Monitoring Network Interfaces

Netreo can be configured to automatically monitor the network interfaces of your managed devices for availability and performance. This requires configuring device templates with Check Interface Status service checks for monitoring interface availability, as well as appropriate threshold checks to monitor interface performance.

How Netreo Names Network Interfaces

Netreo constructs the display name for a network interface using some combination of its description, port name, and alias, depending on which is available.

Interface display names are generally consistent within the same vendors, with one exception - Cisco. The construction of interface display names for Cisco adaptive security appliances follows a slightly different logic than for other Cisco devices.

For most Cisco devices, the following logic is used to construct the display names for their network interfaces:

• if a port name is available
  • interface display name = interface description +  interface port name
• else if an alias is available
  • interface display name = interface description +  interface alias
• else
  • interface display name = interface description

However:

• if OID .1.3.6.1.2.1.1.1.0. returns Cisco Adaptive Security Appliance
  • interface display name = interface port name +  interface alias

How Netreo Organizes Network Interfaces

To build an effective strategy for monitoring network interfaces, it is helpful to understand how Netreo organizes the interfaces it discovers for each managed device.

Each time a discovery poll is performed on a device, Netreo retrieves the complete list of network interfaces for that device, along with their name, description, index number (as assigned by the device), bandwidth speed (if available) and administrative and operational status. Netreo then organizes those interfaces into two lists:

• The "all interfaces" list
• The "active interfaces" list

These two lists may be viewed and worked with on the Instances tab of the Device Administration page for any given managed device.

The "All Interfaces" List

This list includes all of the network interfaces discovered for a managed device during a discovery poll. To view this list, navigate to the Instances tab of the Device Administration page for the device. Expand the Network panel to display the interface table and, using the pulldown menu at the top right of the table, select All Interfaces.

The "Active Interfaces" List

This list is a subset of the all interfaces list, and is the list of interfaces for a given managed device that Netreo considers "important" for the purposes of monitoring (i.e., those interfaces a user is likely to want to monitor).

In order for an interface to be placed in the active interfaces list, it must meet several criteria:

• It must not be filtered out by an interface filter (see Interface Filters below)
• It must have a bandwidth speed (a bandwidth override speed assigned in Netreo acceptable)
• Its administrative status must be 1 (up)
• Its operational status must be 1 (up)

Note: If an active interface is being monitored by a Check Interface Status service check, that interface will not be removed from the active interfaces list until it is no longer monitored.

The current list of active interfaces may be viewed in two locations:

• On the Performance tab of the Device Dashboard - for all user types
• On the Instances tab of the Device Administration page - for administrators only (Expand the Network panel to display the interface table and, using the pulldown menu at the top right of the table, select Active Interfaces)

Interface Filters

Netreo offers two types of filter (basic and advanced) for excluding interfaces you do not wish to monitor from the active interfaces list. These filters affect only the individual managed device to which they are added. (Note: Any time a basic or advanced filter is added to (or updated on) a device, a discovery poll should be immediately scheduled for that device.)

Basic Filter - The basic filter allows you to provide a single regular expression that is used to exclude interfaces from the active interfaces list. A basic filter may be added to a device either directly, from the Instances tab of the Device Administration page, or through the use of device templates (the preferred method) to automatically add the filter to multiple devices.

Advanced Filter - The advanced filter allows a much more complex filter to be created, built from multiple variable types, operators, values, and AND/OR functions. Advanced filters must be manually added to a managed device through the Instances tab of the Device Administration page for that device. Up to five statements can be added at a time, but more can be added after each group of five.

Constructing advanced filters properly can be quite challenging, and should only be attempted by advanced users. Since you can't use brackets to frame the statements, you must use the AND/OR functions creatively. For example, if you wanted to filter out all of the interfaces that include "gig" in their description, whether they are operationally up or down, you would have to create four statements such as the following:

The advanced filter operations are case-sensitive. So, after configuring the above four statements for "gig", you may need to add an additional four statements for "GIG".

If an advanced filter is present, it will override any basic filter applied to that device.

Interface Data Issues

Missing Interface Performance History

The Performance tab of the Device Dashboard only displays performance data for interfaces currently included in the active interfaces list (explained above). So if, during the last discovery poll for a device, a previously active interface was no longer "active" (and so, no longer in the active interfaces list), its performance data will no longer be accessible in the user interface.

Performance data for non-active interfaces is stored for 91 days before being purged. If a currently inactive interface becomes active again within that time (and is re-added to the active interface list) that interface will again appear in the Performance tab and have its stored data available for viewing.

Because of this this, Netreo best practices recommends that automated discovery polls for devices such as access switches that have ports connected to user workstations are scheduled to occur only during regular business hours in order to avoid potential obfuscation of the historical data for those interfaces.

Index Shuffling

If a managed device changes the index number for any of its interfaces, this may have a potentially adverse affect on the historical data of currently monitored interfaces.

Netreo stores data for a network interface based on its index number, as assigned by its device. If the index number for a monitored interface changes, the data stored for that interface can no longer be properly associated with that interface. This can result in the loss of historical data for an interface or the inadvertent transfer of historical data from one interface to another.

For example, let's say Netreo is monitoring two interfaces on a device. We'll call them A and B. When Netreo discovered them, their index numbers were as follows:

• A (index 500)
• B (index 600)

Netreo then created two databases to store the performance history for each interface and associated that database to their index number.

After collecting data for a while, the device (for whatever reason) shifts the index numbers. Now the interfaces are indexed as follows:

• A (index 400)
• B (index 500)

As you can see, B now has the index number previously used by A (index 500).

Here's what happens after the next discovery poll:

• Interface A - The historical data graphs for this interface are now empty. As far as Netreo is concerned A is a totally new interface that it has never seen before. So a new database is created (associated to index 400) and incoming data for A is added to that.
• Interface B - The historical data graphsfor this interface now show the historical data for A (this may or may not be noticeable to a user).
  • Additionally, incoming data for B is now being added to A's old database (index 500) as it is being collected. Because as far as Netreo is concerned this is the correct database for the interface with index 500.
  • The original database with the historical data for B (index 600) still exists, but it is now completely inaccessible (because there is no interface with index 600 under which to display the data). This database will be considered by Netreo to belong to a now non-active interface and be deleted after 91 days.

Once data has been collected for interfaces with shuffled indexes, that data cannot be extracted or the databases repaired. However, the corrupted databases can be purged to prevent them from affecting reports by contacting Netreo customer support for assistance.