I'd like to know if anyone out in the community uses CloudGenix as their SDWAN solution, in what ways have you been able to integrate it with Solarwinds tools and alerting? Also, if anyone else has the same interest?
you may want to move this discussion to the Network Performance Monitor forum.
NetPath is a very good vendor agnostic way of understanding the performance of your SD-WAN
NetPath - Easy Visual Network Path Analysis | SolarWinds
I used to work with a company that was looking at cloudgenix.
wish i I could help.
Hi crzyr3d - We just started using CG SD-WAN in the past few months. I'm testing what I can get via SolarWinds on one of our ION3000's. I've enabled SNMP and SNMP Traps on the ION3K (see CG support portal for document called "Configuring SNMP" - can't post it here as you need support login). I have opened a SW support ticket to include the CG MIBs into the latest SW Mibs.cfg download. They've told me that it was included, but there's some question about that as the mibs.cfg file is dated prior to my opening the ticket and sending them the CG mibs (not sure how that's possible). Anyway, still trying to verify that and figure out how to use the CG mibs and if we can get anything useful. It looks like SW is seeing the device as a machine type = net-snmp - Linux
What I have so far is the basic information on the ION3K device itself (CPU, Load Average, latency & packet loss & traffic on interfaces). With the SNMP Traps I'm seeing trap events for when a secure fabric (Internet VPN) connection drops & reconnects (CGX-EVENTS-MIB:cgxVpnLinkUp & CGX-EVENTS-MIB:cgxVpnLinkDown). I have not configured alerts on these yet as I'm not even sure they're abnormal (drop vpn for 5 seconds, etc.).
I hope this helps. I'll post more when I get further along.
Ted
Ps. The Cloudgenix portal is pretty full featured...if they'd just add some email/text alerting to the platform I'm not sure I'd even bother with SW at this point.
Yes. Let me know if you have more questions. I can show you how.
Thanks!
I'd be interested as well as we just signed with CGX for our SD-WAN solution
I think that their #1 ease of use issue is that they did not go and get an custom OID for their product.
They are using the System Object ID of 1.3.6.1.4.1.8072.3.2.10 whic is, essentially, a sample Linux one that a vendor is supposed to customize.
So, it ends up listed in Nodes as a Vendor of "net-snmp" and just slightly more useful than "unknown"
Since convenience usually means a MIB based on OID, this just sucks! You end up with about any net-snmp MIB being usable, just ask the correct (of myriad) questions relevant to you product in the UnDP.
We are doing a POC currently. Do you use NTA and were you able to get Netflow data from Cloudgenix into NTA?
We too have launched CloudGenix as our new SD-WAN. I have gone through all the normal procedures to provide Solarwinds with the vendor MIB's but this has proven to be very novice in execution. I don't know if its CGX that failed to properly structure the MIB files or if Solarwinds failed to import it properly. I've opened cases and have been given very generic responses as to what is going on.
We're lacking basic information like Vendor, system name, etc. We've resorted to using custom pollers but its sad that we have to resort to that and its still not effective. Its a duct tape approach. Palo Alto bought them over a year ago and we still struggle to get Solarwinds to acknowledge them. Meanwhile i see Velocloud show up natively in Solarwinds.
We have nearly 300 ION 3000's deployed and we have taken 2 steps back with monitoring and alerting on these devices.
I implore Solarwinds and CloudGenix(now Palo Alto) to collaborate to bring this product to the mainstream list of vendors and devices to be managed.
We should not be struggling this much for something so simple.
Anyone at Solarwinds feel free to contact me. If not then I will take that as a sign of ignoring the customer or not thoroughly monitoring these channels in the ways intended to improve through community contribution, not just for customers but for the vendor.
Thanks for providing this info. We did a POC between Cisco and Cloudgenix and I discovered these issues right away in Orion with the Cloudgenix devices. In addition, discovered in our POC that our Netpath tests are incomplete with Cloudgenix in the mix. It still builds the path, but we aren't getting the same level of detail that we do with the offices on the Cisco SD-WAN solution and our non SD-WAN offices.
I'm the Product Manager for NPM, and we're working directly with a contact at Palo Alto to get these MIBS loaded and available in the MIB Database. We are preparing to integrate them this week, and your should be able to load them next week. See: Add MIBs to the SolarWinds MIB database
We've also done some research with pcaps provided by Palo Alto, and found some issues with NTA's parsing of flow data from these devices. We've identified some work we need to do to correctly ingest flow, and we've added that to our backlog.
I'll update this thread as we progress through the work required to properly support this product line.
@jreves
We already submitted the MIBs to Solarwinds months ago. It didn't help much. TAC said that Solarwinds hasn't officially added the as a vendor. Even with custom pollers, the devices show up in the vendor list with a question mark. They're just not being recognized as a vendor and I don't get any values when I browse the MIB tree.
So either it was imported wrong or CloudGenix just doesn't have the MIB files structured correctly.
We're working directly with the Palo Alto / CloudGenix team this week to get these integrated. As soon as they are available, I'll come back with an update and ask you to verify they're working correctly in your environment. Thanks for surfacing this, and helping us to validate the solution.
Just wondering if there has been any update on getting CloudGenix SD-WAN devices working properly with Solarwinds? I have several ION 1000's that are being detected as VeloCloud devices.
We have been using CloudGenix for awhile now. I'm able to use SNMP to get the data in through the MIB tables. I can look to see if I can find the original update for the MIB table and see if I can't post them to my GibHub or something.
If you haven't already done so, be sure to update the MIB table within your environment. You then need to create the UnDPs and assign it to your CloudGenix devices. I tried to make things easier and I tried to export the entire group of UnDPs I use to the content exchange. That information can be found here.
If you have any issues with the UnDPs please let me know. I will try to help out more tomorrow.
Good morning, Any updates on the NTA compatability? I enabled IPFix on one of my ION's, The ION is appearing in NTA, but I am seeing a warning "The NetFlow Receiver Service [XXXXXX] received an invalid IPFIX template with ID 256 from device n.n.n.n"
I discovered today that 2020.6 HF 4 is available. In the notes, it says they resolved "The issue with Cloudgenix and MIBs was addressed". I am curious to know what that means.
support.solarwinds.com/.../Orion-Platform-2020-2-6-Hotfix-4
We updated with model information we got from PAN team as we work on formal SD-WAN support at Orchestrator/Controller level. Also should correctly get mapped to PAN logo as well I believe.
My issue with the CGX (Ion3k & Ion7k) is that in the last two weeks, at least 3 or 4 of our 60+ devices show a "controller disconnect" message and SNMP V3 gets from SolarWinds fail.To fix it, I use the elcapitain portal, and get the Ion device view up, click SNMP, click V3 (to disable it), and save, then click V3 (set enable it) and save again. This procedure restarts the SNMP agent...of course, when it comes back up, SolarWInds detects the agent's uptime being (more or less) zero, and sends a "device rebooted" alert...but at least the agent is up again.
Then, I can query against the device again. The alert in SW gets cleared after 2 polls, or a rediscovery. In my experience, this sort of thing happen when the the SysUpTime OID (usually 1.3.6.1.2.1.1.3) exceeds 497 days (the time it takes to wrap a 32-bit counter. So, I surmise the CGX tries to return a value, but the OID being queried exceed 2**32 and then can't return the value. This causes no value to be returned, and generally (in the CGX case, anyway) causes the device to stop responding to any SNMP gets.I'm disinclined to write a script that SSH's to my 60+ ION devices every January 1st and stop and start the SNMP agent!Any ideas? Is this actually the uptime wrapping, or is this caused by your changes to the portal, somehow? The software hasn't change in 8 to 15 months or so. We're using version 5.4.3-b9.
Cheers,
Ambi
well, i don't know about y'all but its still a confusing mess for us. I am certain i have all the same MIBs you all do that are published by CGX and 3 out of 4 MIB's they posted are generic in nature and are severely underdeveloped for modern times.
I have been pushing hard on our Palo Alto and CGX account teams over the past 2yrs and as of the last month we are hearing that more CGX customers are coming forward with the same deficiencies and inaccuracies and they have finally(maybe) prioritized their project list to commit resources to develop their snmp program to be up to par. They did say that this also comes down to compatibility and cooperation with Solarwinds but i think its more on them than Solarwinds. Solarwinds will ingest what ever MIB is submitted that is properly authored and to industry standard.
As of now the standard MIB's provided by them to Solarwinds are insufficient to monitor and alert accurately on the important metrics like tunnel interface status to Prisma, BGP overlay to Prisma, path changes, degraded service upstream, regardless of link status, etc. We can barely count on physical ION link failures. That's it. If you're a company with many locations and depend on customer experience then these are sensitive metrics that we cant count on currently. At this point we have to wait and see what CGX/Palo Alto and Solarwinds can come together on.
This is not true... i still get the ? symbol.I feel that that the latest update simply and ignorantly stated that because someone, me, or some other customer summited a CGX MIB so Solarwinds felt good about blindly stating it includes native support.
If you feel i am severely wrong then private message me. please. This is ridiculous how far behind CGX is with a proper SNMP program and Solarwinds lack of awareness of such a prevalent SD-WAN product.. And I'm not talking about hacking Solarwinds with custom pollers and mapping custom MIBs.
That is not the same as Solarwinds recognizing ClougGenix ION's as supported devices and they know it and have said that to me point blank !!!
BTW, I still see no vendor symbol for my CGX ION nodes. that in itself is evidence that Solarwinds has no idea who ClougGenix is.
You're nobody until you have an vendor Icon in Solarwinds.
I am running the latest version of Orion with the latest hot fixes. My ION 3000's are running anywhere from 5.411-b4 up to 5.6.3-b11. In Orion, these are being detected as Palo Alto devices. I have one ION 9000 that is being detected as being from VeloCloud Networks, and two 9000's that are showing as net-snmp.
I looked at a couple of my 3000's and when I look at Node Details the Machine Type says Cloudgenix ION 3000 and has a Palo Alto logo.
I agree that it would be nice to see some progress in SD-WAN monitoring. It seems like vendors are struggling with this. We have LiveAction and we are getting some visibility via Netflow from Cloudgenix, but it doesn't seem to be on par with what LiveAction provides with Cisco Viptela. I think some of this is how well the vendor designs their SNMP. I blame Cloudgenix more than Solarwinds for that.
We recently purchased Palo Alto CloudGenix Devices and found the monitoring in Solarwinds lacking. They were not identified correctly until I upgraded from 2020.1.6 HF2 to HF4 and the new MIB DB. Then the vendor was found with logo but nothing specific to SD-WAN tunnel status. I ended up making my own Universal Device Poller with alerting which is working great, but it would be nice if this was available out of the box. Also, our ION 2000s are being treated as Wireless Autonomous APs, but the 3000s and 1000s look fine. I have a support ticket opened on that.
Doing more SD-WAN is on our roadmap. The challenge with not just the SD-WAN vendors, but even other networking technologies is they are adopting an API first approach, especially with SD-WAN at the Orchestrator level. This means each API from each vendor is different and a snow flake and has to be developed towards. Not like SNMP where if the vendor supports the RFC, then it usually just works. We recently finished Orchestrator & Edge support for Meraki and Viptela and Velocloud are next. After that CloudGenix and Silver Peak will be up. So we are working through them, just takes time, but the Edge device support should be decent. There may be a gap or two on some vendors, but for the most part on the Edge devices since they are mainly SNMP driven, we can monitor those.
Thanks for posting this! I do agree with the API comments. I think vendors are putting less and less work into SNMP and favoring APIs for good reasons. SNMP is starting to feel antiquated in these cloud based solutions. If SW can hook into the various API based solutions we use that would be a big win.
API is definitely the trend. We have Cloudgenix SD-WAN, and they recently announced integration with LiveAction. I'm looking forward to seeing what that provides for us.
FYI for anyone who finds this searching - the incorrect behavior of sysObjectID being the default NetSNMP should have been resolved in ~2019. If you are running CloudGenix/Prisma SDWAN ION release 5.5.1 or later, it should return proper OIDs referenced in the CGX-MODELS-MIB.mib file. This fix was also backported to the 5.4.3 release train as well.Latest MIBs should also be at the bottom of this page:docs.paloaltonetworks.com/.../prisma-sd-wan
I discovered something new today. Our datacenter 9000 ION's are running 5.6.5-B15, and Orion is detecting the 10 gig interfaces as 10 Mbps. I'll be editing them manually.
I wanted to provide an update. We recently upgraded one of of our 3000 ION's to 6.1.1.b10. We discovered that they changed something in SNMP because the interfaces are showing up in Orion as 10 Mbps.
I updated my SD-WAN fabric to 6.1.5-b1 and the interface issue appears to be resolved. I spot checked my 3000 ION's and they are reporting the correct speeds.
If you missed it, 2024.1 is out and they are now offering Cloudgenix monitoring! This is what I found related to NPM. They also state that NTA now supports Cloudgenix.
Add Palo Alto Networks Prisma SD-WAN (formerly CloudGenix) orchestrator nodes for monitoring and pair the Prisma orchestrator with edge nodes. For monitored nodes, you can observe:
Our systems team performs our Orion upgrades so I don't know when we will be upgrading. If anyone deploys this, please share!
I did the upgrade and the CloudGenix monitoring is still lacking VPN Link Info & WAN link Info. Which are really the main CloudGenix items I want to monitor through SolarWinds. Aside from that disappointment, the upgrade went smoothly and everything functions as it did before the upgrade.
I had to open up a case with support. Looks like we are getting a token error. My API integration with NetBrain works fine after they immediately updated their API.
