MPLS VPN SNMP Notifications
MPLS VPN--SNMP Notifications
Last Updated: June 6, 2012
This document describes the Simple Network Management Protocol (SNMP) agent support in Cisco IOS for Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) event notifications as implemented in the notifications section of the draft MPLS/BGP Virtual Private Network Management Information Base Using SMIv2 (draft-ietf-ppvpn-mpls-vpn-mib-03.txt).
The MPLS VPN technology allows service providers to offer intranet and extranet VPN services that directly connect their customers' remote offices to a public network with the same security and service levels that a private network offers. The Provider-Provisioned VPN (PPVPN)-MPLS-VPN MIB notifications provide SNMP notification for critical MPLS VPN events.
The MPLS VPN--SNMP Notifications feature provides the following benefits:
Feature Specifications for the MPLS VPN--SNMP Notifications
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information Table at the end of this document.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Prerequisites for MPLS VPN--SNMP Notifications
The MPLS VPN--SNMP Notifications feature requires the following:
Restrictions for MPLS VPN--SNMP Notifications
Information About MPLS VPN--SNMP Notifications
Cisco Implementation of MPLS-VPN-MIB
SNMP agent code operating in conjunction with the notifications of the MPLS VPN--SNMP Notifications feature enables a standardized, SNMP-based approach to monitoring the MPLS-VPN-MIB notifications that aid in the management of MPLS VPNs in Cisco IOS.
The MPLS VPN--SNMP Notifications feature is based on the IETF draft specification draft-ietf-ppvpn-mpls-vpn-mib-02.txt , which includes notification objects that support MPLS VPN notification events. This IETF draft MIB, which undergoes revisions from time to time, is being evolved toward becoming a standard. Accordingly, the Cisco implementation of features of the MPLS-VPN-MIB is expected to track the evolution of the IETF draft MIB, and may change accordingly.
Some slight differences between the IETF draft MIB and the actual implementation of MPLS VPNs within Cisco IOS require some minor translations between the MPLS-VPN-MIB and the internal data structures of Cisco IOS. These translations are accomplished by means of the SNMP agent code. Also, while running as a low priority process, the SNMP agent provides a management interface to Cisco IOS. SNMP adds little overhead on the normal functions of the device.
The SNMP objects defined in the MPLS-VPN-MIB notifications can be viewed by any standard SNMP utility. The network administrator can retrieve information in the MPLS-VPN-MIB using standard SNMP get and getnext operations for SNMP v1, v2, and v3.
All MPLS-VPN-MIB objects are based on the IETF draft MIB; thus, no specific Cisco SNMP application is required to support the functions and operations pertaining to the MPLS VPN--SNMP Notifications feature.
This section contains the following information about the Cisco implementation of the MPLS-VPN-MIB:
Capabilities Supported by MPLS VPN--SNMP Notifications
The following functionality is supported in this release for the MPLS VPN--SNMP Notifications feature. This feature provides you with the ability to do the following:
Notification Generation Events for the MPLS-VPN-MIB
The following notifications of the MPLS-VPN-MIB are implemented for this release:
Router(config)# ip vrf vrf-name Router(config-vrf)# maximum routes max-thresh mid-thresh (% of max)
This notification is sent to the NMS only at the time the threshold is exceeded. Whenever the number of routes falls below this threshold and exceeds the threshold again, a notification is sent to the NMS. (See the figure below for a comparison of the warning and maximum thresholds.)
Router(config)# ip vrf vrf-name Router(config-vrf)# maximum routes max-thresh mid-thresh (% of max)
A trap notification is sent to the NMS when you attempt to exceed the maximum threshold. Another notification is not sent until the number of routes falls below the maximum threshold and reaches the maximum threshold again. (See the figure below for an example of how this notification works and for a comparison of the maximum and warning thresholds.)
For information on the Cisco IOS CLI commands for configuring MPLS-VPN-MIB notifications that are to be sent to an NMS, see the How to Configure the MPLS VPN--SNMP Notifications and Command Reference sections.
Notification Specification for MPLS-VPN-MIB
In an SNMPv1 notification, each VPN notification has a generic type identifier and an enterprise-specific type identifier for identifying the notification type.
In SNMPv2, the notification type is identified by an SnmpTrapOID varbind (variable binding consisting of an object identifier (OID) type and value) included within the notification message.
Each notification also contains two additional objects from the MPLS-VPN-MIB. These objects provide additional information about the event, as follows:
Monitoring the MPLS VPN--SNMP Notifications
When MPLS-VPN-MIB notifications are enabled, notification messages relating to specific MPLS VPN events within Cisco IOS are generated and sent to a specified NMS in the network. Any utility that supports SNMPv1 or SNMPv2 notifications can receive notification messages.
To monitor MPLS-VPN-MIB notification messages, log in to an NMS that supports a utility that displays SNMP notifications, and start the display utility.
How to Configure the MPLS VPN--SNMP Notifications
This section contains the following procedures. Each task in the list is identified as either required or optional.
The MPLS VPN notifications are enabled or disabled using the extended CLI commands (see the Command Reference section).
Configuring an SNMP Communtity
An SNMP community string defines the relationship between the SNMP manager and the agent. The community string acts like a password to regulate access to the agent on the router.
Perform this task to configure an SNMP community.
Configure the Router to Send SNMP Traps
Perform this task to configure the router to send traps to a host.
The snmp-server host command specifies which hosts receive traps. The snmp-server enable traps command globally enables the trap production mechanism for the specified traps.
Configure Threshold Values for MPLS VPN--SNMP Notifications
Perform this task to configure threshold values for MPLS VPN SNMP notifications.
The mplsNumVrfRouteMidThreshExceeded notification event is generated and sent when the middle (warning) threshold is crossed. You can configure this threshold in the CLI by using the maximum routes command in VRF configuration mode. This notification is sent to the NMS only at the time the threshold is exceeded. Whenever the number of routes falls below this threshold and exceeds the threshold again, a notification is sent to the NMS.
The mplsNumVrfRouteMaxThreshExceeded notification event is generated and sent when you attempt to create a route on a VRF that already contains the maximum number of routes as defined by the maximum routes command in VRF configuration mode. A trap notification is sent to the NMS when you attempt to exceed the maximum threshold. Another notification is not sent until the number of routes falls below the maximum threshold and reaches the maximum threshold again.
(See the figure above for an example of how this notification works and for a comparison of the maximum and warning thresholds.)
Configuration Examples for MPLS VPN--SNMP Notifications
Configure the Community Example
The following example shows enabling a simple SNMP community group. This configuration permits any SNMP client to access all MPLS-VPN-MIB objects with read-only access using the community string comaccess.
Router# configure terminal Router(config)# snmp-server community comaccess ro
Verify that the SNMP master agent is enabled for the MPLS VPN--SNMP Notifications feature:
Router# show running-config | include snmp-server Building configuration... .... snmp-server community comaccess RO ....
Configure the Router to Send SNMP Traps Examples
The following example shows you how to enable the router to send MPLS VPN notifications to host 172.20.2.160 using the comaccess community string if a VRF transitions from a down state to an up state or from an up state to a down state.
Router# configure terminal Router(config)# snmp-server host 172.20.2.160 traps comaccess mpls-vpn Router(config)# snmp-server enable traps mpls vpn vrf-up vrf-down
The following commands are introduced or modified in the feature or features documented in this module. For information about these commands, see the Cisco IOS Multiprotocol Label Switching Command Reference at http://www.cisco.com/en/US/docs/ios/mpls/command/reference/mp_book.html. For information about all Cisco IOS commands, go to the Cisco IOS Master Commands List .
ASN.1 --Abstract Syntax Notation One. OSI language for describing data types independent of particular computer structures and representation techniques. Described by ISO International Standard 8824.
BGP --Border Gateway Protocol. The exterior Border Gateway Protocol used to exchange routing information between routers in separate autonomous systems. BGP uses Transmission Control Protocol (TCP). Because TCP is a reliable protocol, BGP does not experience problems with dropped or fragmented data packets.
CEF --Cisco Express Forwarding. An advanced Layer 3 IP switching technology. CEF optimizes network performance and scalability for networks with large and dynamic traffic patterns.
CE router --customer edge router. A router on the border between a VPN provider and a VPN customer that belongs to the customer.
community --In SNMP, a logical group of managed devices and NMSs in the same administrative domain.
community name --See community string.
community string --Text string that acts as a password and is used to authenticate messages sent between a managed station and a router containing an SNMP agent. The community string is sent in every packet between the manager and the client. Also called a community name.
IETF --Internet Engineering Task Force. Task force consisting of over 80 working groups responsible for developing Internet standards. The IETF operates under the auspices of ISOC. See also ISOC.
informs --A type of notification message that is more reliable than a conventional trap notification message, because the informs message notification requires acknowledgment, and a trap notification does not.
ISOC --Internet Society. International nonprofit organization, founded in 1992, that coordinates the evolution and use of the Internet. In addition, ISOC delegates authority to other groups related to the Internet, such as the IAB. ISOC is headquartered in Reston, Virginia (United States).
label --A short, fixed-length data construct that tells switching nodes how to forward data (packets or cells).
label distribution protocol --See LDP.
label forwarding information base --See LFIB.
label switch router --See LSR.
LDP --label distribution protocol. A standard protocol between MPLS-enabled routers that is used for the negotiation of the labels (addresses) used to forward packets.
LFIB --label forwarding information base. In the Cisco Label Switching system, the data structure for storing information about incoming and outgoing tags (labels) and associated equivalent packets suitable for labeling.
LSR --label switch router. A device that forwards MPLS packets based on the value of a fixed-length label encapsulated in each packet.
MIB --Management Information Base. Database of network management information that is used and maintained by a network management protocol such as SNMP or CMIP. The value of a MIB object can be changed or retrieved using SNMP or CMIP commands, usually through a GUI network management system. MIB objects are organized in a tree structure that includes public (standard) and private (proprietary) branches.
MPLS --Multiprotocol Label Switching. A method for forwarding packets (frames) through a network. It enables routers at the edge of a network to apply labels to packets (frames). ATM switches or existing routers in the network core can switch packets according to the labels with minimal lookup overhead.
MPLS interface --An interface on which MPLS traffic is enabled.
MPLS VPN --Multiprotocol Label Switching Virtual Private Network. Using MPLS VPNs in a Cisco IOS network provide the capability to deploy and administer scalable Layer 3 VPN backbone services including applications, data hosting network commerce, and telephony services, to business customers. A VPN is a secure IP-based network that shares resources on one or more physical networks. A VPN contains geographically dispersed sites that can communicate securely over a shared backbone.
For an MPLS VPN Solution, an MPLS VPN is a set of PEs that are connected by means of a common "backbone" network to supply private IP interconnectivity between two or more customer sites for a given customer. Each VPN has a set of provisioning templates and policies and can span multiple provider administrative domains (PADs).
Multiprotocol Label Switching --See MPLS.
notification --A message sent by an SNMP agent to a network management station, console, or terminal to indicate that a significant event within Cisco IOS has occurred. See also trap.
NMS --network management system. A powerful, well-equipped computer (typically an engineering workstation) that is used by a network administrator to communicate with other devices in the network. An NMS is typically used to manage network resources, gather statistics, and perform a variety of network administration and configuration tasks.
PE router --provider edge router. A router on the border between a VPN provider and a VPN customer that belongs to the provider.
PPVPN --Provider-Provisioned VPN. The name of the IETF working group that is developing the PPVPN-MPLS-VPN MIB (MPLS-VPN-MIB).
QoS --quality of service. Measure of performance for a transmission system that reflects its transmission quality and service availability.
RSVP --Resource Reservation Protocol. Protocol for reserving network resources to provide Quality of Service guarantees to application flows.
Simple Network Management Protocol --See SNMP.
SNMP --Simple Network Management Protocol. Network management protocol used almost exclusively in TCP/IP networks. SNMP provides a means to monitor and control network devices, and to manage configurations, statistics collection, performance, and security. See also SNMP2.
SNMP2 --SNMP Version 2. Version 2 of the popular network management protocol. SNMP2 supports centralized as well as distributed network management strategies, and includes improvements in the SMI, protocol operations, management architecture, and security. See also SNMP.
traffic engineering --The techniques and processes used to cause routed traffic to travel through the network on a path other than the one that would have been chosen if standard routing methods had been used.
trap --A message sent by an SNMP agent to a network management station, console, or terminal, indicating that a significant event occurred. Traps (notifications) are less reliable than inform requests, because the receiver does not send an acknowledgment when it receives a trap. The sender cannot determine if the trap was received. See also notification.
VPN --Virtual Private Network. A group of sites that, as the result of a set of administrative policies, are able to communicate with each other over a shared backbone network. See MPLS VPN.
VRF --VPN routing/forwarding instance. A VRF consists of an IP routing table, a derived forwarding table, a set of interfaces that use the forwarding table, and a set of rules and routing protocols that determine what goes into the forwarding table. In general, a VRF includes the routing information that defines a customer VPN site that is attached to a PE router.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2012 Cisco Systems, Inc. All rights reserved.