This document is published under the Creative Commons license Attribution 3.0 Netherlands.

More information about the license can be found at http://creativecommons.org/licenses/by/3.0/nl/

Ethernet OAM in Icinga and Cacti Erik Ruiter, SURFsara

December 2013

Project : Research on Networks (RoN) Projectyear : 2013 Projectmanager : Ronald van der Pol Authors (s) : Erik Ruiter Releasedate : 31-12-2013 Version : 1

Summary Network operators can monitor network connections on the Ethernet layer using the Ethernet Operations, Administration and Monitoring (Ethernet OAM) standards, similar to monitoring on the IP layer using ping and traceroute. This document describes how to integrate Ethernet OAM monitoring in existing Icinga and Cacti monitoring tools.

The latest version of this document is also available from https://github.com/sara-nl/eth-oam/wiki/.

2

Colophon Programme line : Gigaport3 Part : NI hybrid network Activity : Network Virtualisation in the Cloud Deliverable : EDS-13-12R Access rights : public External party : SURFsara

This project was made possible by the support of SURF, the collaborative organisation for higher education institutes and research institutes aimed at breakthrough innovations in ICT. More information

on SURF is available on the website www.surf.nl.

 

3

Fact Sheet Six matters one should know about Ethernet OAM in Icinga and Cacti.

Scenario Network monitoring between Ethernet switches, where the monitoring results are collected by Icinga or Cacti.

What is it? A how to describing how to deploy the given scenario, including scripts for use in Icinga, Nagios and Cacti.

Whom is it for? Network operators that like to deploy Ethernet OAM in their network.

How does it work? Ethernet switches are configured to enable Ethernet OAM monitoring. A central monitoring tool like Icinga or Cacti runs one of the provided scripts which collect the monitoring results from these switches.

What can one do with it?

Monitor network connection between Ethernet switches, similar to how network connection are monitored between IP routers.

More information This document was prepared by Erik Ruiter with help of Freek Dijkstra. For more information, contact hpn@surfsara.nl.

 

4

Table of Contents 1 .   Introduction ..................................................................................................................................... 5  2.   Prerequisites and dependencies ....................................................................................... 6  

2.1.   Icinga ............................................................................................................................................... 6  2.2.   Cacti ................................................................................................................................................. 6  2.3.   net-snmp + OAM mibs .............................................................................................................. 6  2.4.   Python net-snmp bindings ...................................................................................................... 7  2.5.   ncclient: Python NETconf library .......................................................................................... 7  2.6.   dot1ag utils .................................................................................................................................... 7  

3.   Icinga plugin documentation ............................................................................................... 8  3.1.   Loopback message check script .......................................................................................... 8  

3.1.1.   Usage check_ethping.py .................................................................................................................. 8  3.1.2.   Output of loopback message check script .............................................................................. 9  

3.2.   Linktrace check script ............................................................................................................... 9  3.2.1.   3.2.1 Usage check_trace.py ........................................................................................................... 10  3.2.2.   Output of link trace check script ............................................................................................... 10  

3.3.   Continuity check script ........................................................................................................... 11  3.3.1.   Usage check_cfm_state_8021ag.py and check_cfm_state_ciena.py ........................... 11  3.3.2.   3.3.2 Usage check_cfm_state_juniper.py: .............................................................................. 12  3.3.3.   3.3.3 Output of continuity check scripts ................................................................................. 13  

4.   Configuring Icinga to use the OAM plugin scripts ............................................. 14  4.1.   eth-oam.cfg Example configuration file .......................................................................... 14  

5.   Cacti template documentation ......................................................................................... 16  5.1.   Ciena Template .......................................................................................................................... 16  5.2.   Juniper Template ...................................................................................................................... 16  

6.   Some issues .................................................................................................................................... 18  6.1.   Overture 24 ................................................................................................................................. 18  6.2.   MRV ................................................................................................................................................ 18  6.3.   Ciena MIB problem ................................................................................................................... 18  6.4.   Cacti template import issue ................................................................................................. 18  

7.   Configuration examples ........................................................................................................ 19  7.1.   OAM configuration for Ciena 3960 ................................................................................... 19  7.2.   OAM configuration example for Overture 24 ............................................................... 21  7.3.   Netconf / OAM configuration example for Juniper EX4200 .................................. 21  

8.   Tested equipment ..................................................................................................................... 24  9.   Terms and Abbreviations .................................................................................................... 25  

5

1. Introduction Ethernet OAM support is becoming more mature on various switching platforms, however Ethernet OAM is not yet widely supported on monitoring applications. Icinga and Cacti are two widely used monitoring applications that normally focus on layer three devices. Without too much effort SURFsara wrote some extensions that can be used in these applications. This proves that it is not necessarily to have a separate application for Ethernet OAM. This saves the time and resources when deploying Ethernet OAM.

One benefit of Ethernet OAM is the possibility to monitor Ethernet switches which have no IP connectivity. The 802.1ag CFM standard provides a standardized SNMP MIB, which allows monitoring of Maintenance End Points (MEP). This makes it easy to implement it on commonly used monitoring applications like Icinga and Cacti. These applications are open source and widely used. SURFsara developed a plugin for Icinga and Cacti to be able to use this MIB. This was tested on an Ethernet OAM testbed between TNO, SURFnet and SURFsara.

The plugins were developed as part of the Research On Networks (RON) project in 2013, which is funded and organised by SURFnet.

This document describes a HOWTO, which focuses at implementing the plugins for several brands of Ethernet switching hardware.

6

2. Prerequisites and dependencies

2.1. Icinga Icinga is an enterprise grade open source monitoring system which keeps watch over a network and any conceivable network resource, notifies the user of errors and recoveries, and generates performance data for reporting. Scalable and extensible, Icinga can monitor complex, large environments across dispersed locations. Icinga is licensed under GPL v2 and is free to use, distribute and modify.

Icinga is a fork of the Nagios platform. It was created by people from the Nagios community who were displeased with the direction that Nagios was developing. Mainly the lack of development on the core application was reason for people to initiate the development of Icinga. A quickstart guide, including installation instructions can be found on: http://docs.icinga.org/latest/en/quickstart-icinga.html

2.2. Cacti Cacti is a complete frontend to RRDTool, it stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. Along with being able to maintain Graphs, Data Sources, and Round Robin Archives in a database, cacti handles the data gathering. There is also SNMP support for those used to creating traffic graphs with MRTG. A complete manual can be found at: http://www.cacti.net/downloads/docs/html/index.html

2.3. net-snmp + OAM mibs To install net-snmp, use the following command:

yum install net-snmp net-snmp-libs net-snmp-utils net-snmp-devel

The MIBs related to Ethernet OAM must be placed in a folder which is in the search path for net-snmp.

To find the default mib folders, issue the following command:

$ net-snmp-config --default-mibdirs /home/erikr/.snmp/mibs:/usr/share/snmp/mibs

The following MIBs are required for the Icinga plugin:

● IEEE8021-CFM-MIB.mib ● IEEE8021-CFM-V2-MIB.mib ● IEEE8021-TC-MIB.mib

These can be found at: http://www.ieee802.org/1/files/public/MIBs/

For the Ciena version of the plugin, the following MIB is required:

● WWP-LEOS-CFM-MIB.my

Unfortunately this MIB is not available publicly.

Copy the necessary mibs to /usr/share/mibs/site or any other directory which is accessible by Icinga and net-snmp.

7

2.4. Python net-snmp bindings The Icinga plugin is written in Python and makes use of the Python net-snmp bindings. These can be installed by using the following command:

On Fedora / CentOS:

sudo yum install net-snmp-python

On Ubuntu / Debian:

sudo apt-get install libsnmp-base libsnmp-python libsnmp15 snmp

2.5. ncclient: Python NETconf library There are two scripts as part of the plugins that require the ncclient NETconf library. This mainly used to support Ethernet OAM for Juniper based devices. There are serveral forks of ncclient. Please see https://github.com/Juniper/ncclient for installation instructions and dependencies.

2.6. dot1ag utils The dot1ag-utils software package is an Open Source (new BSD License) implementation of the IEEE 802.1ag protocol and is supported on Linux, FreeBSD and MacOSX servers. It provides several debugging tools that interact with IEEE 802.1ag enabled routers and switches. The package implements the MEP Down functionality with a loopback message initiator (ethping), a link trace message initiator (ethtrace) and a daemon (dot1agd) that responds to loopback messages and link trace messages. Sending and receiving of continuity check messages is done by dot1ag_ccd.

Dot1ag-utils is maintained by SURFnet. See for more information: https://svn.surfnet.nl/trac/dot1ag-utils/wiki

8

3. Icinga plugin documentation The Ethernet OAM Icinga plugin consists of a number of scripts, which can be used to check several OAM features of supported devices.

Overview:

Name Functionality Supported platform

Method

check_cfm_state_8021ag.py check CCM state Any 8021.ag supported device

SNMP standardized MIB

check_cfm_state_ciena.py check CCM state Ciena SNMP proprietary MIB

check_cfm_state_juniper.py check CCM state Juniper Netconf

check_ethping check LBR/LBM Any 8021.ag supported device

dot1ag utils

check_ethtrace check LTR/LTM Any 8021.ag supported device

dot1ag utils

3.1. Loopback message check script The check_ethping script can be used to send loopback requests (LBR) to remote hosts and monitor the results (LBM).

It is actually a wrapper script for the dot1ag-utils ethping utility.

The ethping and ethtrace utility require sudo permissions to execute.

To avoid a password prompt when executing the script, it is possible to add the ethping command to the sudoers file. This can be accomplished by executing the visudo tool.

The following lines should be added:

<user> ALL=NOPASSWD: /usr/local/bin/ethping <user> ALL=NOPASSWD: /usr/local/bin/ethtrace

where <user> is the username that will be used to execute the command (eg. icinga).

3.1.1. Usage check_ethping.py To see all possible flags, issue the `--help` option:

$ ./check_ethping.py --help Usage: check_ethping.py [options] destination_MAC Options: -h, --help show this help message and exit -i INTERFACE, --interface=INTERFACE

9

interface to use -v VLAN, --vlan=VLAN vlan to query -l MDLEVEL, --mdlevel=MDLEVEL OAM Maintenance Level -c COUNT, --count=COUNT number of ethpings to send -w WARN_ON_PACKETLOSS, --warn_on_packetloss=WARN_ON_PACKETLOSS Return warning on packetloss 1=yes 0=no (default=1)

-h / --help This option shows the above listed help message.

-i / --interface This option specifies the interface to use when sending loopback requests.

-v / --vlan This option specifies the vlan in which the destination address is present.

-l / --mdlevel This option specifies management domain level of the destination address.

-c / --count This option specifies the amount of loop back requests to be sent.

-w / --count This option specifies if a warning should be returned, in case of packet-loss of loopback messages. Normally the script only generates a warning if all packets are lost.

3.1.2. Output of loopback message check script Normal result:

$ check_ethping.py -i em1.1235 -l 7 -v 1235 aa:aa:bb:bb:cc:cc PING aa:aa:bb:bb:cc:cc OK - Packet loss = 0%, RTA = 7.8806 ms

MAC address unreachable:

$ check_ethping.py -i em1.1235 -l 7 -v 1235 aa:aa:bb:bb:cc:cc PING aa:aa:bb:bb:cc:cc CRITICAL - Packet loss = 100%, RTA = 0.0000 ms

3.2. Linktrace check script The check_ethtrace script can be used to execute a linktrace request (LTR) to a MAC address.

It is actually a wrapper script for the dot1ag-utils ethping utility.

It will return the number of hops that it took to reach the MAC address. The script can be optionally be configured to expect a specific number of hops, or a specific path that needs to be taken to reach a MAC address. The ethping and ethtrace utility require sudo permissions to execute.

To avoid a password prompt when executing the script, it is possible to add the ethping command to the sudoers file. This can be accomplished by executing the visudo tool.

The following lines should be added:

<user> ALL=NOPASSWD: /usr/local/bin/ethping <user> ALL=NOPASSWD: /usr/local/bin/ethtrace

where <user> is the username that will be used to execute the command (eg. icinga).

10

3.2.1. 3.2.1 Usage check_trace.py To see all possible flags, issue the `--help` option:

$ sudo ./check_ethtrace.py --help Usage: check_ethtrace.py [options] destination_MAC Options: -h, --help show this help message and exit -i INTERFACE, --interface=INTERFACE interface to use -v VLAN, --vlan=VLAN vlan to query -l MDLEVEL, --mdlevel=MDLEVEL OAM Maintentance Level --hops=HOPS Allowed number of hops (number or range eg. 2:3) --mac_path=MACPATH Specified trace path (use comma separated mac addresses)

-h / --help This option shows the above listed help message.

-i / --interface This option specifies the interface to use when sending loopback requests.

-v / --vlan This option specifies the vlan in which the destination address is present.

-l / --mdlevel This option specifies management domain level of the destination address.

--hops This option specifies a number of expected hops that the linktrace will take. If the result doesn't match the configured hop count, it will return a WARNING.

The hop count can also be configured as a range of minimum and maximum hops. This can be done with the following syntax: --hops 2:4. This means minimum allowed hops is 2, maximum allowed hops is 4.

--mac_path With this option you can specify the path of mac addresses, which is to be expected as the result of the linktrace request. If the path doesn't match, it will return a warning.

The format is --mac_path 11:22:33:44:55:66,aa:bb:cc:dd:ee:ff,99:88:77:66:55:44

3.2.2. Output of link trace check script When the script finishes it will return an errorstate code which is used by Icinga to detect the service state. The script will return 0 ('OK') if there are no issues. The script wil return 1 ('WARNING') if there are problems detected.

Normal result:

$./check_ethtrace.py -i em1.1235 -l 7 -v 1235 --hops 1:2 aa:aa:bb:bb:cc:cc ETHTRACE aa:aa:bb:bb:cc:cc OK - hops = 2

Result with wrong hopcount:

$ check_ethtrace.py -i em1.1235 -l 7 -v 1235 --hops 3 bb:bb:bb:bb:bb:bb ETHTRACE bb:bb:bb:bb:bb:bb WARNING - hops = 2 -- Invalid hop count (configured: 3 detected: 2)

11

Result with wrong MAC path:

$ check_ethtrace.py -i em1.1235 -l 7 -v 1235 --mac_path aa:aa:aa:aa:aa:aa,bb:bb:bb:bb:bb:bb bb:bb:bb:bb:bb:bb ETHTRACE b0a8.6e0d.1f03 WARNING - hops = 2 -- Wrong path detected (configured: aa:aa:aa:aa:aa:aa,bb:bb:bb:bb:bb:bb detected: 11:11:11:11:11:11,bb:bb:bb:bb:bb:bb)

3.3. Continuity check script The check_cfm_state scripts can be used to monitor the state of CCM messages, related to specific MEPs. It will detect if there are any of the alarm flags set, and if the port and interface TLVs are 'Up'. The scripts do not provide continuous checking of the CCM state, since the nature of Icinga is to poll only once in a while. This means if there is an alarm occurring just between two polls, this is not detected.

There are currently three implementations of the script, which are functionally almost the same, but are used for different devices:

check_cfm_state_8021ag.py

This implementation supports any device which makes use of the standardized 802.1ag SNMP MIB. It has been tested on a number of devices from different vendors.

check_cfm_state_ciena.py

This implementation makes use of a more or less proprietary Ciena MIB. This MIB is not freely available and should be obtained from Ciena. It has been tested on a Ciena 3960.

check_cfm_state_juniper.py

This implementation supports the Juniper Ex4200 switch. It makes use of the NETconf protocol to retrieve OAM related information from the device. Juniper currently has no 802.1ag SNMP support. This is expected in Q2 2014.

3.3.1. Usage check_cfm_state_8021ag.py and check_cfm_state_ciena.py To see all possible flags, issue the `--help` option:

$ ./check_cfm_state_8021ag.py --help Usage: check_cfm_state_8021ag.py [options] hostname Options: -h, --help show this help message and exit -v SNMP_VERSION, --version=SNMP_VERSION Use specific SNMP version default = 1 -p PORT, --port=PORT SNMP port default = 161 -c COMMUNITY, --community=COMMUNITY SNMP community -m LIST, --mep=LIST comma separated list to specify remote MEPs to monitor, (all = all available MEPs)

-h / --help This option shows the above listed help message.

-v / --version This option specifies the SNMP version, when omitted it uses version 1 as default. Valid options are '1' or '2'.

-p / --port This option allows you to override the default UDP 161 port for SNMP.

12

-c / --community This option specifies the SNMP community of the device you want to query. This option is mandatory.

-m / --mep This option allows you to specify a single or a list of remote MEPs which should be monitored by the plugin. A list can be created by using commas between the individual meps: Single MEP: --mep 800 List of MEPs: --mep 800,810,830 All MEPs: --mep all

You can also query all detected remote MEPs using the --mep all option. This will detect the status of all discovered remote meps. However if the plugin cannot retrieve data for one of the meps, it will not generate any 'NO DATA' message, since the MEP was not specifically mentioned. This option is mandatory.

3.3.2. 3.3.2 Usage check_cfm_state_juniper.py: To see all possible flags, issue the `--help` option:

$ ./check_cfm_state_juniper.py --help Usage: check_cfm_state_juniper.py [options] hostname Options: -h, --help show this help message and exit -P PORT, --port=PORT NETconf port default = 22 -u USERNAME, --username=USERNAME ssh username -p password, --password=password ssh password (can be ommited when using remote ssh key) -m LIST, --mep=LIST comma separated list to specify remote MEPs to monitor, (all = all available MEPs)

-h / --help This option shows the above listed help message.

-P / --port This option allows you to override the default port for SSH (TCP port 22).

-u / --username This option is used to specify the SSH username for Netconf. This option is mandatory.

-p / --password This option is used to specify the SSH password for Netconf. Alternatively you can use a remotely stored SSH key. In this case the password can be omitted.

-m / --mep This option allows you to specify a single or a list of remote MEPs which should be monitored by the plugin. A list can be created by using commas between the individual meps: Single MEP: --mep 800 List of MEPs: --mep 800,810,830 All MEPs: --mep all

You can also query all detected remote MEPs using the --mep all option. This will detect the status of all discovered remote meps. However if the plugin cannot retrieve data for one of the meps, it will not generate any 'NO DATA' message, since the MEP was not specifically mentioned. This option is mandatory.

13

3.3.3. 3.3.3 Output of continuity check scripts When the script finishes it will return an error state code which is used by Icinga to detect the service state. The script will return 0 ('OK') if there are no issues. The script will return 1 ('WARNING') if there are problems detected with one or more MEPs.

Result without issues:

$ ./check_cfm_state_8021ag.py -c TNCDEMO -m 875 10.0.102.99 Remote MEP 875 OK - Level 7 MAID: md7_TNCDEMO

Result with some reported alarms:

$ ./check_cfm_state_8021ag.py -c TNCDEMO -m 2022 10.0.102.99 Remote MEP 2022 WARNING - Level 3 MAID: mdv2002_mav2002 -- Remote MEP State Error Detected! --

This shows that the remote MEP 2022 has a 'Remote MEP State Error'.

14

4. Configuring Icinga to use the OAM plugin scripts Icinga works with configuration files that contain the information needed to define monitoring services.

Configuration files can be added to the configuration directory of Icinga. The location differs per implementation.

Possible locations are /usr/local/icinga/etc/ or /etc/icinga.

You can use the whereis icinga command to find out where Icinga is located. Any additional files can be added to the configuration by specifying them in the icinga.cfg global configuration file. For example you can add our file with the following statement:

cfg_file=/usr/local/icinga/etc/objects/eth-oam.cfg

Note: normally there is a separate 'objects' folder where configuration files related to objects go.

After updating the file, Icinga has to be reloaded. This can be done with sudo /etc/init.d/icinga reload.

This example configuration file has four elements:

Host definition Specifies information about the host that is being monitored

Host_group definition groups all hosts in a single group.

Service definition Specifies information about what service checks are to be initiated by the host.

Check command definition

Specifies the command-line call to the plugin, including arguments, which is used by the service.

4.1. eth-oam.cfg Example configuration file # HOST DEFINITIONS

define host{ use generic-switch ; Inherit default values from a template host_name nge-2.lighthouse.sara.nl ; The name we're giving to this switch alias SURFsara CIENA 3960 NGE-1 ; longer name associated with the switch address 10.0.102.11 ; IP address of the switch hostgroups TNC2013_DEMO ; Host groups associated with this switch } define host{ use generic-switch host_name oam-nid1.lighthouse.sara.nl alias SURFsara Overture ISG24 bridge address 10.0.102.9 hostgroups TNC2013_DEMO } # HOST GROUP DEFINITIONS define hostgroup{ hostgroup_name TNC2013_DEMO ; The name of the hostgroup

15

alias TNC2013 DEMO ; Long name of the group } # SERVICE DEFINITIONS define service{ use generic-service ; Inherit values from a template host_name oam-nid1.lighthouse.sara.nl ; The name of the host associated with the service service_description check_cfm_state_8021ag ; The service description check_command check_cfm_state_8021ag!TNCDEMO!872 ; The command used to monitor the service normal_check_interval 5 ; Check the service every 5 minutes under normal ; conditions retry_check_interval 1 ; Re-check the service every minute until its ; final/hard state is determined } define service{ use generic-service host_name nge-2.lighthouse.sara.nl service_description check_cfm_state_ciena check_command check_cfm_state_ciena!TNCDEMO!871 normal_check_interval 5 retry_check_interval 1 } # CHECKCOMMAND DEFINITIONS define command { command_name check_cfm_state_ciena command_line $USER1$/plugins-sara/check_cfm_state_ciena.py \ -v 2 -c $ARG1$ -m $ARG2$ $HOSTADDRESS$ } define command { command_name check_cfm_state_8021ag command_line $USER1$/plugins-sara/check_cfm_state_8021ag.py \ -c $ARG1$ -m $ARG2$ $HOSTADDRESS$ }

16

5. Cacti template documentation There are two Cacti templates available, which can monitor and graph Delay Measurement DMM information.

The provided templates consists of a number of XML files, which contain a complete template of graphs, queries and data templates, and can be imported to Cacti using the ‘Import Templates’ Function from the console menu. There are also some supporting scripts provided, information about these files is listed below.

5.1. Ciena Template This template provides a SNMP data query to monitor the Ciena 3960. It provides graphs for monitoring L2 Delay and jitter between 2 endpoints.

Ciena Cacti template locations:

File Required location

cacti_host_template_ciena.xml Import into Cacti using the immport template function.

ciena_cfm.xml <your_cacti_path>/resource/snmp_queries/

File Descriptions:

cacti_host_template_ciena.xml

This file is an XML template which needs to be imported to Cacti. It provides a Ciena host template, with a number of data queries, data templates and graph templates. You can use this to create new devices and enable the Ciena DDM statistics data query.

ciena_cfm.xml

This file contains the data template of the SNMP data query.

5.2. Juniper Template This template provides a Script data query to monitor the Juniper Ex4200. It provides graphs for monitoring L2 Delay and jitter between 2 endpoints. It makes use of Netconf instead of SNMP.

Juniper Cacti template locations:

File Required location

cacti_host_template_juniper.xml

Import into Cacti using the import template function.

juniper_dmm.py <your_cacti_path>/resource/script_queries/

17

juniper_dmm.xml <your_cacti_path>/resource/script_queries/

netconf_auth <your_cacti_path>/resource/script_queries/

File Description:

cacti_host_template_juniper.xml:

This file is an XML template that needs to be imported to Cacti. It provides a Juniper host template, with a number of data queries, data templates and graph templates. You can us this to create new devices and enable the Juniper DDM statistics data query.

juniper_dmm.py:

This file is a python script which handles the data query request from cacti. The Juniper DMM template makes use of NETconf, and therefor requires an external script.

The script references to the netconf_auth file location. Adjust this to your needs.

The script does not do a SSH hostkey verification. Cacti is most often run by a system user, which does not have a home directory with a known_host file. If you would like to enable this check, it can be enabled by adjusting the script. Look for the variable hostkey_verify=False, and adjust it to True.

juniper_dmm.xml:

This file contains the data template of the data query, and references to the juniper_dmm.py script. Adjust your Cacti directory and Python binary location within the file when necessary.

netconf_auth:

This file handles NETconf authentication per host. For each host configured in cacti, you can add a line, and add the username, password, and TCP port which is used by Netconf.

Cacti does not natively support NETconf, since it is an SNMP monitoring tool, therefor this file is required.

The format is: <host>:<username>:<password>:<port>

18

6. Some issues

6.1. Overture 24 The initial version of the Overture firmware that we used had a bug, which caused that no CCM messages were processed by the CPU. This was initially fixed by reverting to an older Firmware. Later on Overture released an update, which fixed the problem.

Overture firmware version

CCM issue

4.9.1 No issue

4.9.2.1 YES

4.9.3.1 No issue

6.2. MRV The MRV device that we use currently has an issue, which does not correctly display the MA name correctly when querying it in SNMP. Instead of displaying the name, it displays the oid leaf index of the MA. This still needs to be further investigated.

6.3. Ciena MIB problem During implementation it was discovered that the WWP-LEOS-CFM-MIB.my did not response to SNMP queries. It turned out that our MEP IDs were higher than 100. This was in conflict with the wwpLeosCfmRemoteMEPID range value defined in the MIB. This was set to 'Unsigned32 (1..100)' at line 2959. When it was adjusted to 'Unsigned32 (1..8192)'. SNMP response messages were received normally.

6.4. Cacti template import issue If you get the error in subject importing a template, simply edit /var/www/cacti/include/global_array.php, at line 558 add a comma at the end "0.8.7i" => "0023", and after it add a new line "0.8.8" => "0024" This should resolve the problem.

19

7. Configuration examples

7.1. OAM configuration for Ciena 3960 This section shows an overview of commands and examples which are used to configure Ethernet OAM related settings for the Ciena 3960 Ethernet switch.

Creating a MEP:

NGE-1> cfm enable NGE-1> cfm service create vlan 2003 name vpls2003 md md2 ma-name-string vpls2003 NGE-1> cfm service enable service vpls2003 NGE-1> cfm mep create service vpls2003 port 2 type down mepid 851 NGE-1> cfm mip create vlan 2003 port 2 level 2

Showing configured MEP's:

NGE-1> cfm mep show +-------------------------------- CFM MEPs ---------------------------------+ | | | | | | |Admin|CCM |CCM| |Service |Port |Vid |Mepid|Type| Mac Address |State|State|Pri| +----------------+--------+----|-----+----+-----------------+-----+-----+---+ |SRS |12 |2780|8000 |down|00:03:18:89:A3:2D|en |on |7 | |DMM |9 |100 |1000 |down|00:03:18:89:A3:2A|en |on |7 | |vpls2003 |2 |2003|851 |down|00:03:18:89:A3:23|en |on |7 | +----------------+--------+----|-----+----+-----------------+-----+-----+---+

Showing global CFM Information:

NGE-1> cfm show +------------ CFM GLOBAL CONFIGURATION -------------+ | Parameter | Value | +-------------------------------+-------------------+ | Admin State | Enabled | | L2 Loop Detection State | Disabled | | Ethertype | 0x8902 | | Y1731 Ethertype | 0x8902 | | Remote MEP Hold Time (ms) | 10000 | | 802.1ad Strict Mode | Off | | MIP Level Enforcement | On | | MIP CCM Database Learning | Enabled | | VS Automatic MEP Creation | On | | Frames/sec Avail | 1496 | | Loopback Default Count | 1 | | Loopback Default Interval (ms)| 100 | | Loopback Default Timeout (ms) | 5000 | | Source MAC For PBT CFM Frames | 00:03:18:89:A3:20 | | Frame Classification Mode | Per Snet | | Total Rx Frames | 237262639 | | Total Tx Frames | 280820416 | +-------------------------------+-------------------+

+--------------- CFM GLOBAL RESOURCES ---------------+ | Resource | Current | Maximum | +--------------------------------+---------+---------+ | CFM Frames per Second | 504 | 2000 |

20

| CFM Maintenance Domains | 9 | 538 | | CFM Service's | 4 | 530 | | CFM MEP's | 3 | 530 | | CFM Remote MEP's/MIP-CCM-DB | 13 | 8192 | | CFM CCM History's | 0 | 256 | | CFM Stack's | 8 | 4096 | | CFM Port's | 12 | 18 | +--------------------------------+---------+---------+

Showing Maintenance Domain information:

NGE-1> cfm md show +------------------------ CFM MAINTENANCE DOMAINS ------------------------+ |Level |Management Name |Services|MD Name | +------+----------------------------+--------+----------------------------| |0 |md0 |0 |md0 | |1 |md1 |0 |md1 | |2 |md2 |2 |md2 | |3 |md3 |0 |md3 | |4 |EthernetSandbox |1 |EthernetSandbox | |5 |md5 |0 |md5 | |6 |md6 |0 |md6 | |7 |md7 |0 |md7 | |3 |DMM-test |1 |DMM-test | +------+----------------------------+--------+----------------------------|

Showing created services:

NGE-1> cfm service show

+-------------------------------- CFM SERVICES --------------------------------+ | | | | | | | MEPs | Service Faults | |Name |Type|Service Network |Vid |Lvl|Adm|Loc|Rem|XC|CC|RM|MS|RD|IS| +-----------+----+----------------------+----+---+---+---+---+--+--+--+--+--+--+ |SRS |VLAN|HPDMnet-8021ag |2780|4 |en |1 |0 | | | | | |X | |DMM |VLAN|y1731-test |100 |3 |en |1 |1 | | | | | | | |vpls2003 |VLAN|nge1-nge2 |2003|2 |en |1 |1 | |X |X | | | | |test800 |VLAN|nge1-nge2 |2003|2 |en |0 |0 | | | | | |X | +-----------+----+----------------------+----+---+---+---+---+--+--+--+--+--+--+

Creating a MIP:

NGE-1> cfm mip create vlan 2002 port 2 level 3 NGE-1> cfm mip create vlan 2001 port 9 level 3 NGE-1> cfm mip create vlan 2002 port 12 level 3

It is not necessary to configure the MA Domain and Association (names) for a MIP on a Cienna 3960.

showing configured MIP's:

NGE-1> cfm mip show +-------------------------- CFM MIPs --------------------------+ | Service Instance |Vlan Id |Port |Level |Mac Address | |------------------+--------+--------+------+------------------| |GN3-EthOAM |2001 |9 |3 |00:03:18:89:A3:2A | |GN3-EthOAM-loop |2002 |2 |3 |00:03:18:89:A3:23 | |GN3-EthOAM-loop |2002 |12 |3 |00:03:18:89:A3:2D | |nge1-nge2 |2003 |2 |2 |00:03:18:89:A3:23 | |------------------+--------+--------+------+------------------|

21

Showing the MIP database which contains info about received data from other MEP's:

NGE-1> cfm mip-ccm-db enable NGE-1> cfm mip-ccm-db show +------------------------------ MIP CCM Database ------------------------------+ | | | |Total | Last CCM Information | |VLAN| MAC Address |Port |CCM Rx |Seq Num |Time |Lv|Mepid| PS |RDI| +----+-----------------+--------+---------+---------+--------+--+-----+----+---| |2001|00:03:18:58:E8:E2|12 |103180 |35634028 |0 |3 |110 |Up | | |2001|64:87:88:58:C7:E8|12 |101552 |0 |0 |3 |410 |None| | |2002|00:03:18:58:E8:E2|2 |103180 |35634028 |0 |3 |110 |Up | | |2002|00:15:AD:10:21:7F|2 |10421 |5445909 |0 |3 |800 |None| | |2002|64:87:88:58:C7:E8|2 |101552 |0 |0 |3 |410 |None| | +----+-----------------+--------+---------+---------+--------+--+-----+----+---|

DMM measurements, enable delay measurements:

NGE-1> cfm delay send service vpls2001 mepid 861 count 100 repeat 0 local-mepid 860

Show active delay measurements:

NGE-1> cfm delay show +----------------- MEP DELAY MEASUREMENT MESSAGE INFORMATION -------------------+ | |Local|Remote | | | | | |Rep | |Service |Mepid|Mac Address |RMep|DMM|DMR|Delay in us |Jitter in us|Time| +-----------+-----+-----------------+----+---+---+------------+------------+----+ |vpls2001 |860 |00:03:18:86:0F:99|861 |95 |94 |Min: 2163|Min: 0|0 | | | | | | | |Avg: 2216|Avg: 25| | | | | | | | |Max: 2278|Max: 71| | +-----------+-----+-----------------+----+---+---+------------+------------+----+

7.2. OAM configuration example for Overture 24 The Overture ISG 24 can be configured through CLI or webGUI. The webGUI however is different per firmware version.

7.3. Netconf / OAM configuration example for Juniper EX4200 This example creates a MEP with number 888 in the maintenance domain md7 with association TNCDEMO. It sens out CCM frames in an interval of 100 milliseconds. It also transmits the port-status and interface-status TLVs. In the performance-monitoring section a DMM sla-iterator-profile is configured. This is assigned to a MEP and provides DMM delay and measurement statistics.

{master:0}[edit protocols oam ethernet connectivity-fault-management] user@ex4200# show maintenance-domain md7 { level 7; maintenance-association TNCDEMO { continuity-check { interval 100ms; port-status-tlv; interface-status-tlv; } mep 888 { interface ge-0/0/0.0 vlan-id 1235; direction down; auto-discovery;

22

remote-mep 810 { sla-iterator-profile il; } } } } performance-monitoring { sla-iterator-profiles { il { measurement-type two-way-delay; } } } user@ex4200# show maintenance-domain md7 | display set set protocols oam ethernet connectivity-fault-management maintenance-domain md7 level 7 set protocols oam ethernet connectivity-fault-management maintenance-domain md7 maintenance-association TNCDEMO continuity-check interval 100ms set protocols oam ethernet connectivity-fault-management maintenance-domain md7 maintenance-association TNCDEMO continuity-check port-status-tlv set protocols oam ethernet connectivity-fault-management maintenance-domain md7 maintenance-association TNCDEMO continuity-check interface-status-tlv set protocols oam ethernet connectivity-fault-management maintenance-domain md7 maintenance-association TNCDEMO mep 888 interface ge-0/0/0.0 set protocols oam ethernet connectivity-fault-management maintenance-domain md7 maintenance-association TNCDEMO mep 888 interface vlan-id 1235 set protocols oam ethernet connectivity-fault-management maintenance-domain md7 maintenance-association TNCDEMO mep 888 direction down set protocols oam ethernet connectivity-fault-management maintenance-domain md7 maintenance-association TNCDEMO mep 888 auto-discovery set protocols oam ethernet connectivity-fault-management performance-monitoring sla-iterator-profiles il measurement-type two-way-delay set protocols oam ethernet connectivity-fault-management maintenance-domain md7 maintenance-association TNCDEMO mep 888 remote-mep 810 sla-iterator-profile il

There are various CLI commands to monitor the state of the MEP. This is an example of a commonly used command:

user@ex4200> show oam ethernet connectivity-fault-management mep-database maintenance-domain md7 maintenance-association TNCDEMO remote-mep 875 Maintenance domain name: md7, Format: string, Level: 7 Maintenance association name: TNCDEMO, Format: string Continuity-check status: enabled, Interval: 100ms MEP identifier: 888, Direction: down, MAC address: b0:a8:6e:0d:1f:03 Auto-discovery: enabled, Priority: 0 Interface name: ge-0/0/0.0, Interface status: Active, Link status: Up Remote MEP identifier: 875, State: ok MAC address: 00:03:18:82:22:13, Type: Learned Interface: ge-0/0/0.0 Last flapped: Never Remote defect indication: true Port status TLV: up Interface status TLV: up

23

To review DMM measurement statistics of a sla-iterator-profile, try the following example:

user@ex4200> show oam ethernet connectivity-fault-management sla-iterator-statistics maintenance-domain md3 maintenance-association vpls1000 local-mep 812 remote-mep 810 sla-iterator il Iterator statistics: Maintenance domain: md3, Level: 3 Maintenance association: vpls1000, Local MEP id: 812 Remote MEP id: 810, Remote MAC address: 00:15:ad:10:21:7f Iterator name: il, Iterator Id: 1 Iterator cycle time: 1000ms, Iteration period: 2000 cycles Iterator status: running, Infinite iterations: true Reset reason: none Iterator delay measurement statistics: Calculation weight: Delay: 1, Delay variation: 1 DMM sent : 341316 DMM skipped for threshold hit : 0 DMM skipped for threshold hit window : 0 DMR received : 341316 DMR out of sequence : 0 DMR received with invalid time stamps : 0 Average two-way delay : 257 usec Average two-way delay variation : 36 usec Average one-way forward delay variation : 32 usec Average one-way backward delay variation : 51 usec Weighted average two-way delay : 264 usec Weighted average two-way delay variation : 27 usec Weighted average one-way forward delay variation : 29 usec Weighted average one-way backward delay variation: 56 usec

24

8. Tested equipment The following devices were tested successfully. It does not mean that other versions and other vendors will not work.

Device Firmware version Manufacturer URL

Ciena 3960 saos-06-09-01-0108

saos-06-09-00-0242

http://www.ciena.com/products/3960/

Fujitsu FDX2400M-TE-S

AEN_5.5_26203 N/A (Fujitsu acquired this hardware from Accedian networks)

MRV OptiSwitch 904

2_1_9B http://www.mrv.com/product/MRV-OS-OS904-MBH

Overture-24 AEN_4.9.1

AEN_4.9.3.1

http://www.overturenetworks.com/carrier-ethernet

Juniper EX4200 Junos 12.2R1.8 http://www.juniper.net/us/en/products-services/switching/ex-series/ex4200/

25

9. Terms and Abbreviations

Acronym Description

AIS Alarm Indication Signals

CCM Continuity Check Messages

CFM Connectivity Fault Management

CoS Class of Service

DM Delay Measurement

DMM Delay Measurement Message

DMR Delay Measurement Response

FD Frame Delay

FDV Frame Delay Variation

FLR Frame Loss Ratio

IEEE Institute of Electrical and Electronic Engineers

IETF Internet Engineering Task Force

ITU International Telecommunications Union

LBM Loopback Message

LM Loss Measurement

LMM Loss Measurement Request

LMR Loss Measurement Reply

LRM Loopback Reply Message

LTM Linktrace Message

LTR Linktrace Replay Message

MA Maintenance Association

MAC Medium Access Control

MEG Maintenance Entity Group

MEP Maintenance End Point

MIB Management Information Base

MIP Maintenance Intermediate Point

26

ms Millisecond

OAM Operations, Administration and Maintenance

PHP PHP: Hypertext Preprocessor

RDI Remote Defect Indication

RTA Round Trip Average

RRD Round Robin Database

SNMP Simple Network Management Protocol

SSH Secure shell

TLV Time, Length, Value

VID VLAN ID

VLAN Virtual Local Area Network

 

27

References Icinga, Why a fork: https://www.icinga.org/faq/why-a-fork/

Icinga Quickstart guide: http://docs.icinga.org/latest/en/quickstart-icinga.html

Cacti manual http://www.cacti.net/downloads/docs/html/index.html

ITU - T G.8013/Y.1731 OAM functions and mechanisms for Ethernet based networks:

http://www.itu.int/rec/dologin_pub.asp?lang=e&id=T-REC-Y.1731-201107-I!!PDF-E&type=items

IEEE Std 802.1agTM-2007 IEEE Standard for Local and metropolitan area networks; Virtual Bridged Local Area Networks Amendment 5: Connectivity Fault Management: http://standards.ieee.org/getieee802/download/802.1ag-2007.pdf

Juniper Day One: Navigating The Junos XML Hierarchy: http://www.juniper.net/us/en/community/junos/training-certification/day-one/automation-series/junos-xml-hierarchy/

Juniper ITU-T Y.1731 Ethernet Service OAM Feature Guide for Routing Devices: http://www.juniper.net/techpubs/en_US/junos13.2/information-products/pathway-pages/config-guide-network-interfaces/ethernet-itu-t-y-1731-ethernet-service-oam.pdf

Juniper NETconf client: https://github.com/Juniper/ncclient

SURFnet Dot1ag-utils: https://svn.surfnet.nl/trac/dot1ag-utils/wiki

Acknowledgements The plugins were developed in 2013 as part of the Research on Networks (RoN) track with the Gigaport project, which is funded by SURF and organised by SURFnet.