|
|
The primary function of HP OpenView (HPOV) is to manage faults.
In this case study, HP OpenView:
 |
Note This section assumes that HP Network Node Manager Release 5.0 is already installed on a Solaris workstation. |
Describing the advanced capabilities of HPOV is outside the scope of this document. For more information, go to http://ovweb.external.hp.com/lpe/doc_serv/ and http://www.openview.hp.com
For Cisco IOS SNMP configurations, see the "Task 1Enabling SNMP in a Cisco IOS Device" section.
To verify that the HPOV daemons are running and the SNMP configuration is correct, follow these steps:
aurora:/opt/OV/bin ->ovw& [1] 5079
Step 2 Verify that all the HPOV daemons are running by entering the ovstatus command from the root directory:
aurora:/ ->ovstatus object manager name: OVsPMD state: RUNNING PID: 430 exit status: - object manager name: ovwdb state: RUNNING PID: 431 last message: Initialization complete. exit status: - object manager name: ovtrapd state: RUNNING PID: 433 last message: Initialization complete. exit status: - object manager name: ovactiond state: RUNNING PID: 434 last message: Initialization complete. exit status: - object manager name: pmd state: RUNNING PID: 432 last message: Initialization complete. exit status: - object manager name: ovtopmd state: RUNNING PID: 435 last message: Connected to native database: "openview". exit status: - object manager name: netmon state: RUNNING PID: 450 last message: Initialization complete. exit status: - object manager name: snmpCollect state: RUNNING PID: 451 last message: No values configured for collection. exit status: - object manager name: ovrepld state: RUNNING PID: 452 last message: Initialization Complete. exit status: -
|
Note If a daemon is not running, try restarting it by using the commands ovstop daemon-name and ovstart daemon-name. If a daemon is still not running, an HPOV license issue may exist. For more information, go to http://www.openview.hp.com |
Step 3 From HPOV, enter the SNMP community strings and target loopback IP addresses for each Cisco IOS device. From the Options menu, select SNMP Configuration.
In the SNMP Configuration screen, enter the following information:
|
Note Accept the default SNMP parameters in the other fields in the SNMP Configuration screen. |
 |
Caution Do not use the SNMP community strings "public," "private," or "cisco." These strings are well-known within the industry, and they are common defaults. These strings are open invitations to attacks—even if you use filters. |
SNMP Configuration: Loopback IP Address and Community Strings
Step 4 Click Add and Apply to submit the entries.
Perform an SNMP demand poll for a new managed device if you do not want to wait for the next automatic topology poll. HPOV performs less frequent automatic topology demand polls as your network and the HPOV device database becomes more static.
When the HPOV daemons start, HPOV discovers the devices in your network. Depending on which discovery options are configured, the device map is based on Layer 2 or Layer 3 information. Choosing discovery options is outside the scope of this document.
Depending on the number of devices that need to be discovered, it could take hours or even days for HPOV to discover a device. If HPOV cannot find a device, enter the device manually in to the database. See the "Using the HPOV CLI to Enter a Device into the Database" section.
To organize and adjust the top-level map, see the "Creating and Adjusting Maps" section.
To perform an SNMP demand poll, follow these steps:
Step 2 Inspect the top-level map of the discovered devices in your network.
The Top-Level Device Map
Step 3 Select a device icon in the map (single click).
Step 4 Go to Fault.
Step 5 Select Network Connectivity: Poll Node.
Demand polls enable HPOV to:
To test that a device responds to SNMP Get requests, follow these steps:
Step 2 From the Fault menu, select Test IP/TCP/SNMP.
This action performs one ICMP echo, one TCP connection, and one SNMP get. SNMP is working if the "OK" message appears under the SNMP Get field.
Table 32 describes the important fields in Figure 29.
Field | Returned Value | Description |
|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
If a device is not responding to a demand poll, follow these steps:
Step 2 Ping the device that is not responding. If the ping works, the devices are communicating.
|
Note A firewall in the communication path can block ping and SNMP packets. |
Step 3 Verify that the SNMP community strings are correct.
Step 4 Try polling the device from the HPOV command line. For example, enter the commands snmpwalk and snmpget.
The syntax for the snmpget command line is as follows:
snmpget [options] node object-id [object-id]...
Options:
-d dump ASN.1 packet trace
-v version protocol version (1 or 2c)
-c community community string
-p port remote port
-t timeout retransmission timeout (1/10th seconds)
-r retries maximum retransmission attempts
|
Caution Overpolling the wrong OIDs overloads CPUs and crashes network devices. |
Other ways to look for traps include:
To monitor the limits of a network, configure thresholds to set off alarms. For example, set up an alarm for a CPU that sustains a 98 percent utilization for a specific amount of time.
Common mistakes include:
Setting up alarms for different kinds of traps is outside the scope of this document.
To verify that HPOV is receiving traps from devices in the network, follow these steps:
Traps in the All Events Browser
Step 2 Force a trap to be sent into the browser by manually causing a fault. Pull out a card on a Cisco device or shut down an interface.
|
Caution Do not shut down a communication link that can cause a service outage. |
Step 3 Look for traps in the browser.
Do not poll the asynchronous and serial interfaces on Cisco access servers. The reasons for this recommendation include:
To unmanage the asynchronous and serial interfaces for a Cisco access server, follow these steps:
Available Interfaces and Ports for a Cisco AS5800
Step 2 Find the following interfaces:
Step 3 Select a group of ports to unmanage. Draw a box around the ports, or select them individually.
Step 4 From the Map menu, select Unmanage Objects. Unmange all ports except the T1 trunks, loopback management interface, and Ethernet interface. Statistics are polled from managed ports.
|
Note You must unmanage the serial and asynchronous ports, which appear tan. |
 |
Tips When the status of an object changes (to managed or unmanaged), HPOV switches to synchronization mode. |
Maps provide a view of the network topology, and they enable you to quickly troubleshoot faults in the network. HPOV automatically polls devices and builds maps for you; however, devices often get stacked in the map, which is undesirable.
The following procedure saves you from having to refresh all your submaps each time a new device appears in the network. After you implement the following procedure, new devices will appear in the New Object Holding Area.
|
Caution Deleting a device from a submap removes the device from the database. To load a device back into the database, see the "Using the HPOV CLI to Enter a Device into the Database" section. |
To manually re-structure device maps to adequately represent your network and turn off the automatic-layout function for the top-level map, follow these steps:
Top-Level Map Adjustments
Step 2 Go to View.
Step 3 Select Automatic Layout.
Step 4 Choose Off For This Submap.
A discovery filter is an ASCII file that HPOV reads to limit the discovery of devices on the network.
Use a discovery filter to:
Sometimes HPOV discovers too many devices. If HPOV discovers devices beyond your target network, such as the entire Internet, the performance of the Unix host decreases significantly. If the device maps begin filling up with networks, routers, and other devices that do not belong to you, use a discovery filter.
After a filter is set up, HPOV will not discover devices unless they are defined by the filter. Edit the filter each time a new device is added to the network.
For more information about discovery filters, go to http://www.openview.hp.com
The filter file is located in the /etc/opt/OV/share/conf/C directory. A sample file is shown in the following step-by-step example. The file has been manually edited and abbreviated to include a specific node list and filter list for this case study:
To see a complete filter file, go to http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/dialnms/filter.txt
To set up and edit a discovery filter, follow these steps:
aurora:/etc/opt/OV/share/conf/C ->ls filters oid_to_sym trapd.conf
Step 2 Edit the filters file by using a text editor to include a node list and a filter list for your network environment:
aurora:/etc/opt/OV/share/conf/C ->vi filters
//
// @(#)$OV_CONF/$LANG/filters
// @(#)HP OpenView NNM Release B.05.01 Jun 21 1997
// @(#)Copyright (c) 1990-1997 Hewlett-Packard Company
// $Revision: /main/TORNADO/NNM_NT/5 $ $Date: 1997/01/13 19:35 UTC $
//
// This is the default filter file. These filters are examples
// which may be useful in your environment. Feel free to modify
// these filters and/or add your own. See OVfilterIntro(5)
// for more information on this file.
// NOTE: The behavior of topology filters in a distributed environment
// changed as of DFIX 5027. This file documents the behavior as of that
// patch level. This should be considered the correct specification of
// how topology filtering behaves in a distributed environment.
//
// Sets are a simple way to list string values to test
// against in a filter. The "IN" operator tests a field value
// for membership in a set defined here.
//
Sets {
//
// These are simple examples of sets.
//
servers "Set of Servers" { "sv1", "sv2", "sv3" }
gateways "Backbone gateways " { "gw1", "gw2", "gw3" }
TheNetNodes "TheNet Node List" { "AS5800-1", "AS5800-2" }
}
.
.
.
FilterExpressions {
//
// The following combines the two set filters
// defined above into one FilterExpression.
// It works unmodified as a discovery filter.
// To work as a map filter, network and segment filtering
// must be added (see below).
VitalNodes "All Gateways and Servers" { GatewaysSet || ServersSet }
//
// One can turn the filters defined above into viable map or
// topology filters by simply adding "|| NetsNSegs". (Doing so
// does not invalidate the filters as discovery
// filters. It just adds a superfluous test.)
//
VitalNodesMap "All nets & segs, but only gateway and server nodes"
{ GatewaysSet || ServersSet || NetsNSegs}
LocalLANView "All nets & segs, but only local nodes"
{ LocalLAN || NetsNSegs }
NetInfrastructure "Any network connecting device and what they connect"
{ Routers || Bridges || Hubs || NetsNSegs }
NetBackbone "Networks and gateways/routers"
{ Routers || Networks }
// Using the filters defined above that include only a specific
// network, we can also exclude the specific network like this
// Note the use of the more specific form to exclude only the segments
// in the engineering lan. This could have been specified directly
// as a negation in the filter part, but this form works well if you
// have several networks to manipulate in this manner.
EverythingButEngr "Everything but the engineering LAN"
{ !EngrLan2 }
// Of course the above filter expressions, when used as
// map filters, pass all networks and segments. You
// may wish to see only a particular network. The following map
// filters accomplish this. Note that though segments
// and nodes from other networks will pass the filters, IP Map
// will ignore them because their parent networks will not pass.
// NOTE: These filters will not work as Discovery
// filters because all network and segments automatically pass
// Discovery and Topology filters.
//
MyNetMap "Only the network of interest and all its constituent parts"
{ MyNet || Segments || Nodes}
MyVitalNodesMap "Gateways, servers and segments in the net of interest"
{ MyNet || Segments || GatewaysSet || ServersSet }
TheNetNodeList "This is the filter for TheNet nodeslist
{ TheNetNodes || TheNetFilters }
// This is a map persistence filter which ensures that
// all Ungermann-Bass are kept in memory and up to date.
// Note that this will also keep any containing submaps in memory.
//
PersFilter "Objects to keep in map memory" { UBNodes }
}
Sometimes devices do not appear in the device map, or they are accidentally deleted from the HPOV database.
To manually load devices in to the HPOV database by using the CLI, follow these steps:
aurora:/ ->ovstop netmon aurora:/ ->ovstatus netmon object manager name: netmon state: NOT_RUNNING PID: 450 last message: Exited due to user request exit status: Exit(0)
Step 2 To load new devices in to the database, enter the loadhosts -m command from the root directory followed by a single netmask for the devices. Include an end of file statement (EOF) to enter multiple lines with one return.
aurora:/ ->loadhosts -m 255.255.255.0 <<EOF > 10.10.10.104 hostname > 14.14.14.14 host2name > EOF aurora:/ ->
|
Note Enter devices by using a DNS format (IP address then hostname). Use spaces (not tabs) to separate IP addresses from hostnames. |
Step 3 Restart the netmon daemon by entering the following commands:
aurora:/ ->ovstart netmon
aurora:/ ->ovstatus netmon object manager name: netmon state: RUNNING PID: 12812 last message: Initialization complete. exit status:
Step 4 Go to the GUI and look for the new devices that appear in the new object holding area.
Step 5 Perform a demand poll on each device to get the sysobjectIDs. After the demand poll is performed, HPOV puts each new device into its correct place in the map.
Posted: Fri Sep 29 08:23:04 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.