In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-21 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
Passerby A: brother Jiang Juice, I heard that your column is selling very well?
It's all right. Thank you for your approval.
Passerby A: you made a little money here and ran away? It has been n years since I last saw you post an article.
Did not run, did not run, I am now working day and night for the "net worker 2.0 promotion strategy-zero basic entry Ansible/Python" to rush the manuscript. There are colored eggs at the bottom! )
Passerby A: really good at pretending.
After thinking about it for a long time, I came up with such a prologue written in 2B pencil with great advertising elements. Recently, when I was busy with the column, I had no time to update my blog. I'm sorry to my friends.
Today, I would like to talk to you about a topic related to years of feud.
SNMP is dead!
Whoa, wait, wait.
I know you have a deep affection for SNMP. Your network is all covered by SNMP.
This product is going to strike. It is estimated that the boss will come to your house soon. It is estimated that you will have to carry your laptop to the computer room on your wedding night.
However, just as the American Emperor did not seem to have killed me, many people already had a bad heart for SNMP and wanted to kill it.
The purpose of my coming here today is to tell you what other people think of SNMP and how they plan to kill SNMP.
After all, there are some things that can't be slapped with one slap, and there must be a reason.
Let's not object in a hurry and see if they have a point.
It doesn't make any sense. Fly the axe again.
First, the data are not accurate.
SNMP is a query-based mode. By sending snmp query messages periodically, the network management system asks network devices or server devices one by one.
Hello, how are you?
What is your situation, what is the interface traffic, what is the CPU, internal occupancy rate and so on?
Just like the old lady who made rounds in college, she will come and harass you in a moment.
But this query, after all, there is a time interval, usually we are configured for 5 minutes, that is, 300 seconds.
If you look at it in a day, or a few hours, five minutes is really short.
So everything is fine and perfect.
However, there are occasional problems, and let's take a traffic monitoring platform like Cacti as an example.
For example, customers complain that the network speed is very slow in a certain period of time and there is a phenomenon of packet loss.
Then the engineer checked the monitoring platform, no problem, we monitor the interface traffic on the platform is very stable.
I don't see any congestion.
You say, at this time, are you saying that the customer is unruly, or that the engineer is telling lies?
Actually, both of them are right.
Let's take a look at the following picture:
Ginger ale, huh? Your windows drawing skills need to be strengthened, ah, not ordinary ugly ah. )
In the image above, the green line is the bandwidth considered by the monitoring system, while the yellow bar at the top represents the interface bandwidth, and the fluctuating up and down represents real-time traffic.
I guess, needless to say, you probably know about it.
Yes, when SNMP first queried five minutes ago, it got the first value, and after the second query, coincidentally, it got the same value as the first one.
So from the point of view of SNMP, it seems that the interface bandwidth occupied has not changed in these 5 minutes.
However, the real user data is like a surging wave, the situation is changing.
You don't know that there will be sudden data at a certain moment, and the word "sudden" shows that it is not continuous, it is a sudden appearance.
However, this burst of traffic will still cause packet loss of the network interface.
For example, there are several bulges in the picture.
But in the monitoring system, it is calm, the years are quiet.
The above example may be a little extreme, because a completely flat monitoring platform traffic line is unlikely.
But it is smooth, not a sudden burst of traffic, it really happens.
For example, here is another counterexample:
In the following figure, the blue line, unfortunately, is still a SNMP query.
And the red line is the data spit out by a monitoring protocol.
Here we can see that the red line is very close to the real traffic.
On the other hand, the part circled by the thick red line is a failure that causes the traffic to plummet.
However, these details cannot be found in SNMP's regular enquiries.
In his eyes, it will always be a silky straight line.
Second: thankless contribution
As mentioned above, SNMP missed many details because of regular queries.
Some of the little friends raised the corners of their mouths with a bad smile.
It's not easy for you to solve this. Just shorten the SNMP query time.
For example, for 1 minute, you can have fun for 30 seconds if you want.
This is called moving your mouth as a leader and moving your legs when you work.
I believe that many operation and maintenance friends must have experienced that the CPU of network equipment soars high on a regular basis.
It's very regular. Let's have one in a few minutes.
And coincidentally, the server of the network management system also has a special connection, and the two resonate together.
You are tall, so am I.
Look it up again and again, there is only one process: SNMP.
Needless to say, either there are too many monitoring systems, this system is responsible for querying one part, and that system is responsible for querying the other part.
This network equipment can't stand it.
It is either a monitoring system, but there are too many queries. For example, each query basically turns the network equipment upside down.
Because these queries are handled by the routing engine of the network device, can the CPU not be high?
Therefore, it is not possible to modify queries too frequently.
Third: unreliable
After talking about the snmp query above, there is also a problem with snmp's trap message.
In general, we use UDP to carry SNMP messages, and you know the virtues of UDP.
No problem, what's the problem, directly lost the data packet on the spot, the key is not to tell you that the data packet was lost by it, this character is questionable.
The general agreement is OK, but SNMP trap is the only one.
If you drop an interface down, the network device will send it once, and this is the only time to send a trap message.
The UDP photo is always lost.
After losing it, the network equipment patted his ass and said, "I sent it anyway."
The network management system said, I don't see it. I don't know.
Who had bad luck in the end?
An engineer engaged in operation and maintenance, needless to say.
In the online world, there are also state-owned enterprises.
I have encountered another problem myself, such as when a monitoring platform device controls thousands of devices at the same time.
These snmp trap messages from different time periods flooded into the monitoring platform devices, but when these trap entered the internal snmp process of the monitoring platform, because some bug of open source software were not distributed enough, trap queued up in the internal software queue of the device and entered the field.
Then a funny scene appeared. two hours ago, a network device hung up, and the network management center monitors were happily eating hot pot and singing songs. Until someone rushed to the office and said, our network is down, what's going on?
No, look at the monitoring platform. It's full of green lights. How beautiful.
Two hours later, someone shouted that the device was down.
So back to the problem itself, suppose there is an important interface down dropped, how can you solve it with SNMP?
a. Shall we adjust the query time to query per second?
b. Wait for the news from SNMP trap?
You say the above two, which one do you choose?
Fourth: not fully compatible
Do you encounter the following scenarios:
Early in the morning, nothing has been done, only Baidu.
Baidu what?
Keyword: MIB library of so-and-so device?
Or, the keyword: so-and-so device SNMP queries for a numerical value.
These things are really annoying.
How was it solved in the end?
Alas, how else can it be solved? knock on the command line to collect it.
If you can program, write a program to collect commands.
If you become a leader, find an engineer who can write code and write a program to collect orders.
Fifth: inhumane OID value
Let me ask you a question. Do you know what this is?
.1.3.6.1.2.1.2.1.8
Answer: SNMP OID value.
Again?
What OID value?
If you say: this refers to the interface status of IF-MIB, ifOperStatus
Congratulations, you can visit the abnormal Human Research Center.
I'm sure you've played snmpwalk, and all you walk out is a bunch of numbers in non-human language.
How do you think you can be in a good mood at work?
Summary of SNMP
Dare not say more, say too much is to pull hatred, after all, including me, many people are still relying on SNMP, do not serve, be careful to strike you.
To sum up, SNMP does encounter bottlenecks in today's network environment.
Especially today, the network scale is expanding day by day.
So, I answered that sentence:
Some of the SNMP is still alive, but in fact it is dead.
What shall I do?
The change from Pull to Push.
Can we change the traditional method of "pulling" data from the monitoring system to the network equipment into a method in which the network equipment actively "pushes" the data to the monitoring system?
For example, the device status acquisition method that takes SNMP as an example is the pull method, which is called query.
This causes the network device to respond passively, because you don't know when the SNMP query will fly in, and when it does, the network device will have to allocate resources for processing.
However, from another perspective, if we take the initiative to report, the problem will be solved.
Because the network equipment has the initiative to report actively, the developer can adjust the equipment resource utilization and load according to the actual operation.
For ease of reading, here is a simple comparison between the two:
Needless to say, after a competition, in addition to the flexibility lost to the passive query, other aspects take the initiative to report "push" a huge advantage.
Future trend: Streaming Telemetry stream telemetry technology
The name is very hanging, stream telemetry technology.
Actually, to put it simply. It is the way to "push" the data mentioned above.
So how to efficiently complete the action of "push"?
Streaming Telemetry has the following characteristics:
1. Data reporting based on data level
Traditional SNMP, whether query or Trap, is a routing engine, which is handled by the control plane.
However, with the support of manufacturers, Streaming Telemetry can implant code at the ASIC level of the hardware board and export real-time data directly from the board.
On the other hand, the data exported by the board is sent at wire speed, which makes the upper routing engine focus on protocol and routing calculation.
As shown in the following figure:
two。 High scalability
Based on the first data-level reason, the scalability of Stream Telemetry is greatly enhanced.
For example, the following figure is a diagram of CPU utilization. (device model unknown)
Roughly speaking, CPU utilization hovers around 8 per cent.
However, this device is configured with Stream Telemetry proactive escalation.
Guess how much it reported?
Here is the data:
Report more than 60 metrics every 15 seconds, including input and output statistics of more than 17610 Gigabit interfaces of reporting types, error number and Qos queue statistics. Each interface contains two data types, IPv4 and IPv6. The number of bytes and packets of the last 200 MPLS LSP.
It's horrible. Compared with it, SNMP is instantly weak.
The red line in this picture mentioned above is the data spit out by a certain protocol.
Needless to say, you know everything.
This is the data that Streaming Telemetry spit out.
3. Automatically support Devops operation and maintenance automation
Because of two major advantages, Streaming Telemetry automatically docks current popular technologies, such as operation and maintenance automation technology.
On the one hand, the data collected by the Streaming Telemetry monitoring platform is close to instant information, so Devops operation and maintenance automation engineers can play many different ways, such as automatically adjusting the data forwarding path according to the current traffic data combined with SDN.
On the other hand, the data formats adopted by Streaming Telemetry are popular standard formats and models today. For example, JSON,NETCONF, and the YANG model.
So, to put it simply, this is a tool and technology that conforms to the times.
4. Multiple choice
At present, there are two options for Streaming Telemetry technology.
One is Sflow.
And the other is OpenConfig Telemetry.
(it has been deployed in Google, and 30% of the manufacturer's devices have enabled Streaming Telemetry, with millions of updates per second. )
A lot of manufacturers have followed up on the above two companies.
For example, both Cisco and Juniper can be configured accordingly.
Interested friends can take a look at the official configuration documentation.
This article starts with a whistle.
If you're interested in what sflow or Openconfig is doing.
Please leave a message and I will talk about the details in my next article.
Last
Having said so much, let's finally talk about our feelings.
That is, in the last 5-6 years, the computer network industry has changed dramatically.
All kinds of new technologies emerge in endlessly, a hundred flowers blossom and a hundred schools of thought contend.
And when I keep touching these new technologies, my heart is not only touched, but also a sense of crisis that exists all the time.
Therefore, I hope I can build a small information bridge with limited time and energy. Whether it is because of the gap in English or for other reasons, we will work together for the future.
By the way, do a little promotion:
If you don't know what the JSON,NETCONF,YANG model means?
If you want to learn automation?
Or, you just want to find a group of like-minded good xxx (original text is basic friends, harmonious version is × ×), talk about network technology. Instead of joining a dead group one at a time.
So, I think my column "Web worker 2.0 Promotion Strategy-Zero basic entry Ansible/Python" will meet all of your above needs.
Colored egg
Android mini program side "51CTO subscription column", subscription column is more discount!
Join us and welcome the future.
Finally, it ends with the lyrics of Cui Jian's "No, I don't understand the world is changing fast." Happy National Day.
It's not that I don't understand-Cui Jian looks at that tall building like the rice and wheat in front of me is the ocean of people and traffic jams. I look left and right, look before and after, or I can't see this, that, the weirder and weirder the past. I don't know what the world has a lot of strange past. I don't know what the future is. I don't seem to know what the future is. It's not that I don't understand. The world is changing fast.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 295
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.