1. Home
  2. Networking
  3. Network Management

Creating New MIB Objects: EXPRESSION-MIB

Even though the previous sections on generic accounting and performance MIBs and the technology-specific MIBs were comprehensive, you might experience situations in which the required managed object does not exist. As initially described in RFC 1213, a common MIB design principle is to minimize the number of managed objects:

"To avoid redundant variables, it was required that no object be included that can be derived from others in the MIB."

A typical example is link utilization. To graph a real-time view of a link's utilization, the NMS needs to poll three variables (ifInOctets, ifOutOctets, and ifSpeed) on a regular basis, insert the values in a formula, calculate the results, and graph the utilization. Rather than filling more MIBs with standardized objects, the EXPRESSION-MIB supports externally defined expressions of existing MIB objects. The EXPRESSION-MIB is a way to create and customize MIB objects for monitoring purposes.

Although new objects can reduce network traffic and overhead on network management systems, this is not the main reason to create new variables. The real benefit of the Expression-MIB is that using the new MIB variables in conjunction with the thresholding capabilities from the RMON-MIB (event and alarm group, as discussed in Chapter 5) or the EVENT-MIB (discussed in a moment) enables self-monitoring for network elements. Instead of a network management application regularly polling devices for potential faults, the network element monitors itself and sends a notification if a threshold violation occurs. Wildcarding is an interesting feature of the Expression-MIB, because a single expression can be applied to multiple instances of the same MIB object. A similar expression is applied to all a router's interfaces, and only a single entry is required in the EXPRESSION-MIB. For example, the link utilization for all interfaces can be monitored with a single entry.

Initially sketched by Cisco engineers, the idea of the EXPRESSION-MIB was proposed to the IETF DISMAN (Distributed Management) working group. It was accepted as a working group item, improved, and published as the standard track RFC 2982. Currently Cisco IOS implements only an earlier draft version of RFC 2982. The differences between the draft version and RFC 2982 are minor from a technical standpoint. The biggest change is that the draft implements the managed OID in the Cisco namespace, as opposed to the IANA standard namespace.

EXPRESSION-MIB Examples

The EXPRESSION-MIB can be configured only via SNMP. The IOS CLI commands are limited to show commands and debugging operations. The main example described in this section enables the network element to monitor the utilization of its links. When combined with the EVENT-MIB (described in the next section), this example permits a simple link capacity monitoring and planning tool. If the link utilization rises above 50 percent during one hour, a notification is sent to the network management station, indicating that it might be time to upgrade the link capacity.

In this example, you create a new MIB variable, e1exp, which is refreshed every 60 seconds, for the link utilization of the half-duplex interface with ifIndex = 6:

(delta (ifInOctets.6) + delta (ifOutOctets.6)) * 8 * 100 e1exp = delta (sysUpTime) * ifSpeed.6

The router is accessed with SNMP2c (SNMP version 2c), the read-write community string is private, and the SNMP tool net-snmp is used. In this example, managed objects are set to integer, unsigned, string, and object identifier, respectively represented by i, u, s, and o in the net-snmp syntax.

To avoid confusion with an existing entry, the expNameStatus managed object entry must be destroyed (delete = integer 6) before the new entry is set up (createAndWait = integer 5). See the RowStatus SNMPv2 textual convention for more details. The entry index is 101.49.101.120.112, which is the ASCII form of e1exp:

Code View:
SERVER % snmpset -v 2c -c private router expNameStatus.101.49.101.120.112 i 6
SERVER % snmpset -v 2c -c private router expNameStatus.101.49.101.120.112 i 5

As a unique numeric identification for the object entry, expExpressionIndex is set to 1:

Code View:
SERVER % snmpset -v 2c -c private router expExpressionIndex.101.49.101.120.112 u 1

A comment is added for the object entry—expExpressionComment.1. .1 is the chosen expExpressionIndex:

Code View:
SERVER % snmpset -v 2c -c private router expExpressionComment.1 s "e1 expression"

The refresh time for the generation of this object entry is defined by expExpressionDeltaInterval. In this case, the chosen interval is 60 seconds:

SERVER % snmpset -v 2c -c private router expExpressionDeltaInterval.1 i 60

This expression calculates the utilization, with the parameters $1, $2, $3, and $4, as defined later. This expression type is an integer32 (expExpressionValueType = 4):

Code View:
SERVER % snmpset -v 2c -c private router expExpression.1 s '($1+$2)*800/($3*$4)'
SERVER % snmpset -v 2c -c private router expExpressionValueType.1 i 4

Now you create (createAndWait = integer 5) the formula's four parameters. As mentioned, a good practice is to delete all existing entries (delete = integer 6) to avoid any preset values. See the RowStatus SNMPv2 textual convention for more details. These are the executed operations:

SERVER % snmpset -v 2c -c private router expObjectStatus.1.1 i 6
SERVER % snmpset -v 2c -c private router expObjectStatus.1.2 i 6
SERVER % snmpset -v 2c -c private router expObjectStatus.1.3 i 6
SERVER % snmpset -v 2c -c private router expObjectStatus.1.4 i 6
SERVER % snmpset -v 2c -c private router expObjectStatus.1.1 i 5
SERVER % snmpset -v 2c -c private router expObjectStatus.1.2 i 5
SERVER % snmpset -v 2c -c private router expObjectStatus.1.3 i 5
SERVER % snmpset -v 2c -c private router expObjectStatus.1.4 i 5

The formula's four parameters are configured next, as $1 = ifInOctets.6, $2 = ifOutOctets.6, $3 = SysUpTime.0, and $4 = ifSpeed.6:

Code View:
SERVER % snmpset -v 2c -c private router expObjectID.1.1 o .1.3.6.1.2.1.2.2.1.10.6
SERVER % snmpset -v 2c -c private router expObjectID.1.2 o .1.3.6.1.2.1.2.2.1.16.6
SERVER % snmpset -v 2c -c private router expObjectID.1.3 o .1.3.6.1.2.1.1.3.0
SERVER % snmpset -v 2c -c private router expObjectID.1.4 o .1.3.6.1.2.1.2.2.1.5.6

The expObjectSampleType object specifies whether the parameters are absolute (integer 1) or delta (integer 2) values:

SERVER % snmpset -v 2c -c private router expObjectSampleType.1.1 i 2
SERVER % snmpset -v 2c -c private router expObjectSampleType.1.2 i 2
SERVER % snmpset -v 2c -c private router expObjectSampleType.1.3 i 2
SERVER % snmpset -v 2c -c private router expObjectSampleType.1.4 i 1

The expObjectIDWildcard object indicates whether the parameters use wildcards; true = integer 1, and false = integer 2:

SERVER % snmpset -v 2c -c private router expObjectIDWildcard.1.1 i 2
SERVER % snmpset -v 2c -c private router expObjectIDWildcard.1.2 i 2
SERVER % snmpset -v 2c -c private router expObjectIDWildcard.1.3 i 2
SERVER % snmpset -v 2c -c private router expObjectIDWildcard.1.4 i 2

Finally, the four object entries and the e1exp expression entries are activated (active = integer 1):

Code View:
SERVER % snmpset -v 2c -c private router expObjectStatus.1.1 i 1
SERVER % snmpset -v 2c -c private router expObjectStatus.1.2 i 1
SERVER % snmpset -v 2c -c private router expObjectStatus.1.3 i 1
SERVER % snmpset -v 2c -c private router expObjectStatus.1.4 i 1
SERVER % snmpset -v 2c -c private router expNameStatus.101.49.101.120.112 i 1

At this point, the configuration and activation of the new MIB variable are completed, and the network element starts the self-monitoring of the link utilization of a specific interface. The new MIB variable e1exp contains the link utilization; it is calculated every 60 seconds. Wildcard operations could be the next step to multiply this setup to match all interfaces of a network element.

The possibilities for the EXPRESSION-MIB are numerous:

  • When there is no counter for the sum of entries in a MIB table, the EXPRESSION-MIB can create an expression (such as numEntries) that matches the number of entries in this table. A second expression (such as sumEntries) can then sum up the total number of entries in the first expression.

  • For an access router to send a fault notification for only high-speed interfaces above 100 kbps, the EXPRESSION-MIB creates a wildcard expression (such as ifSpeedHigh), which contains the results of the expression: ifSpeed > 100000 and ifOperStatus = 2. The EVENT-MIB generates a notification when the expression ifSpeedHigh is true (integer 1).

The main use of the EXPRESSION-MIB is to offer customized objects for the EVENT-MIB. The collaboration between the two MIBs is described in the next section.

EVENT-MIB Associated with EXPRESSION-MIB

In 2000, Cisco engineers proposed the idea of the EVENT-MIB to the IETF DISMAN working group. It was accepted as a working group item, improved, and published as the standard track RFC 2981. It provides the ability to monitor MIB objects on a network element by using SNMP and to initiate simple actions whenever a trigger condition is met. Actions can be SNMP notifications or SNMP set operations of MIB objects. When notifications are triggered by events, the NMS no longer needs to poll the network elements constantly to identify changes. A simple "status poll" is enough to monitor that the network element is still alive.

Following the EXPRESSION-MIB example regarding link utilization, the EVENT-MIB can poll the newly created managed object e1exp on a regular basis, set a threshold violation policy, and send a notification if the threshold is exceeded.

Without going into detail, the EVENT-MIB offers many advantages and superior flexibility compared to the RMON events and alarms:

  • Managed object existence can be used to test the existence of a managed object. A typical example is to test if a second power supply is present or missing.

  • Boolean tests provide operations such as greater than, greater than or equal to, equal to, not equal to, less than, and less than or equal to.

  • Wildcarding speeds up the configuration, because a single EVENT-MIB entry can monitor indexed managed objects. For example, an entry polling ifOperStatus.* checks the operational status of all interfaces on the network element.

  • Options to customize SNMP notifications increase the operator's flexibility. Following the example of monitoring ifOperStatus.*, customized linkUp/linkDown notifications can be sent. A useful example is to use the sysContact object, which contains the administrator contact information for a particular network element.

Without the EXPRESSION-MIB capabilities, the EVENT-MIB monitoring would be limited to the existing objects in other MIBs, which explains why the combination of both MIBs provides the best results.



Network Management: Accounting and Performance Strategies - Graphically Rich Book
About the Authors
About the Technical Reviewers
Acknowledgments
Icons Used in This Book
Command Syntax Conventions
Introduction
Part I: Data Collection and Methodology Standards
Part II: Implementations on the Cisco Devices
Chapter 4. SNMP and MIBs
MIBs
IOS Support for SNMP Versions
net-snmp Utilities
CLI Operations and Configuration Example for SNMPv2c
CLI Operations and Configuration Examples for SNMPv3
MIB Table Retrieval Example
MIB Functional Area Comparison Table
General-Purpose MIBs for Accounting and Performance
Advanced Device Instrumentation
Technology-Specific MIBs for Accounting and Performance
Creating New MIB Objects: EXPRESSION-MIB
Obtaining MIBs
Chapter 5. RMON
Chapter 6. IP Accounting
Chapter 7. NetFlow
Chapter 8. BGP Policy Accounting
Chapter 9. AAA Accounting
Chapter 10. NBAR
Chapter 11. IP SLA
Chapter 12. Summary of Data Collection Methodology
Part III: Assigning Technologies to Solutions