5 Replies Latest reply on Dec 12, 2017 5:06 PM by laurin.beckhusen

    Interface statistics in NPM not matching asdm

    laurin.beckhusen

      HI All,

       

      I have a 5525-x Active/Standby pair that seems to be showing statistics incorrectly in NPM for my outside interface. The outside interface is a portchannel and I noticed that it does not correlate to what I see in ASDM.

       

      For example: NPM is currently showing the outside interface utilization as

       

      Out: 99 Mbps

      In: 100 Mbps

       

      ASDM is showing

       

      Out: 80 Mbps

      In: 5 Mbps

       

      They are constantly changing, so the values are roughly, but the issue is NPM is reporting the both values incorrect, but the incoming value seems to be way differently then the ASA..

       

      I double checked by going to the ASA and running a show int and calculated the value from the 1 minute input. ( it is in bytes, so I converted it to bits and it matches what asdm is showing)

       

      Here is a screen shot of asdm with the NPM statistics.

       

      You can see from the picture that the outside in stats in npm is way different than asdm....

       

       

      I inherited the setup and 1 theory is possible the way the interfaces / sub interfaces are setup.

       

      Are outside interface is port-channel 1 and the inside interface is actually portchannel1.X ( there is actually 5 sub interfaces - dmzOutside is not one of these, but inside is part of the port channel). Now I have never seen someone setup interfaces this way ( sub-interfaces being used in conjunction with the main interface) or a mixing of inside and outside on the same port-channel... Anyways, I am wondering if this is what is causing the values to be incorrect.

       

      I have another ASA at another site running the same code 9.8(2) and the outside / inside interfaces are on separate port-channels with sub interfaces and the values in npm match the asdm values withing 1mpbs.

       

      Thoughts?

       

      Thanks

      Laurin

        • Re: Interface statistics in NPM not matching asdm
          d09h

          If you SNMPwalk the involved MIBs from your poller, do the statistics match NPM or ASDM?

          1 of 1 people found this helpful
            • Re: Interface statistics in NPM not matching asdm
              laurin.beckhusen

              I don't have a snmp walk tool readily available I'll get one going and take a look. Have any suggestions? On windows over here. Do you know what OID's i need to reference..

                • Re: Interface statistics in NPM not matching asdm
                  d09h

                  Should have an snmpwalk.exe in NPM install folder unless that's changed (put there by NPM installer).  Not sure which OIDs are relevant to your situation though. Configuring the ASA to send SNMP trap at a particular threshold could help you as well in determining whether SNMP stats conflict with stats seen via CLI.

                  1 of 1 people found this helpful
                    • Re: Interface statistics in NPM not matching asdm
                      laurin.beckhusen

                      Cool - Got it going. Just need to figure out which oid relates to the interface statistics.

                       

                      Do you have a link by chance towards configuration of the thresholds? Quite new to snmp monitoring

                       

                      We have 1gbps links, but our outgoing internet is shaped to 100mbps, so I guess I would have to set a very low threshold 10% ?

                       

                      Thanks for the help.

                        • Re: Interface statistics in NPM not matching asdm
                          laurin.beckhusen

                          Welp snmp-walk sure is a PITA !! Also shows I have some learning to do.

                           

                           

                          Comparing the ASA values from asdm against NPM on the ASA that only uses sub-interfaces and the outside and inside don't belonging to the same port-channel, they appear to  match up. On the other ASA (inside and outside belonging to same port channel) they do not.

                           

                          We have replication traffic going between two sites. When the ASA (with inside and outside sharing the same Port channel ) starts to send traffic  I see the outside in value and outside out value go up. On the ASA receiving the traffic (and inside / outside interfaces not sharing the same port channel ) I see the outside in go up and the destination interface outbound traffic go up. Which makes sense. Traffic reports show this as well. I.E. outside out of the sending device goes up and the outside in of the receiving device goes up.

                           

                          I'll probably create a support ticket to get straitened out.