Researching Cisco Switch Backplane Statistics

While teaching at USENIX last week, I discussed SPAN ports. I mentioned that copying traffic to the SPAN port was less important than moving packets through the switch. One of the students asked if measuring the utilization of the switch backplane would reveal how well the switch was performing the SPAN function. Another student said there was a Simple Network Management Protocol Management Information Base (SNMP MIB) from which backplane statistics could be retrieved. I decided to research this issue as it affects using switches to collect traffic for network security monitoring. (Incidentally, Talisker offers SPAN port configuration advice for all sorts of switches.)

One answer appears in the Cisco document How to Get Catalyst Switch Backplane Utilization Using SNMP. This sounds promising until we read "the information in this document is valid for Cisco Catalyst switches that run Catalyst code only." Since modern Cisco switches run IOS, we seem out of luck.

That document produced several leads. First, it mentioned the CISCO-STACK-MIB. Finding this MIB clued me in to the multitude of MIBs offered by Cisco. They are available via FTP from ftp://ftp.cisco.com/pub/mibs/.

The link to the CISCO-STACK-MIB brought me to the SNMP Object Navigator. This is a really helpful tool. You can search object names and descriptions to receive a list of matching objects and MIBs for terms like backplane.

Another excellent resource is the MIBs Supported by Product tool. For example, here are all of the MIBs supported by the Cisco 2950 switch.

Cisco offers a few other helpful sites. These include the Cisco IOS MIB Tools page. That site has a link labelled MIB Locator. Follow it, select your IOS release, platform family (device), and IOS feature set, and you will learn what MIBs are present. Also useful are SNMP: Frequently Asked Questions About MIBs and the IP Application Services page for SNMP.

Getting back to the original question -- the original Cat OS discussion of the CISCO-STACK-MIB mentioned the sysTraffic Object Name as a place to find backplane information. Specifically, the description reads "Traffic meter value, i.e. the percentage of bandwidth utilization for the previous polling interval." The question now is to find out what Cisco devices support providing this information via SNMP. The View Supporting Images link on the sysTraffic page shows the Cisco IOS images which offer this SNMP value.

According to the results, the Cisco 3550 appears to be the cheapest switch which provides backplane statistics. I guess I won't be able to test this on my 2950! If anyone else managed to try this out, perhaps using snmpwalk from Net-SNMP, please post a comment.

Comments

Anonymous said…
If you are going to be playing around with snmp and mibs I have found scotty http://www.freshports.org/net-mgmt/scotty3/ to be very handy. And it is a tcl exension.

marc
ACK, thank you.

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics