Measuring Bandwidth Utilization on Cisco Switch Ports

Yesterday I spoke at the third Net Optics Think Tank in Santa Clara, CA. During the event one of the Net Optics product managers asked me about measuring bandwidth utilization on switch ports. I did not have an answer for him... until I took a look at the latest Packet magazine. The Q305 (.pdf) edition features a tip from Aurelio DeSimone on p. 13 mentioning the show controllers utilization command.

If anyone knows of a similar set of information via SNMP, please let me know via a comment here.

Here is sample output:

Switch> show controllers utilization
Port Receive Utilization Transmit Utilization
Fa0/1 0 0
Fa0/2 0 0
...truncated...
Total Ports : 12
Switch Receive Bandwidth Percentage Utilization : 0
Switch Transmit Bandwidth Percentage Utilization : 0
Switch Fabric Percentage Utilization : 0

This is just the sort of data I would like to see for SPAN ports. You can specify the SPAN port in your syntax (e.g., show controllers fastethernet0/1 utilization) to see how much traffic it is carrying to your sensor.

The current Packet issue also features excellent articles on new modularity features of Cisco IOS and an overview of 10 GB Ethernet and its seven (yes, seven) variants. (There appear to be more, actually.) That sort of information reminds me of my "second law of information technology," which is "complexity increases." The second law of IT is constantly fighting the second law of thermodynamics, which is "entropy increases."

Comments

Anonymous said…
...measuring bandwidth utilization on switch ports

I don't know about switch ports, but back in '95/'96 when I was doing my master's thesis, I collected SNMP data from routers using octets-in and octets-out from the standard MIBII. Plotting those over time gave me utilitzation quite nicely.

H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com
Anonymous said…
On layer 3 switches such as the 3550 series, "show int summ" shows you the same data that is used for updating the inbound and outbound octets stats in mib2. Show int summ also works on just about every IOS router.

The OID that can be used from a 3550 switch (as an example, should be the same for a 3548/3524/etc) for octets in/out:

Inbound:
1.3.6.1.2.1.2.2.1.10.x
Outbound:
1.3.6.1.2.1.2.2.1.16.x

The x is where the ifIndex id goes for that particular interface. A mibwalker will help you find this.

And of course tools like MRTG, RTG, Cacti, etc make it all nice and easy to produce historical graphs.
When I posted the original story I did not make it clear that I was most interested in measures of backplane performance, perhaps best represented by the "Switch Fabric Percentage Utilization" figures. Does that make sense?
Anonymous said…
Check the Cisco MIB explorer online. A good place to start is:
http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en&translate=Translate&objectInput=1.3.6.1.4.1.9

Popular posts from this blog

Zeek in Action Videos

MITRE ATT&CK Tactics Are Not Tactics

New Book! The Best of TaoSecurity Blog, Volume 4