2006 Nov 17 - Fri
Cricket/Acktomic Installation & Configuration on Debian Etch 2
Introduction
This set of instructions guides you through configuring Cricket for monitoring QoS and SLA statistics on Cisco devices. Modified
versions of Acktomic's template file builders are used for accessing QoS and SLA settings. Cisco has changed some of the RTT MIB
settings. These settings have been tested on IOS 12.4.
Cricket Installation
Install the Cricket package:
apt-get install cricket
Modify permissions so the config file can
be accessed by customized Apache processes:
cd /etc/cricket
chmod 754 config
chown -R cricket.www-data /etc/cricket
In '/etc/cricket/config/Defaults', around line 12, put in the default community string in place of 'public'.
Acktomic Installation
Download and expand the utility archive:
wget http://www.acktomic.com/cricket/genDevConfig_2_0_0beta12d.tar.gz
tar -zxvf genDevConfig_2_0_0beta12d.tar.gz
cd genDevConfig
Remove the CVS directories, and copy the remaining files
and directories to assigned locations:
rm -rf plugins/CVS
rm -rf plugins/genConfig/CVS
cp -r plugins /usr/share/cricket/
rm -rf lib/CVS
rm -rf lib/genConfig/CVS
cp -r lib/genConfig /usr/share/cricket/lib
cp lib/monitorConfig /usr/share/cricket/lib
cp util/genDevConfig /usr/share/cricket/util/
Make the main module executable:
chmod 755 /usr/share/cricket/util/genDevConfig
Acktomic Code Fixups
To be compatible with the new Policy-Map configurations, the file '/usr/share/cricket/plugins/genConfig/CiscoIOS.pm' needs to be
modified.
Around line 54, replace the following lines:
my (%rttAgentType) = ( '2' => 'saa-rtt',
'3' => 'saa-udpecho',
'25' => 'saa-http',
'27' => 'saa-jitter',
'30' => 'saa-ftp'
);
With the following lines:
my (%rttAgentType) = ( '1' => 'notApplicable',
'2' => 'ipIcmpEcho',
'3' => 'ipUdpEchoAppl',
'4' => 'snaRUEcho',
'5' => 'snaLU0EchoAppl',
'6' => 'snaLU2EchoAppl',
'7' => 'snaLU62Echo',
'8' => 'snaLU62EchoAppl',
'9' => 'appleTalkEcho',
'10' => 'appleTalkEchoAppl',
'11' => 'decNetEcho',
'12' => 'decNetEchoAppl',
'13' => 'ipxEcho',
'14' => 'ipxEchoAppl',
'15' => 'isoClnsEcho',
'16' => 'isoClnsEchoAppl',
'17' => 'vinesEcho',
'18' => 'vinesEchoAppl',
'19' => 'xnsEcho',
'20' => 'xnsEchoAppl',
'21' => 'apolloEcho',
'22' => 'apolloEchoAppl',
'23' => 'netbiosEchoAppl',
'24' => 'ipTcpConn',
'25' => 'httpAppl',
'26' => 'dnsAppl',
'27' => 'jitterAppl',
'28' => 'dlswAppl',
'29' => 'dhcpAppl',
'30' => 'ftpAppl',
'31' => 'mplsLspPingAppl',
'32' => 'voipAppl',
'33' => 'rtpAppl',
'34' => 'icmpJitterAppl'
);
Around line 119, replace the following line:
'30' => 'ftpAppl');
With the following lines:
'30' => 'ftpAppl',
'31' => 'mplsLspPingAppl',
'32' => 'voipAppl',
'33' => 'rtpAppl',
'34' => 'icmpJitterAppl'
);
Around line 341, replace the following lines:
} elsif ($opts->{model} =~ /3600/) {
$opts->{chassisttype} = 'Cisco-3600-Router';
$opts->{chassisname} = 'Chassis';
} elsif ($opts->{model} =~ /2600/) {
$opts->{chassisttype} = 'Cisco-2600-Router';
$opts->{chassisname} = 'Chassis';
With the following lines:
} elsif ($opts->{model} =~ /3600/) {
$opts->{chassisttype} = 'Cisco-3600-Router';
$opts->{chassisname} = 'Chassis';
} elsif ($opts->{model} =~ /2800/) {
$opts->{chassisttype} = 'Cisco-2800-Router';
$opts->{chassisname} = 'Chassis';
} elsif ($opts->{model} eq "C1200") {
$opts->{chassisttype} = 'Cisco-1200-AP';
$opts->{chassisname} = 'Chassis';
} elsif ($opts->{model} =~ /2600/) {
$opts->{chassisttype} = 'Cisco-2600-Router';
$opts->{chassisname} = 'Chassis';
Around line 605, replace the following line:
$ifdescr = $ifdescr{$ifindex} . "." . $ifindex;
With the following lines:
#print "ifindex=$ifindex, policydirection=$policydirection, pol_id_cell=$pol_id_cell\n";
$ifdescr = ( 0 != $ifindex ) ? $ifdescr{$ifindex} . "." . $ifindex : "";
# $ifdescr = $ifdescr{$ifindex} . "." . $ifindex;
#print "ifdesc=$ifdescr\n";
Around line 725, replace the following lines:
$ldesc = 'SAA(RTR) Performance agent for round-trip time using ' . $protocol .
' for destination <B>'. $address . " - " . $rttMonCtrlAdminTag{$key} .
'</B><BR>Operational values: 1(Ok) 2(Disconnct) 4(Timeout) 5(Busy)" .
' 6(NoConnection) 7(LackIntRes) 8(BadSeqID) 9(BadData) 16(Error)' ;
$sdesc = 'SAA(RTR) Performance agent for round-trip time using ' . $protocol .
' for destination ip: ' . $address . ' tag: ' . $rttMonCtrlAdminTag{$key};
With the following lines:
$ldesc = 'Cisco SLA (RTR) using ' . $protocol .
' for destination <B>'. $address . " - " . $rttMonCtrlAdminTag{$key} . '</B>' ;
$sdesc = 'Cisco SLA (RTR) using ' . $protocol .
' for destination ip: ' . $address . ' tag: ' . $rttMonCtrlAdminTag{$key};
In the file '/usr/share/cricket/lib/genConfig/Utils.pm', near the end of the file, replace the following lines:
sub translateRttTargetAddr {
my ($type, $value) = @_;
return ("unknown") if (($type ne "saa-rtt") &&
($type ne "saa-udpecho") &&
($type ne "saa-jitter"));
$value = inet_ntoa($value);
Debug("TranslateRttTarget: $value");
return ( $value );
}
With the following lines:
sub translateRttTargetAddr {
my ($type, $value) = @_;
my $bCheck = 0;
$bCheck ||= ( $type eq "ipIcmpEcho" );
$bCheck ||= ( $type eq "ipUdpEchoAppl" );
$bCheck ||= ( $type eq "jitterAppl" );
return ("unknown") if ( !$bCheck );
$value = inet_ntoa($value);
Debug("TranslateRttTarget: $value");
return ( $value );
}
In file /usr/share/cricket/util/genDevConfig, after about line 397, add:
'209' => 'Wireless BVI',
Configuration
Create sub-directories for each device type. Standard directories are usually:
mkdir /etc/cricket/config/routers
mkdir /etc/cricket/config/switches
The file '/etc/cricket/subtree-sets' should therefore have the following configuration:
set normal:
/routers
/switches
Copy default configuration files into each of the two sub-directories:
cp /usr/src/genDevConfig/sample-config/genConfig/Defaults /etc/cricket/config/Defaults.genDev
cp /usr/src/genDevConfig/sample-config/genConfig/Defaults.cisco /etc/cricket/config/Defaults.cisco
cp /usr/src/genDevConfig/sample-config/genConfig/Defaults.netsnmp /etc/cricket/config/Defaults.netsnmp
Place the content of Defaults.cisco.oneunified into /etc/cricket/config. If it exists, remove Defaults.cisco. The various graphs and
such that I've added to the file could be tuned a bit for
color and such. If you have some suggestions, pass them onto me and I'll get them updated.
Here is a sample router configuration:
ip sla monitor responder
ip sla monitor logging traps
ip sla monitor 400101
type jitter dest-ipaddr 172.20.5.74 dest-port 16390 source-ipaddr 172.20.5.73 source-port 16390 codec g729a
tos 184
vrf vrfVoice
tag jitter tun 400101 nrbmin0401 nrbmac0201
frequency 150
ip sla monitor 400111
type jitter dest-ipaddr 172.20.5.90 dest-port 16391 source-ipaddr 172.20.5.89 source-port 16391 codec g729a
tos 184
vrf vrfVoice
tag jitter tun 400111 nrbmin0401 nrcabc0101
frequency 150
ip sla monitor group schedule 1 400101,400111 schedule-period 150 frequency 150 start-time now life forever
I've found that for Tunnels and such, you may need to reload the router so that the Tunnels have been 'created' from NVRAM rather
than the command line. Do a 'sho ip int br' and look at the Method column and compare that with the interfaces and QOS settings that
get collected in the next section. As part of your configuration, you may also want to issue the 'snmp-server ifindex persist'
command to make sure snmp interface indexes persist across reboots.
To create a sample router template, follow this example:
cd /etc/cricket/config/routers
/usr/share/cricket/util/genDevConfig -c snmpro --rtragents --loglevel debug -2 --vendorint --vlans router01
To configure switches, follow this template:
cd /etc/cricket/config/switches
/usr/share/cricket/util/genDevConfig -c snmpro --loglevel debug -2 --vendorint switch01
to configure voice gateways, follow this template (the -d 22 prevents the serial port sub-interfaces from being
listed on the voice interface):
cd /etc/cricket/config/vgw
/usr/share/cricket/util/genDevConfig -2 --vendorint -c snmpro --vendorint -d 22 vgw01
For Cisco Access Points, in the AP Defaults file in the device directory, cisco-interface needs to be changed
to cisco-ap-interface.
Once all devices have been configured, run the following to compile the files. The devices will then be automatically scanned once
every five minutes.
cricket-compile
Operation
To view the graphs:
http://localhost/cgi-bin/cricket/grapher.cgi
Troubleshooting
Before troubleshooting, you should:
su - cricket
This ensures that .rrd files are created in /var/lib/cricket with the correct permissions.
To run the collector manuall to see what errors there are (logLevel command is optional):
/usr/share/cricket/collector -logLevel debug /routers
Debug logs are found in /var/log/cricket. grapher.cgi errors can be found in /var/log/apache2/error.log. Master
debugging flag can be set in /etc/cricket/cricket-conf.pl, with the following statement:
$gLogLevel = "debug";
Future
Based upon the following MIB, CISCO-DOT11-ASSOCIATION-MIB, the following statistics can be collected:
snmpwalk -v2c -c snmpro -m ALL device01 ciscoDot11AssocMIBObjects
Modifications to the following files will be required:
/usr/share/cricket/plugins/genConfig/CiscoIOS.pm
/etc/cricket/config/Defaults.cisco
[/OpenSource/Debian/Monitoring/Cricket]
permanent link
Putty Sidekicks
As I visit various client sites on a daily basis, I have to log in to various linux boxes
and Cisco network devices. Entering usernames and passwords over and over again can be a
fact of live that can be automated .... in a safe way.
Many people are aware of using Simon Tatham's Putty as a Telnet/SSH log in tool. There are a couple of
add-ons that make life just a bit easier when using this tool on a regular basis.
At many of the sites I visit, there is a Linux server installed for monitoring the
network. There is a log in for each consultant who visits.
From the Putty Download page, each consultant downloads Putty, Pageant, and
PuttyGen.
- Putty: main tool for telnet/ssh shell logins
- Pageant: a memory resident tool maintaining an active private key
- PuttyGen: a tool for creating a public/private key set for a user
A new user will use PuttyGen to generate a new ssh2 rsa public and private key. Each key
is saved to a file. The private key should be saved to a file and locked with a pass-phrase.
On the Linux server, in each user's directory, a directory '.ssh' is created. It needs
to be chmod'd with 600. A file in that directory needs to be created with the name
'authorized_keys' and chmod'd with 600. The public key needs to be placed in that file on
as one line.
The time saving feature comes with the next steps. When running Windows, put Pageant in
the StartUp folder. After logging into Windows, right click on the icon in the tool tray
and load the private key from the private key file saved in an ealier step.
Now, when logging into a Linux server from a Windows workstation, Putty will
automatically obtain the private key from the running Pageant, pass it to the ssh server and
automatically log in when matched against the user's public key from authorized_keys.
One further time saving step is to run QuickPutty. This program can also be auto-started upon auto-login into
Windows, and will read Putty's saved entries. QuickPutty can be hidden/shown with -Q.
When visible, simply click on an item in QuickPutty's menu. This will start Putty, which
will use Pageant for key retrieval, and automatically log in to a Linux Server.
This collection of utilities greatly simplifies the logistics of logging into a Linux
server multiple times in order to get multiple sessions opened to network devices with
Rancid's 'clogin' command.
On an related note, if you want to copy files to and from ssh compatible hosts, WinSCP is an excellent visual tool for doing
that. As an added bonus, it too, will use the Pageant key repository to aid automated
logins to a server.
[/OpenSource]
permanent link
|
