Archive for January 2014
CCNP: Security track update!
Well, I managed to pass my VPN exam a few weeks ago meaning I got half my CCNP: Security since I passed FIREWALL sometime last year. So I started back on my IPS studies thinking life was all good, and then some friends on TechExam.net pointed out the fact the CCNP: Security track has a pending update!
It looks like the entire track is getting an overhaul! No more SECURE, IPS, FIREWALL, & VPN! Now we have:
SISAS – Implementing Cisco Secure Access Solutions
SITCS – Implementing Cisco Edge Network Security Solutions
SENSS – Implementing Cisco Security Mobility Solutions
SIMOS – Implementing Cisco Threat Control Solutions
(Honestly I think the site mixed up on some of those, SENSS looks like Edge Network Security Solutions to me, but we will see if Cisco updates the page)
They have also published a migration path for people that are currently going through the CCNP: Security track (Like I am)
SISAS <-> SECURE Replacement
SITCS <-> IPS Replacement
SENSS <-> FIREWALL Replacement
SIMOS <-> VPN Replacement
Looks like the old exams are still available until April 21st, so you have three months to tackle the original exams.
You can find more about the new CCNP: Security track here.
Along with the change it looks like Cisco is going to be retiring the many security specialist titles that come with obtaining the CCNP: Security exam. You can find more information about that here.
2 Exams in three months (IPS & SECURE), the race is on for me! Wish me luck!
Poll individual virtual server statistics on F5 LTM’s using SNMP.
It’s easy enough to log into an F5 LTM and view the current statistics concerning connections and other traffic statistics involving particular virtual servers but lets say you wanted to view this information over a specific time frame. Well that is were it gets a little tricky since you can’t view any historical information on the statistics page built-in on the F5 appliance. Which is one thing I really wish F5 would improve on, viewing historical performance information concerning virtual servers & pool members.
Luckily all the information found on the statistics page comes from internal MIB tables, meaning we can poll this same information into our NMS (Network Management Server) via SNMP. Finding the right OID is a bit tedious but it is a straight forward process. So lets run through at a high level regarding how to find out what MIB we need to poll for, and then we will look at an example.
- Decide which statistics you want to poll for. (Current Connection, Max Connections, etc)
- I recommend using a MIB Browser and Navigating to “1.3.6.1.4.1.3375.2.2.10.2.3.1” to see information that is available for you to poll for.
- Once you decide which statistic you want and you’ve located the OID in the MIB browser, copy or type it out the OID into notepad (or your preferred version of *pad)
- Now, go back to the F5 appliance and find the virtual server you want to collect this information from.
- Count the number of ASCII characters that are in the name of the virtual server. Including any underscores, dashes, etc.
- Once you this number tack it on to the end of the OID you copied in step #2.
- This is where the real fun begins. Now we need to convert the name of the virtual server from ASCII to Decimal. Including any underscores, dashes, etc.
- You can use an ASCII to Decimal calculator to make the conversation a bit easier.
- You will need to place a ‘.’ (Period) after each character in decimal format.
- Once you have the name converted decimal copy that information and append it to the end of the OID from step #4. (The OID in our notepad document off to the side)
- The OID you end up with, is what you need to poll for to get the particular virtual server information you are looking for.
To walk through this example one more time. Let’s say I want to poll for the number of current connections to a virtual server named ‘vs_web_http’.
- First I’m am going to find the OID for virtual server current connections.
Which is:
1.3.6.1.4.1.3375.2.2.10.2.3.1.12.
- The virtual server name has 11 characters in it, so now I need to update my OID with that information.
So my OID is now:
1.3.6.1.4.1.3375.2.2.10.2.3.1.12.11
- Now I need to convert the name of my virtual server to decimal.
vs_web_http converted to ‘118.115.95.119.101.98.95.104.116.116.112’
Now to add that to my OID:
1.3.6.1.4.1.3375.2.2.10.2.3.1.12.11.118.115.95.119.101.98.95.104.116.116.112
And there we have it, that OID right there will pull the current connections on the virtual server ‘vs_web_http’.
Here is a quick breakdown of the OID format. Any other statistics follows this same format, so if you are planning to poll for a few different statistics on the same virtual server you simple need to replace the beginning of the OID with the OID you want to poll for.
A few more extra details:
- OID “1.3.6.1.4.1.3375.” marks the beginning of the F5 private MIB structure, which is where it branches off into the different ‘applications’ (LTM, ASM, etc)
- OID “1.3.6.1.4.1.3375.2.2.10.” marks the beginning of F5 LTM Virtual Server information
- All the F5 LTM Virtual Server statistics OID: “1.3.6.1.4.1.3375.2.2.10.2.3.1.” are contained within a table so depending on your management server you may have to specify the table information, or set it as a ‘Counter64’. In my experience with SolarWinds, I had to set the UnDP to poll for the ‘raw value’
- You can download the F5 MIB directory off your F5 appliance from the main ‘overview’ page. This is pretty much your map for navigating the F5 MIB structure. There is a lot of useful information here if you have the time to actually dig through it. You can find a high level overview of the F5 MIB structure here.
Screenshot from the ‘overview’ page on the F5 appliance.
CCIE or Null! 