This document describes the recommended Object Identifiers (OIDs) to be used in order to monitor the CPU and memory resources on the Cisco ASR 1000 Series modular routers. Unlike the software-based forwarding platforms, the ASR 1000 Series comprises these functional elements in its system:
ASR 1000 Series Route Processor (RP)
ASR 1000 Series Embedded Services Processor (ESP)
ASR 1000 Series SPA Interface Processor (SIP)
As such, it is required to monitor the CPU and memory utilization by each of these processors in a production environment which results in additional OIDs to be polled per managed device.
Cisco recommends that you have knowledge of these topics:
Simple Network Management Protocol (SNMP)
This document is not restricted to specific software and hardware versions.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
SNMP OID to Monitor Cisco IOSd Memory Utilization
On the ASR 1000, you need to use the OIDs designed for 64-bit architecture platforms in order to monitor memory usage:
Processor Pool Free Memory
Processor Pool Largest Memory
Processor Pool Used Memory
Processor Pool Lowest Memory
Note: If you use the less specific OID in order to poll the Cisco IOSd memory statistics, the system yields two outputs - Cisco IOSd free memory (OID-7000.1) and Linux Shared Memory Punt Interface (LSMPI) memory (OID-7000.2). This might cause the management station to report a low memory alert for the LSMPI pool. The LSMPI memory pool is used in order to transfer packets from the forwarding processor to the route processor. On the ASR 1000 platform, the lsmpi_io pool has little free memory - generally less than 1000 bytes which is normal. Cisco recommends that you disable monitoring of the LSMPI pool by the network management applications in order to avoid false alarms.
Note: The RP2 contains two physical CPUs, but the CPUs are not monitored separately. The CPU utilization is the aggregate result of both the CPUs and therefore the cpmCPUTotalTable object contains only one entry for RP CPU. This might occasionally cause the management stations to report CPU utilization above 100%.
SNMP OID to Monitor RP/ESP/SIP Memory Utilization
These outputs list the OIDs to poll the individual memory statistics of each processor perceived by the show platform software status control-processor brief command.
Note: The previous OIDs yields only a single output for 1RU (rack unit) platforms such as the ASR 1001 and ADR 1002-X. The control CPU on ASR 1001 has three logical functions - RP, FP (Forwarding Processor), and CC (Carrier Card). All the functions that would normally be spread across different boards in an ASR 1002 run on the same CPU in ASR 1001.
Enable CoPP in Order to Protect from SNMP Overpolling
The configuration of Control Plane Policing (CoPP) provides better platform reliability and availability in the event of a Denial of Service (DoS) attack. The CoPP feature treats the control plane as a separate entity with its own interface for ingress and egress traffic. This interface is called the punt/inject interface. The deployment of the CoPP policy needs to be done in a phased approach. The initial phase should police packets at a liberal state in order to allow for analysis in the testing and initial migration/deployment phases. Once deployed, each of the classes associated with the CoPP policy should be checked and rates adjusted. A typical example of how to enable CoPP in order to protect the control plane against overpolling is shown here:
class-map match-all SNMP match access-group name SNMP !
! ip access-list extended SNMP permit udp any any eq snmp
! policy-map CONTROL-PLANE-POLICY description CoPP for snmp class SNMP police rate 10 pps burst 10 packets conform-action transmit exceed-action drop !