cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2786
Views
10
Helpful
4
Replies

Throttle SNMP traps

Michael Murray
Level 2
Level 2

What is the best way to throttle snmp traps? I have an HP NNM (Network Node Manger) server that is currently receiving traps from a number of network devices. Sometimes traps get sent from these devices at a higher rate than the NNM server can handle. When this happens the NNM server is basically so overwhelmed it gets hung.

I have a Cisco 1811 ISR that is acting as my remote tunnel device. The monitored devices (switches, firewalls, routers, etc.) are on the local LAN behind the ISR and all monitoring traffic is sent to the NNM server through the IPSec tunnel.

Is there a way to either batch process snmp traps or throttle/cap the rate that the messages get sent? I would prefer to do this somehow on the ISR as it will keep the number of configurations I have to do way down.

Thanks,

-mike

4 Replies 4

yjdabear
VIP Alumni
VIP Alumni

Luckily you have NNM. As long as you're running NNM 6.4 or later (up to 7.53 that I can testify for), you can configure throttling there. Instead of rehashing it, I point to the post by Prashant over at HP ITRC:

http://forums13.itrc.hp.com/service/forums/questionanswer.do?admit=109447627+1289854149785+28353475&threadId=1011198

Note that I don't personally adopt Step 3 in Prashant's post, of blocking individual offending IP addrs specifically in ovtrapd.conf. Without that step, I simply configure ovtrapd.lrf to give whichever IP addr that crosses the "-B -r ##" threshold a temporary "time out". Once that offender's trap rate drops below the configured threshold, NNM unblocks it, until the next violation.

This is not a perfect "throttle", because all traps (interesting ones and noises) from the offending IP are tuned out during the blockade.

yidabear,

Thanks for your response. I'm still hoping to find a solution from the networking perspective but I'll take a look at the NNM.

-mike

Still looking around. I keep coming across this command:

snmp-server trap rate-limit

but it's not on available on my router:

router(config)#snmp-server trap ?

  authentication  fine-tune enable/disable of authentication traps

  link            Assign SNMP traps based on ietf rfc2233 standard

I have an 1811 running version 12.4(24)T2 adv IP services. Does anyone know if this command is available for an 1800 ISR? I'm also looking into using FPM to filter the traps.

"snmp-server trap rate-limit" appears to be a valid config on the Motorola BSR CMTS.

There's something similar for the Cisco GSS only: "snmp-server trap-limit [answer-trap|dns-clause-trap|keepalive-trap] value", but it's not applicable to any other platform.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco