What is the best way to throttle snmp traps? I have an HP NNM (Network Node Manger) server that is currently receiving traps from a number of network devices. Sometimes traps get sent from these devices at a higher rate than the NNM server can handle. When this happens the NNM server is basically so overwhelmed it gets hung.
I have a Cisco 1811 ISR that is acting as my remote tunnel device. The monitored devices (switches, firewalls, routers, etc.) are on the local LAN behind the ISR and all monitoring traffic is sent to the NNM server through the IPSec tunnel.
Is there a way to either batch process snmp traps or throttle/cap the rate that the messages get sent? I would prefer to do this somehow on the ISR as it will keep the number of configurations I have to do way down.
Luckily you have NNM. As long as you're running NNM 6.4 or later (up to 7.53 that I can testify for), you can configure throttling there. Instead of rehashing it, I point to the post by Prashant over at HP ITRC:
Note that I don't personally adopt Step 3 in Prashant's post, of blocking individual offending IP addrs specifically in ovtrapd.conf. Without that step, I simply configure ovtrapd.lrf to give whichever IP addr that crosses the "-B -r ##" threshold a temporary "time out". Once that offender's trap rate drops below the configured threshold, NNM unblocks it, until the next violation.
This is not a perfect "throttle", because all traps (interesting ones and noises) from the offending IP are tuned out during the blockade.
Thanks for your response. I'm still hoping to find a solution from the networking perspective but I'll take a look at the NNM.
Still looking around. I keep coming across this command:
snmp-server trap rate-limit
but it's not on available on my router:
router(config)#snmp-server trap ?
authentication fine-tune enable/disable of authentication traps
link Assign SNMP traps based on ietf rfc2233 standard
I have an 1811 running version 12.4(24)T2 adv IP services. Does anyone know if this command is available for an 1800 ISR? I'm also looking into using FPM to filter the traps.
"snmp-server trap rate-limit" appears to be a valid config on the Motorola BSR CMTS.
There's something similar for the Cisco GSS only: "snmp-server trap-limit [answer-trap|dns-clause-trap|keepalive-trap] value", but it's not applicable to any other platform.