HPE Community
Comware Based
1752788 Members
6333 Online
108789 Solutions
New Discussion юеВ

Re: Will SNMP degrade switch or router performance ?

 
Michael_W
Occasional Advisor

тАО08-30-2014 07:49 AM

тАО08-30-2014 07:49 AM

Will SNMP degrade switch or router performance ?

Hi,

 

Im just wondering whether enabling SNMP on HP switches (COMWARE-Based / Procurve) will effect LAN performance? I have a customer with full HP solution (Switches and Router) now they plan to monitor their network performance.

 

Anyway that I can know the bandwidth utilization of SNMP traffic?

 

Regards

Michael

0 Kudos
2 REPLIES 2
Apachez-
Trusted Contributor

тАО08-31-2014 11:24 AM

тАО08-31-2014 11:24 AM

Re: Will SNMP degrade switch or router performance ?

Short answer: No, enabling SNMP on the device wont affect its forwarding performance.

Longer answer: Most of the packets never see the system CPU, they are handled by the ASIC/FPGA closer to the interface.

For example this design applies internally: Interfaces(s) <-> ASIC/FPGA <-> System CPU.

Most of the packets (both forwarded and routed) will just go: InterfaceX <-> ASIC/FPGA <-> InterfaceY.

The SNMP is a process runned in the System CPU and will take some percent depending on how many queries it will get.

Note however that the same way as DNS and NTP can be used for amplification DDoS attacks SNMP can be part of those too. So in that case enabling SNMP and not properly secure it could in worst case make your device become an amplification node for a DDoS-attack and that would in most cases make your device feel sluggish for other traffic.

Here is an example on how you can protect your SNMP:

#
acl number 2003 name v4-MGMT-SNMP
hardware-count enable
rule 5 permit source <REMOVED> 0
rule 10 deny
#
acl ipv6 number 2003 name v6-MGMT-SNMP
hardware-count enable
rule 0 deny fragment
rule 5 deny routing
rule 10 deny
#
snmp-agent
snmp-agent local-engineid <REMOVED>
snmp-agent community read <REMOVED> acl ipv6 2003 acl 2003
snmp-agent sys-info contact <REMOVED>
snmp-agent sys-info location <REMOVED>
snmp-agent sys-info version v1 v2c
snmp-agent trap source LoopBack0
#

For added security you can also disable v1 and v2c and only use v3 with encryption.
0 Kudos
Vince-Whirlwind
Honored Contributor

тАО08-31-2014 03:40 PM

тАО08-31-2014 03:40 PM

Re: Will SNMP degrade switch or router performance ?

Just to add to that - the additional load on the network from SNMP is minor at each device that is sending traps or responding to queries, but all these small traffic flows become concentrated at the device that is doing the monitoring. Even so, it has been my experience that the bottleneck is the internal resources of the device doing the collecting, not the network resources.

Do what I did - add your devices a few at a time and observe the results.

 

The biggest factor isn't really the total number of devices, it's the extent of the data you configure it to collect: increase the granularity of the SNMP stats you collect (ie, select every switchport and increase to 5s av rather than 3 min av) and observe the results. This is when you should see the biggest performance hit.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.