The above question pretty much says it all. Should one be polling/monitoring the Null/Loopback interfaces on anything? If so, what is the benefit and why would you want to do something like that?
To all:
I noticed that no one has replied to my question as of yet. Was it because I was not clear enough? If so, please advise what additional information you would need or like and I'll post. As I am still looking for an answer to this question. TIA.
I know of no good reason to monitor either of these interfaces. I typically turn off monitoring of them to conserve database space, polling and other resources.
I also turn off monitoring of unrouted VLANs. But that's me.
I don't monitor any NULL interfaces and my network engineers have told me to never monitor them. Here is an excerpt from cisco regarding NULL interfaces.
"Null interface is not physical interface; it’s a virtual interface and is always up. Null interface never forward or receive traffic but packet route to null interface are dropped."
This helps exemplify that that we shouldn't monitor them as its a virtual interface and if it its always up and doesn't forward or receive traffic there is no point to have it in your system. Hope this helps.
I see no reason to monitor a NULL interface, but although I do not do so I can understand monitoring the loopback interface of a router.
As stated above, a loopback interface will always be up. Therefore if there's any available route to that host then the host will be up. Monitoring the loopback interface for up/down status can give a more accurate indication of the device's up/down status than monitoring the up/down status of physical interfaces on the box.
Loopback interfaces never go down unless you shut them. They are for routing purposes. The Null interface is for traffic that gets dropped. I really do not see the need to monitor these interfaces. The Null interface would be ok if you are not securing anything and you were using netflow and needed to see if any traffic is being dropped
Ok, let me restate: I would use the IP address of the loopback interface on a router rather than an IP address on a physical port.
I wouldn't add the loopback interface itself as an interface to monitor.
Except for a few ASRs most of my devices are layer 3 switches. In these cases I use the IP address of a management vlan SVI to monitor the host but I don't actually monitor the vlan interface.
