4 Replies Latest reply on Jan 7, 2014 11:42 PM by shuth

    Which interfaces are you monitoring on your switches?

    blackh0leson
    blackh0leson Jan 7, 2014 1:32 PM


      I am just looking for a little advice on what interfaces are important to monitor on a switch.  We are currently monitoring the uplink interfaces on each switch.  The interfaces that we are monitoring have "sflow forwarding" enabled (foundry uses 'sflow') on the switch itself.  Are there any other interfaces that should be monitored?  I know it is a hard question to answer since you don't know our infrastructure.  What interfaces are of importance to your company/work?  Thanks in advance!

        • Re: Which interfaces are you monitoring on your switches?
          RichardLetts
          RichardLetts Expert Jan 7, 2014 7:41 PM (in response to blackh0leson)

          I monitor:

          a) interfaces that are pointing towards other monitored nodes using LLDP

          i.e. these (SWQL custom query resource):

          SELECT n1.ipaddress, LocalPortNumber, RemoteSystemName, RemotePortDescription

          FROM Orion.NodeLldpEntry NLE inner join orion.nodes N1

          on NLE.nodeid=n1.nodeid

          inner join orion.nodes N2

          on NLE.remotesystemname=n2.SysName

          left outer join Orion.NPM.Interfaces i

          on i.interfaceindex = nle.localportnumber and i.nodeid=nle.nodeid

          where i.interfaceid is null

          and nle.localportnumber<>0

           

          b) interfaces that are pointing towards the spanning-tree root

          (I haven't figured out which interfaces these are in solarwinds, and I mostly don't care because LLDP provides the right information.)

           

          c) all interfaces ON the spanning-tree root (because in my environment this is an aggregation switch and this should only be interfaces pointing towards edge switches or the routers.

           

          d) Unfortunately we have many (probably over 5000) users who have connected their own switch, otherwise I'd suggest interfaces that have more than one MAC address in the bridge table, since that probably points to a switch that should be monitored, or a VM host, or a switch fabric inside a blade chassis.

          • Re: Which interfaces are you monitoring on your switches?
            superfly99
            superfly99 Expert Jan 7, 2014 10:40 PM (in response to blackh0leson)

            I monitor uplink ports and any ports that have something worth monitoring connected such as servers etc.

            • Re: Which interfaces are you monitoring on your switches?
              bluefunelemental
              bluefunelemental Expert Jan 7, 2014 11:15 PM (in response to blackh0leson)

              All physical ports with all except uplinks set to unpluggable.

              VLan ports because that's where our netflow is reporting from.

              maybe I should monitor loopback since its the trap source but I did not find it likely that loopback would be explicitly shutdown, node still polling, but not sending traps.

              • Re: Which interfaces are you monitoring on your switches?
                shuth
                shuth Expert Jan 7, 2014 11:42 PM (in response to blackh0leson)

                Similar to superfly99, typically WAN ports, uplink/trunk ports, and ports connected to important servers/devices.