Saturday, 15 May 2010

Fixed issue with ICMP packets not reaching OpManager probe

Came across a problem today and was fixed with help from Simon. A WAN CPE router was still reachable via SSH, but OpManager kept reporting it down due to polls failing. This turned out to be because a scheduled server backup was absorbing 100% of the 512k bandwidth.

A QoS policy existed already for voice, but attempts to match traffic that were heading to the SNMP server (IE the polls) using a class-map/access-list combo didn't calm the symptoms.

The main reason is that the ICMP packets are generated by the router so it's difficult to mark this traffic (unlike traffic that is passing through the router, like typical voice traffic).

Fixed the issue using ip local policy, with an access list and a Route Map:

ip local policy route-map set-dscp-icmp

ip access-list extended OPMANAGER
permit ip any host

route-map set-dscp-local permit 10

match ip address OPMANAGER

set ip precedence 5
set ip dscp ef

No comments: