"
    oid = "RFC1213-MIB::tcpRtoMax.0"
[[inputs.snmp.field]]
   name = "tcpMaxConn"
   oid = "RFC1213-MIB::tcpMaxConn.0"
[[inputs.snmp.field]]
    name = "tcpActiveOpens"
    oid = "RFC1213-MIB::tcpActiveOpens.0"
[[inputs.snmp.field]]
    name = "tcpPassiveOpens"
    oid = "RFC1213-MIB::tcpPassiveOpens.0"
[[inputs.snmp.field]]
    name = "tcpAttemptFails"
    oid = "RFC1213-MIB::tcpAttemptFails.0"
[[inputs.snmp.field]]
    name = "tcpEstabResets"
    oid = "RFC1213-MIB::tcpEstabResets.0"
[[inputs.snmp.field]]
    name = "tcpCurrEstab"
    oid = "RFC1213-MIB::tcpCurrEstab.0"
[[inputs.snmp.field]]
    name = "tcpInSegs"
    oid = "RFC1213-MIB::tcpInSegs.0"
[[inputs.snmp.field]]
    name = "tcpOutSegs"
    oid = "RFC1213-MIB::tcpOutSegs.0"
[[inputs.snmp.field]]
    name = "tcpRetransSegs"
    oid = "RFC1213-MIB::tcpRetransSegs.0"

Monitor Networking Metrics Using SNMP and Wavefront

Well, once you have your devices being monitored, the rest will be up to Wavefront to visualize or alert it. Chances are, you may not have the out of the box dashboard to be able to use right away. However, with a few clicks of a button, you can quickly set up either a chart or more permanent dashboard that can start listening to your newly created metrics.

By browsing in your Wavefront’s metrics browser, all the SNMP metrics that you defined will now be available under the SNMP prefix.

Now, you will be able to track each of the metrics value in your charts, by issuing ts() queries.

Monitor and Correlate Network Metrics with System and Application Metrics

As you can see in this short post, network devices like routers, switches, and even firewalls can now be monitored using Wavefront. This can be useful in order to triage various network related issues, as well as monitor what and how your devices are behaving, whether they are running the hottest or the coldest. Additionally, you can overlay network metrics with system and application metrics to enhance the dimension of your issue triaging. With Wavefront, you can be assured that all your data is collected and retained on a per second resolution for up to 18 months providing you a true enterprise-grade monitoring solution. Furthermore, Wavefront Query Language enables you to run analytics on those network, system and application metrics so you can easily correlate all these metrics and draw conclusions on which area was actually behind some of the bottlenecks.

With all of these richer information being available, the less mystical will be your next network issues, as now you only have a single place to quickly see all of your activities. Learn more about SNMP integration here or checkout our free trial.

Get Started with Wavefront Follow @YooHoward Follow @WavefrontHQ

The post Visualize Your Application and Networking Metrics Together with Wavefront’s SNMP Integration appeared first on Wavefront by VMware.