Good Morning, I have a quick question about implementing another level of monitoring in our company, We are having around 50 sales office where we use different providers and we use to monitor them using ICMP, recently we were facing different issue that end up in having some critical issues, so we talk with the providers and they agreed to create SNMP community string with read only access. So we are planning to implement the SNMP monitoring in the provider edge router.
Do you guys have any similar experience . Also I used to have a link from solarwinds which help me to create custom template for the Solarwinds.
Please share with me if you have it
It varies widely with ISPs some figure you can gather the same information via different methods that they will give you SNMP read access readily. Others feel that is a security issue and don't allow it. Best guess would be to ask nicely and hope for the best.
You'd be surprised how much detail you can get from ICMP alone, but if you've got them onboard to give you RO SNMP access to their gear then you are laughing.
I can see one challenge ahead -- different hardware types at each site. That is relatively minor and might mean that some things work "out of the box" and some require a little finesse to get working but you're headed in the right direction. Listen to the advice that rharland2012 gives and you'll do just fine.
Yep, we do it to several provider routers with read-only access. Pretty basic, actually - if you're polling from your HQ or main site, allow SNMP outgoing from your poller (with the appropriate NAT mapping if you're using private IPs inside) and you should be good to go. You may need to give your providers the public IP of your poller to facilitate the building of the ACLs on their side. It works well for us.
Sorry I can't help you with the template - not sure what you're referring to.
Thank you so much for your immediate update, One more clarification , what you meant by the SNMP outgoing with NAT mapping, I understand the concept but is it the outbound traffic from the firewall to the provider
Yes, I'm sorry - should have clarified that. Your firewall egress to your providers. Since this is a polling situation, your poller will initiate the connection - and with most stateful firewalls, you won't need to massage any incoming policies. If you're doing traps from your providers, then you'll have to add incoming policies to accept those traps from the provider devices - usually the WAN or loopback address of the provider router, depending on how it's architected on their side.
Echoing jbiggley - with the different types of gear your providers may be using, your results may vary on first poll. Start with establishing successful polling to the devices, see what your results are, and if necessary adjust/use a UnDP to get the information you want.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.