Hi community, I just wanted to share my findings about accesing to ACL counters by SNMP on ASR9000/XR.
Searching on Internet I found the section ACL Counters Using SNMP in the IP Addresses and Services Configuration Guide but I didn't found any information related to how to access those counters so I did:
RP/0/RSP0/CPU0:router#sh snmp mib object-name
...on my router ASR9904 with IOS XR 5.3.4 to look for something interesting... and voila, the two last ones were:
1.3.6.1.4.1.9.9.808.1.2.1.1.2 caAclLabelIntfStatsEntry.2
1.3.6.1.4.1.9.9.808.1.2.1.1.3 caAclLabelIntfStatsEntry.3
...which are part of the CISCO-ACL-MIB (OID 1.3.6.1.4.1.9.9.808).
Next I configured a counter "test" on my ACL (see documentation) and did a snmpwalk. I got:
[root@server ~]# snmpwalk -v2c -c community hostname .1.3.6.1.4.1.9.9.808
SNMPv2-SMI::enterprises.9.9.808.1.2.1.1.2.14.1.2.4.116.101.115.116 = Counter64: 20617
SNMPv2-SMI::enterprises.9.9.808.1.2.1.1.3.14.1.2.4.116.101.115.116 = Counter64: 1803947
On CISCO-ACL-MIB.my I found: caAclLabelIntfStatsEntry.2 = caAclIntfStatsPackets ("The total number of packets that match this counter label.") caAclLabelIntfStatsEntry.3 = caAclIntfStatsOctets ("The total number of octets that match this counter label.") There is also: caAclLabelIntfStatsEntry.1 = caAclIntfStatsCounterLabelName ("The counter label index associated with this set of statistics.") ...but it seems IOS XR doesn't support it, at least on v5.3.4. So, I had 20617 packets and 1803947 bytes matching my counter. Then, after several tests and many counters configured I figured out what the last numbers on the OID chain meant. In the example: caAclIntfStatsOctets.14.1.2.4.116.101.115.116
.14
interface index that you get when do snmpwalk with oid .1.3.6.1.2.1.2.2.1.1.
.1
I don't know, it's was the same number for all the tests.
.2
ACL direction (1 for in and 2 for out).
.4
Length of the name of the counter ("test" in my example).
.116.101.115.116
.'t'.'e'.'s'.'t' in ascii code
Once I knew this information I did a template for Cacti to graph the bytes matched for each counter. In this manner, having entries of this type:
permit ipv4 any x.x.x.0 0.0.0.255 counter network_A
...you can have graphs of bandwith usage per link for network_A, or maybe:
permit tcp any any eq www counter HTTP
... for bandwith usage by protocol (HTTP). Of course, notice that one packet can only match one entry, so it's not a good idea to use both examples of above in the same ACL. Of course, you could also do all this using netflow but you'll need a software to process the data.
I hope you have found interesting this article.
... View more
