Ethernet OAM in Icinga and Cacti HOWTO - sara-nl/eth-oam GitHub Wiki
Icinga is an enterprise grade open source monitoring system which keeps watch over a network and any conceivable network resource, notifies the user of errors and recoveries, and generates performance data for reporting. Scalable and extensible, Icinga can monitor complex, large environments across dispersed locations. Icinga is licensed under GPL V2 and is free to use, distribute and modify.
Icinga is a fork of the Nagios platform. It was created by people from the Nagios community who were displeased with the direction that Nagios was developing. Mainly the lack of development on the core application was reason for people to initiate the development of Icinga. A quickstart guide, including installation instructions can be found on: http://docs.icinga.org/latest/en/quickstart-icinga.html
Cacti is a complete frontend to RRDTool, it stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain Graphs, Data Sources, and Round Robin Archives in a database, cacti handles the data gathering. There is also SNMP support for those used to creating traffic graphs with MRTG. A complete manual can be found at: http://www.cacti.net/downloads/docs/html/index.html
To install net-snmp, use the following command:
yum install net-snmp net-snmp-libs net-snmp-utils net-snmp-devel
The MIBs related to Ethernet OAM must be placed in a folder which is in the search path for net-snmp.
To find the default mib folders, issue the following command:
[erikr@inflow /]$ net-snmp-config --default-mibdirs
/home/erikr/.snmp/mibs:/usr/share/snmp/mibs- IEEE8021-CFM-MIB.mib
- IEEE8021-CFM-V2-MIB.mib
- IEEE8021-TC-MIB.mib
For the Ciena version of the plugin, the following MIB is required:
- WWP-LEOS-CFM-MIB.my
copy necessary mibs to /usr/share/mibs/site or any other directory which is accessible by Icinga and net-snmp.
The Icinga plugin is written in Python and makes use of the Python net-snmp bindings. These can be installed by using the following command:
On Fedora / CentOS
sudo yum install net-snmp-python
on Ubuntu / Debian:
sudo apt-get install libsnmp-base libsnmp-python libsnmp15 snmp
There are 2 scripts as part of the plugins that require the ncclient NETconf library. This mainly used to support Ethernet OAM for Juniper based devices. There are serveral forks of ncclient. Please see https://github.com/Juniper/ncclient for installation instructions and dependencies.
The dot1ag-utils software package is an Open Source (new BSD License) implementation of the IEEE 802.1ag protocol and is supported on Linux, FreeBSD and MacOSX servers. It provides several debugging tools that interact with IEEE 802.1ag enabled routers and switches. The package implements the MEP Down functionality with a loopback message initiator (ethping), a link trace message initiator (ethtrace) and a daemon (dot1agd) that responds to loopback messages and link trace messages. Sending and receiving of continuity check messages is done by dot1ag_ccd.
Dot1ag-utils is maintained by SURFnet. See for more information: https://svn.surfnet.nl/trac/dot1ag-utils/wiki
The Ethernet OAM Icinga plugin consists of a number of scripts, which can be used to check several OAM features of supported devices.
Overview:
| Name | Functionality | Supported platform | Method |
| check_cfm_state_8021ag.py | check CCM state | Any 8021.ag supported device | SNMP standardized MIB |
| check_cfm_state_ciena.py | check CCM state | Ciena | SNMP proprietory MIB |
| check_cfm_state_juniper.py | check CCM state | Juniper | Netconf |
| check_ethping | check LBR/LBM | Any 8021.ag supported device | dot1ag utils |
| check_ethtrace | check LTR/LTM | Any 8021.ag supported device | dot1ag utils |
The check_ethping script can be used to send loopback requests (LBR) to remote hosts and monitor the results (LBM).
It is actually a wrapper script for the dot1ag-utils ethping utility.
The ethping and ethtrace utility require sudo permissions to execute.
To avoid a password prompt when executing the script, it is possible to add the ethping command to the sudoers file. This can be accomplished by executing the visudo tool.
the following lines should be added:
<user> ALL=NOPASSWD: /usr/local/bin/ethping
<user> ALL=NOPASSWD: /usr/local/bin/ethtrace<user> is the username that will be used to execute the command (eg. icinga).$ ./check_ethping.py --help
Usage: check_ethping.py [options] destination_MAC
Options:
-h, --help show this help message and exit
-i INTERFACE, --interface=INTERFACE
interface to use
-v VLAN, --vlan=VLAN vlan to query
-l MDLEVEL, --mdlevel=MDLEVEL
OAM Maintentance Level
-c COUNT, --count=COUNT
number of ethpings to send
-w WARN_ON_PACKETLOSS, --warn_on_packetloss=WARN_ON_PACKETLOSS
Return warning on packetloss 1=yes 0=no (default=1)-h / --help
This option shows the above listed help message.
-i / --interface
This option specifies the interface to use when sending loopback requests.
-v / --vlan
This option specifies the vlan in which the destination address is present.
-l / --mdlevel
This option specifies management domain level of the destination address.
-c / --count
This option specifies the amount of loop back requests to be sent. The default is 5 requests.
-w / --warn_on_packetloss
This option specifies if a warning should be returned, in case of packet-loss of loopback messages. Normally the script only generates a warning if all packets are lost. You can use the following settings: 1=yes 0=no (default=1)
Normal result:
$ check_ethping.py -i em1.1235 -l 7 -v 1235 aa:aa:bb:bb:cc:cc
PING aa:aa:bb:bb:cc:cc OK - Packet loss = 0%, RTA = 7.8806 ms$ check_ethping.py -i em1.1235 -l 7 -v 1235 aa:aa:bb:bb:cc:cc
PING aa:aa:bb:bb:cc:cc CRITICAL - Packet loss = 100%, RTA = 0.0000 msThe check_ethtrace script can be used to execute a linktrace request (LTR) to a MAC address.
It is actually a wrapper script for the dot1ag-utils ethping utility.
It will return the number of hops that it took to reach the MAC address. The script can be optionally be configured to expect a specific number of hops, or a specific path that needs to be taken to reach a MAC address.
The ethping and ethtrace utility require sudo permissions to execute.
To avoid a password prompt when executing the script, it is possible to add the ethping command to the sudoers file. This can be accomplished by executing the visudo tool.
the following lines should be added:
<user> ALL=NOPASSWD: /usr/local/bin/ethping
<user> ALL=NOPASSWD: /usr/local/bin/ethtrace<user> is the username that will be used to execute the command (eg. icinga).$ sudo ./check_ethtrace.py --help
Usage: check_ethtrace.py [options] destination_MAC
Options:
-h, --help show this help message and exit
-i INTERFACE, --interface=INTERFACE
interface to use
-v VLAN, --vlan=VLAN vlan to query
-l MDLEVEL, --mdlevel=MDLEVEL
OAM Maintentance Level
--hops=HOPS Allowed number of hops (number or range eg. 2:3)
--mac_path=MACPATH Specified trace path (use comma separated mac
addresses)-h / --help
This option shows the above listed help message.
-i / --interface
This option specifies the interface to use when sending loopback requests.
-v / --vlan
This option specifies the vlan in which the destination address is present.
-l / --mdlevel
This option specifies management domain level of the destination address.
--hops
This option specifies a number of expected hops that the linktrace will take. If the result doesn't match the configured hop count, it will return a WARNING.
The hop count can also be configured as a range of minimum and maximum hops. This can be done with the following syntax: --hops 2:4 . This means minimum allowed hops is 2, maximum allowed hops is 4.
--mac_path
With this option you can specify spectif path of mac addresses, which is to be axpected as the result of the linktrace request. If the path doesn't match, it will return a warning.
The format is --mac_path 11:22:33:44:55:66,aa:bb:cc:dd:ee:ff,99:88:77:66:55:44
When the script finishes it will return an errorstate code which is used by Icinga to detect the service state. The script will return 0 ('OK') if there are no issues. The script wil return 1 ('WARNING') if there are problems detected.
Normal result:
$./check_ethtrace.py -i em1.1235 -l 7 -v 1235 --hops 1:2 aa:aa:bb:bb:cc:cc
ETHTRACE aa:aa:bb:bb:cc:cc OK - hops = 2 Result with wrong hopcount:
$ check_ethtrace.py -i em1.1235 -l 7 -v 1235 --hops 3 bb:bb:bb:bb:bb:bb
ETHTRACE bb:bb:bb:bb:bb:bb WARNING - hops = 2 -- Invalid hop count (configured: 3 detected: 2)Result with wrong MAC path:
$ check_ethtrace.py -i em1.1235 -l 7 -v 1235 --mac_path aa:aa:aa:aa:aa:aa,bb:bb:bb:bb:bb:bb bb:bb:bb:bb:bb:bb
ETHTRACE b0a8.6e0d.1f03 WARNING - hops = 2 -- Wrong path detected (configured: aa:aa:aa:aa:aa:aa,bb:bb:bb:bb:bb:bb detected: 11:11:11:11:11:11,bb:bb:bb:bb:bb:bb)The check_cfm_state scripts can be used to monitor the state of CCM messages, related to specific MEPs. It will detect if there are any of the alarm flags set, and if the port and interface TLVs are 'Up'. The scripts do not provide continuous checking of the CCM state, since the nature of Icinga is to poll only once in a while. This means if there is an alarm occurring just between two polls, this is not detected.
There are currently three implementations of the script, which are functionally almost the same, but are used for different devices:
- check_cfm_state_8021ag.py
- check_cfm_state_ciena.py
- check_cfm_state_juniper.py
To see all possible flags, issue the `--help` option:
$ ./check_cfm_state_8021ag.py --help
Usage: check_cfm_state_8021ag.py [options] hostname
Options:
-h, --help show this help message and exit
-v SNMP_VERSION, --version=SNMP_VERSION
Use specific SNMP version default = 1
-p PORT, --port=PORT SNMP port default = 161
-c COMMUNITY, --community=COMMUNITY
SNMP community
-m LIST, --mep=LIST comma separated list to specify remote MEPs to
monitor, (all = all available MEPs)-h / --help
This option shows the above listed help message.
-v / --version
This option specifies the SNMP version, when omitted it uses version 1 as default. Valid options are '1' or '2'.
-p / --port
This option allows you to override the default UDP 161 port for SNMP.
-c / --community
This option specifies the SNMP community of the device you want to query. This option is mandatory.
-m / --mep
This option allows you to specify a single or a list of remote MEPs which should be monitored by the plugin. A list can be created by using commas between the individual meps:
Single MEP: --mep 800
List of MEPs: --mep 800,810,830
All MEPs: --mep all
You can also query all detected remote MEPs using the --mep all option. This will detect the status of all discovered remote meps. However if the plugin cannot retrieve data for one of the meps, it will not generate any 'NO DATA' message, since the MEP was not specifically mentioned.
This option is mandatory.
To see all possible flags, issue the `--help` option:
$ ./check_cfm_state_juniper.py --help
Usage: check_cfm_state_juniper.py [options] hostname
Options:
-h, --help show this help message and exit
-P PORT, --port=PORT NETconf port default = 22
-u USERNAME, --username=USERNAME
ssh username
-p password, --password=password
ssh password (can be ommited when using remote ssh
key)
-m LIST, --mep=LIST comma separated list to specify remote MEPs to
monitor, (all = all available MEPs)-h / --help
This option shows the above listed help message.
-P / --port
This option allows you to override the default port for SSH (TCP port 22).
-u / --username
This option is used to specify the SSH username for Netconf. This option is mandatory.
-p / --password
This option is used to specify the SSH password for Netconf. Alternatively you can use a remotely stored SSH key. In this case the password can be ommited.
-m / --mep
This option allows you to specify a single or a list of remote MEPs which should be monitored by the plugin. A list can be created by using commas between the individual meps:
Single MEP: --mep 800
List of MEPs: --mep 800,810,830
All MEPs: --mep all
You can also query all detected remote MEPs using the --mep all option. This will detect the status of all discovered remote meps. However if the plugin cannot retrieve data for one of the meps, it will not generate any 'NO DATA' message, since the MEP was not specifically mentioned.
This option is mandatory.
When the script finishes it will return an errorstate code which is used by Icinga to detect the service state. The script will return 0 ('OK') if there are no issues. The script wil return 1 ('WARNING') if there are problems detected with one or more MEPs.
Result without issues:
$ ./check_cfm_state_8021ag.py -c TNCDEMO -m 875 10.0.102.99
Remote MEP 875 OK - Level 7 MAID: md7_TNCDEMO Result with some reported alarms:
$ ./check_cfm_state_8021ag.py -c TNCDEMO -m 2022 10.0.102.99
Remote MEP 2022 WARNING - Level 3 MAID: mdv2002_mav2002 -- Remote MEP State Error Detected! -- Icinga works with configuration files which contain the information needed to define monitoring services.
Configuration files can be added to the configuration directory of Icinga. The location differs per implementation.
Possible locations are /usr/local/icinga/etc/ or /etc/icinga.
You can use the whereis icinga command to find out where Icinga is located.
Any additional files can be added to the configuration by specifying them in the icinga.cfg global configuration file.For example you can add our file with the following statement:
cfg_file=/usr/local/icinga/etc/objects/eth-oam.cfg
Note: normally there is a seperate 'objects' folder where configuration files related to objects go.
After updating the file, Icinga has to be reloaded. This can be done with sudo /etc/init.d/icinga reload.
This example configuration file has four elements:
| Host definition | Specifies information about the host that is being monitored |
| Host_group definition | groups all hosts in a single group. |
| Service definition | Specifies information about what service checks are to be initiated by the host. |
| Check command definition | Specifies the command-line call to the plugin, including arguments, which is used by the service. |
# HOST DEFINITIONS
define host{
use generic-switch ; Inherit default values from a template
host_name nge-2.lighthouse.sara.nl ; The name we're giving to this switch
alias SURFsara CIENA 3960 NGE-1 ; A longer name associated with the switch
address 10.0.102.11 ; IP address of the switch
hostgroups TNC2013_DEMO ; Host groups this switch is associated with
}
define host{
use generic-switch
host_name oam-nid1.lighthouse.sara.nl
alias SURFsara Overture ISG24 bridge
address 10.0.102.9
hostgroups TNC2013_DEMO
}
# HOST GROUP DEFINITIONS
define hostgroup{
hostgroup_name TNC2013_DEMO ; The name of the hostgroup
alias TNC2013 DEMO ; Long name of the group
}
# SERVICE DEFINITIONS
define service{
use generic-service ; Inherit values from a template
host_name oam-nid1.lighthouse.sara.nl ; The name of the host the service is associated with
service_description check_cfm_state_8021ag ; The service description
check_command check_cfm_state_8021ag!TNCDEMO!872 ; The command used to monitor the service
normal_check_interval 5 ; Check the service every 5 minutes under normal conditions
retry_check_interval 1 ; Re-check the service every minute until its final/hard state is determined
}
define service{
use generic-service
host_name nge-2.lighthouse.sara.nl
service_description check_cfm_state_ciena
check_command check_cfm_state_ciena!TNCDEMO!871
normal_check_interval 5
retry_check_interval 1
}
# CHECKCOMMAND DEFINITIONS
define command {
command_name check_cfm_state_ciena
command_line $USER1$/plugins-sara/check_cfm_state_ciena.py -v 2 -c $ARG1$ -m $ARG2$ $HOSTADDRESS$
}
define command {
command_name check_cfm_state_8021ag
command_line $USER1$/plugins-sara/check_cfm_state_8021ag.py -c $ARG1$ -m $ARG2$ $HOSTADDRESS$
}In the repository there are two files which make up the definitions of the data query (juniper_dmm.xml), and the script which is used by the data query (juniper_dmm.py) . These need to be copied to your cacti resources/script_queries directory. This is part of your cacti installation, and is often located at /usr/share/cacti. If you are using another directory for storing these files, you will have to manually adjust the XML Path for the data query to the corresponding directory.
Since the script uses NETCONF to query the eth-oam information from the device, it needs to authenticate before it can retrieve the data. Therefore an additional file needs to be present in resources/script_queries directory, named netconf_auth
This file contains user/pass credentials per host in the format: <host>:<user>:<password>:<netconf tcp port (optional)>
Multiple entries can be added using new lines. Unfortunately there is no support for ssh key-pairs currently.
The graph and data query template for the Juniper are stored in the cacti_data_query_juniper_dmm_statistics.xml file. This file can be imported using the import template function in Cacti. The Juniper DMM Data query is then ready to be added to your devices.
Instructions not yet available
The initial version of the Overture firmware which we used had a bug, which caused that no CCM messages were processed by the CPU. This was initially fixed by reverting to an older Firmware. Later on Overture released an update which fixed the problem.
| Overture firmware version | CCM issue |
|---|---|
| 4.9.1 | No issue |
| 4.9.2.1 | YES |
| 4.9.3.1 | No issue |
The MRV device that we use currently has an issue, which does not correctly display the MA name correctly when querying it in SNMP. Instrad of displaying the name, it displays the oid leaf index of the MA. This still needs to be further investigated.
During implementation it was discovered that the WWP-LEOS-CFM-MIB.my did not response to SNMP queries. It turned out that our MEP IDs were higher than 100. This was in conflict with the wwpLeosCfmRemoteMEPID range value defined in the MIB. This was set to 'Unsigned32 (1..100)' at line 2959. When it was adjusted to 'Unsigned32 (1..8192)'. SNMP response messages were received normally.
If you get the error in subject importing a template, simply edit /var/www/cacti/include/global_array.php, at line 558 add a comma at the end
"0.8.7i" => "0023",
and after it add a new line
"0.8.8" => "0024"
This should resolve the problem.
Creating a MEP
NGE-1> cfm enable
NGE-1> cfm service create vlan 2003 name vpls2003 md md2 ma-name-string vpls2003
NGE-1> cfm service enable service vpls2003
NGE-1> cfm mep create service vpls2003 port 2 type down mepid 851
NGE-1> cfm mip create vlan 2003 port 2 level 2NGE-1> cfm mep show
+-------------------------------- CFM MEPs ---------------------------------+
| | | | | | |Admin|CCM |CCM|
|Service |Port |Vid |Mepid|Type| Mac Address |State|State|Pri|
+----------------+--------+----|-----+----+-----------------+-----+-----+---+
|SRS |12 |2780|8000 |down|00:03:18:89:A3:2D|en |on |7 |
|DMM |9 |100 |1000 |down|00:03:18:89:A3:2A|en |on |7 |
|vpls2003 |2 |2003|851 |down|00:03:18:89:A3:23|en |on |7 |
+----------------+--------+----|-----+----+-----------------+-----+-----+---+NGE-1> cfm show
+------------ CFM GLOBAL CONFIGURATION -------------+
| Parameter | Value |
+-------------------------------+-------------------+
| Admin State | Enabled |
| L2 Loop Detection State | Disabled |
| Ethertype | 0x8902 |
| Y1731 Ethertype | 0x8902 |
| Remote MEP Hold Time (ms) | 10000 |
| 802.1ad Strict Mode | Off |
| MIP Level Enforcement | On |
| MIP CCM Database Learning | Enabled |
| VS Automatic MEP Creation | On |
| Frames/sec Avail | 1496 |
| Loopback Default Count | 1 |
| Loopback Default Interval (ms)| 100 |
| Loopback Default Timeout (ms) | 5000 |
| Source MAC For PBT CFM Frames | 00:03:18:89:A3:20 |
| Frame Classification Mode | Per Snet |
| Total Rx Frames | 237262639 |
| Total Tx Frames | 280820416 |
+-------------------------------+-------------------+
+--------------- CFM GLOBAL RESOURCES ---------------+
| Resource | Current | Maximum |
+--------------------------------+---------+---------+
| CFM Frames per Second | 504 | 2000 |
| CFM Maintenance Domains | 9 | 538 |
| CFM Service's | 4 | 530 |
| CFM MEP's | 3 | 530 |
| CFM Remote MEP's/MIP-CCM-DB | 13 | 8192 |
| CFM CCM History's | 0 | 256 |
| CFM Stack's | 8 | 4096 |
| CFM Port's | 12 | 18 |
+--------------------------------+---------+---------+Showing md information
NGE-1> cfm md show
+------------------------ CFM MAINTENANCE DOMAINS ------------------------+
|Level |Management Name |Services|MD Name |
+------+----------------------------+--------+----------------------------|
|0 |md0 |0 |md0 |
|1 |md1 |0 |md1 |
|2 |md2 |2 |md2 |
|3 |md3 |0 |md3 |
|4 |EthernetSandbox |1 |EthernetSandbox |
|5 |md5 |0 |md5 |
|6 |md6 |0 |md6 |
|7 |md7 |0 |md7 |
|3 |DMM-test |1 |DMM-test |
+------+----------------------------+--------+----------------------------|NGE-1> cfm service show
+--------------------------------------- CFM SERVICES ---------------------------------------+
| | | | | | | MEPs | Service Faults |
|Name |Type|Service Network |Vid |Lvl|Adm|Loc|Rem|XC|CC|RM|MS|RD|IS|
+----------------+----+-------------------------------+----+---+---+---+---+--+--+--+--+--+--+
|SRS |VLAN|HPDMnet-8021ag |2780|4 |en |1 |0 | | | | | |X |
|DMM |VLAN|y1731-test |100 |3 |en |1 |1 | | | | | | |
|vpls2003 |VLAN|nge1-nge2 |2003|2 |en |1 |1 | |X |X | | | |
|test800 |VLAN|nge1-nge2 |2003|2 |en |0 |0 | | | | | |X |
+----------------+----+-------------------------------+----+---+---+---+---+--+--+--+--+--+--+It is possible to configure a MIP on the Ciena 3960.
NGE-1> cfm mip create vlan 2002 port 2 level 3
NGE-1> cfm mip create vlan 2001 port 9 level 3
NGE-1> cfm mip create vlan 2002 port 12 level 3showing configured MIP's
NGE-1> cfm mip show
+-------------------------- CFM MIPs --------------------------+
| Service Instance |Vlan Id |Port |Level |Mac Address |
|------------------+--------+--------+------+------------------|
|GN3-JRA1JRA2-EthOAM|2001 |9 |3 |00:03:18:89:A3:2A |
|GN3-JRA1JRA2-EthOAM-loop|2002 |2 |3 |00:03:18:89:A3:23 |
|GN3-JRA1JRA2-EthOAM-loop|2002 |12 |3 |00:03:18:89:A3:2D |
|nge1-nge2 |2003 |2 |2 |00:03:18:89:A3:23 |
|------------------+--------+--------+------+------------------|NGE-1> cfm mip-ccm-db enable
NGE-1> cfm mip-ccm-db show
+------------------------------ MIP CCM Database ------------------------------+
| | | |Total | Last CCM Information |
|VLAN| MAC Address |Port |CCM Rx |Seq Num |Time |Lv|Mepid| PS |RDI|
+----+-----------------+--------+---------+---------+--------+--+-----+----+---|
|2001|00:03:18:58:E8:E2|12 |103180 |35634028 |0 |3 |110 |Up | |
|2001|64:87:88:58:C7:E8|12 |101552 |0 |0 |3 |410 |None| |
|2002|00:03:18:58:E8:E2|2 |103180 |35634028 |0 |3 |110 |Up | |
|2002|00:15:AD:10:21:7F|2 |10421 |5445909 |0 |3 |800 |None| |
|2002|64:87:88:58:C7:E8|2 |101552 |0 |0 |3 |410 |None| |
+----+-----------------+--------+---------+---------+--------+--+-----+----+---|Enable delay measurements
NGE-1> cfm delay send service vpls2001 mepid 861 count 100 repeat 0 local-mepid 860NGE-1> cfm delay show
+-------------------- MEP DELAY MEASUREMENT MESSAGE INFORMATION ---------------------+
| |Local|Remote | | | | | |Rep |
|Service |Mepid|Mac Address |RMep|DMM|DMR|Delay in us |Jitter in us|Time|
+----------------+-----+-----------------+----+---+---+------------+------------+----+
|vpls2001 |860 |00:03:18:86:0F:99|861 |95 |94 |Min: 2163|Min: 0|0 |
| | | | | | |Avg: 2216|Avg: 25| |
| | | | | | |Max: 2278|Max: 71| |
+----------------+-----+-----------------+----+---+---+------------+------------+----+The Overture ISG 24 can be configured through CLI or webGUI.
This example creates a MEP with number 888 in the maintenance domain md7 with association TNCDEMO. It sens out CCM frames in an interval of 100 milliseconds. It also transmits the port-status and interface-status TLVs. In the performance-monitoring section a DMM sla-iterator-profile is configured. This is assigned to a MEP and provides DMM delay and measurement statistics.
{master:0}[edit protocols oam ethernet connectivity-fault-management]
user@ex4200# show
maintenance-domain md7 {
level 7;
maintenance-association TNCDEMO {
continuity-check {
interval 100ms;
port-status-tlv;
interface-status-tlv;
}
mep 888 {
interface ge-0/0/0.0 vlan-id 1235;
direction down;
auto-discovery;
remote-mep 810 {
sla-iterator-profile il;
}
}
}
}
performance-monitoring {
sla-iterator-profiles {
il {
measurement-type two-way-delay;
}
}
}
user@ex4200# show maintenance-domain md7 | display set
set protocols oam ethernet connectivity-fault-management maintenance-domain md7 level 7
set protocols oam ethernet connectivity-fault-management maintenance-domain md7 maintenance-association TNCDEMO continuity-check interval 100ms
set protocols oam ethernet connectivity-fault-management maintenance-domain md7 maintenance-association TNCDEMO continuity-check port-status-tlv
set protocols oam ethernet connectivity-fault-management maintenance-domain md7 maintenance-association TNCDEMO continuity-check interface-status-tlv
set protocols oam ethernet connectivity-fault-management maintenance-domain md7 maintenance-association TNCDEMO mep 888 interface ge-0/0/0.0
set protocols oam ethernet connectivity-fault-management maintenance-domain md7 maintenance-association TNCDEMO mep 888 interface vlan-id 1235
set protocols oam ethernet connectivity-fault-management maintenance-domain md7 maintenance-association TNCDEMO mep 888 direction down
set protocols oam ethernet connectivity-fault-management maintenance-domain md7 maintenance-association TNCDEMO mep 888 auto-discovery
set protocols oam ethernet connectivity-fault-management performance-monitoring sla-iterator-profiles il measurement-type two-way-delay
set protocols oam ethernet connectivity-fault-management maintenance-domain md7 maintenance-association TNCDEMO mep 888 remote-mep 810 sla-iterator-profile iluser@ex4200> show oam ethernet connectivity-fault-management mep-database maintenance-domain md7 maintenance-association TNCDEMO remote-mep 875
Maintenance domain name: md7, Format: string, Level: 7
Maintenance association name: TNCDEMO, Format: string
Continuity-check status: enabled, Interval: 100ms
MEP identifier: 888, Direction: down, MAC address: b0:a8:6e:0d:1f:03
Auto-discovery: enabled, Priority: 0
Interface name: ge-0/0/0.0, Interface status: Active, Link status: Up
Remote MEP identifier: 875, State: ok
MAC address: 00:03:18:82:22:13, Type: Learned
Interface: ge-0/0/0.0
Last flapped: Never
Remote defect indication: true
Port status TLV: up
Interface status TLV: upTo review DMM measurement statistics of a sla-iterator-profile, try the following example:
user@ex4200> show oam ethernet connectivity-fault-management sla-iterator-statistics maintenance-domain md3 maintenance-association vpls1000 local-mep 812 remote-mep 810 sla-iterator il
Iterator statistics:
Maintenance domain: md3, Level: 3
Maintenance association: vpls1000, Local MEP id: 812
Remote MEP id: 810, Remote MAC address: 00:15:ad:10:21:7f
Iterator name: il, Iterator Id: 1
Iterator cycle time: 1000ms, Iteration period: 2000 cycles
Iterator status: running, Infinite iterations: true
Reset reason: none
Iterator delay measurement statistics:
Calculation weight: Delay: 1, Delay variation: 1
DMM sent : 341316
DMM skipped for threshold hit : 0
DMM skipped for threshold hit window : 0
DMR received : 341316
DMR out of sequence : 0
DMR received with invalid time stamps : 0
Average two-way delay : 257 usec
Average two-way delay variation : 36 usec
Average one-way forward delay variation : 32 usec
Average one-way backward delay variation : 51 usec
Weighted average two-way delay : 264 usec
Weighted average two-way delay variation : 27 usec
Weighted average one-way forward delay variation : 29 usec
Weighted average one-way backward delay variation: 56 usecThe following devices were tested succesfully. It does not mean that other versions and other vendors will not work.
| Device | Firmware version | Manufacturer URL |
|---|---|---|
| Ciena 3960 |
saos-06-09-01-0108 saos-06-09-00-0242 |
http://www.ciena.com/products/3960/ |
| Fujitsu FDX2400M-TE-S | AEN_5.5_26203 | tbd. |
| MRV OptiSwitch 904 | 2_1_9B | http://www.mrv.com/product/MRV-OS-OS904-MBH |
| Overture-24 |
AEN_4.9.1 AEN_4.9.3.2.1 (issue found!) AEN_4.9.3.1 |
http://www.overturenetworks.com/carrier-ethernet |
| Juniper EX4200 | Junos 12.2R1.8 | http://www.juniper.net/us/en/products-services/switching/ex-series/ex4200/ |
| Acronym | Descriptor |
| AIS | Alarm Indication Signals |
| CCM | Continuity Check Messages |
| CFM | Connectivity Fault Management |
| CoS | Class of Service |
| DM | Delay Measurement |
| DMM | Delay Measurement Message |
| DMR | Delay Measurement Response |
| FD | Frame Delay |
| FDV | Frame Delay Variation |
| FLR | Frame Loss Ratio |
| IEEE | Institute of Electrical and Electronic Engineers |
| IETF | Internet Engineering Task Force |
| ITU | International Telecommunications Union |
| LBM | Loopback Message |
| LM | Loss Measurement |
| LMM | Loss Measurement Request |
| LMR | Loss Measurement Reply |
| LRM | Loopback Reply Message |
| LTM | Linktrace Message |
| LTR | Linktrace Replay Message |
| MA | Maintenance Association |
| MAC | Medium Access Control |
| MEG | Maintenance Entity Group |
| MEP | Maintenance End Point |
| MIB | Management Information Base |
| MIP | Maintenance Intermediate Point |
| ms | Millisecond |
| OAM | Operations, Administration and Maintenance |
| PHP | PHP: Hypertext Preprocessor |
| RDI | Remote Defect Indication |
| RTA | Round Trip Average |
| RRD | Round Robin Database |
| SNMP | Simple Network Management Protocol |
| SSH | Secure shell |
| TLV | Time, Length, Value |
| VID | VLAN ID |
| VLAN | Virtual Local Area Network |
- Icinga, Why a fork: https://www.icinga.org/faq/why-a-fork/
- Icinga Quickstart guide: http://docs.icinga.org/latest/en/quickstart-icinga.html
- Cacti manual http://www.cacti.net/downloads/docs/html/index.html
- ITU - T G.8013/Y.1731 OAM functions and mechanisms for Ethernet based networks: http://www.itu.int/rec/dologin_pub.asp?lang=e&id=T-REC-Y.1731-201107-I!!PDF-E&type=items
- IEEE Std 802.1agTM-2007 IEEE Standard for Local and metropolitan area networks; Virtual Bridged Local Area Networks Amendment 5: Connectivity Fault Management: http://standards.ieee.org/getieee802/download/802.1ag-2007.pdf
- Juniper Day One: Navigating The Junos XML Hierarchy: http://www.juniper.net/us/en/community/junos/training-certification/day-one/automation-series/junos-xml-hierarchy/
- Juniper ITU-T Y.1731 Ethernet Service OAM Feature Guide for Routing Devices: http://www.juniper.net/techpubs/en_US/junos13.2/information-products/pathway-pages/config-guide-network-interfaces/ethernet-itu-t-y-1731-ethernet-service-oam.pdf
- Juniper NETconf client: https://github.com/Juniper/ncclient
- SURFnet Dot1ag-utils: https://svn.surfnet.nl/trac/dot1ag-utils/wiki