dual stack ipv4 ipv6 monitoring with nagios
play

Dual-stack IPv4+IPv6 monitoring with Nagios Teemu Kiviniemi, - PowerPoint PPT Presentation

Feb 05, 2023 •812 likes •1.09k views

Dual-stack IPv4+IPv6 monitoring with Nagios Teemu Kiviniemi, CSC/Funet 6th June 2012 6th TF-NOC meeting Dublin, Ireland Introduction World IPv6 Launch is today! When enabling IPv6 support in services, it is crucial to monitor with both IPv4

  1. Dual-stack IPv4+IPv6 monitoring with Nagios Teemu Kiviniemi, CSC/Funet 6th June 2012 6th TF-NOC meeting Dublin, Ireland

  2. Introduction World IPv6 Launch is today! When enabling IPv6 support in services, it is crucial to monitor with both IPv4 and IPv6. – If the IPv6 service is not monitored, IPv6- related problems may not be detected and IPv6-enabled users will see deteriorated performance. How to monitor dual-stack service with Nagios? 2

  3. Monitoring a dual-stack HTTP server Solution: run check_http for the IPv4 and IPv6 services separately. Problems: – It’s easy to forget to configure the IPv6 service. – Doubles the number of monitored services. – Doubles the number of service notifications. – Doubles the number of services that must have scheduled downtime during service maintenance. 3

  4. Monitoring a dual-stack HTTP server Solution: run check_http for the IPv4 and IPv6 services separately, and use check_cluster to combine the results. Problems: – It’s easy to forget to configure IPv6 monitoring. – Three times the number of monitored services. – Error-prone to configure manually. 4

  5. Introducing check_v46 A Nagios plugin wrapper that makes monitoring dual-stack services easier. Compatible with most Nagios plugins that support the standard command line options: -4, -6, --hostname Developed at Funet. 5

  6. How the wrapper works The wrapper behaves like any Nagios check plugin. To use, replace check_http – H www.funet.fi with check_v46 check_http – H www.funet.fi The wrapper queries DNS and runs the actual plugin once or twice with -4 or -6 parameters if IPv4/IPv6 addresses exist for the name. 6

  7. How the wrapper works (continued) The wrapper returns the worst result returned by the actual check plugin. – If the IPv4 service is in CRITICAL state, but the IPv6 service is in WARNING state, CRITICAL will be returned by the wrapper. Any returned performance data labels are prepended with ” ipv4_ ” or ” ipv6_ ”. The extended status information will contain the full output of the executed check plugins. 7

  8. Benefits Easy to configure: it is enough to update the configuration of the check command. – All services monitored with the check command become instantly dual-stack aware. Monitoring follows the actual data returned by DNS. – Dual-stack monitoring is done only if the host name has both IPv4 and IPv6 addresses. – Follows the behaviour of real clients. Only one monitored service in Nagios. 8

  9. Disadvantages Only one service for both IPv4 and IPv6 – No separate availability statistics for IPv4 and IPv6. May affect performance, as IPv4 and IPv6 service checks are run serially. 9

  10. PLUGIN WRAPPER DEMO 10

  11. Demo: HTTP monitoring $ check_http -4 -H demo.funet.fi HTTP OK: HTTP/1.1 301 Moved Permanently - 523 bytes in 0.006 second response time |time=0.005673s;;;0.000000 size=523B;;;0 11

  12. Demo: HTTP monitoring $ check_http -4 -H demo.funet.fi HTTP OK: HTTP/1.1 301 Moved Permanently - 523 bytes in 0.006 second response time |time=0.005673s;;;0.000000 size=523B;;;0 $ check_http -6 -H demo.funet.fi HTTP OK: HTTP/1.1 301 Moved Permanently - 523 bytes in 0.004 second response time |time=0.003978s;;;0.000000 size=523B;;;0 12

  13. Demo: HTTP monitoring $ check_http -4 -H demo.funet.fi HTTP OK: HTTP/1.1 301 Moved Permanently - 523 bytes in 0.006 second response time |time=0.005673s;;;0.000000 size=523B;;;0 $ check_http -6 -H demo.funet.fi HTTP OK: HTTP/1.1 301 Moved Permanently - 523 bytes in 0.004 second response time |time=0.003978s;;;0.000000 size=523B;;;0 $ check_v46 check_http -H demo.funet.fi OK: IPv6/demo.funet.fi OK, IPv4/demo.funet.fi OK | ipv6_time=0.004730s;;;0.000000 ipv6_size=523B;;;0 ipv4_time=0.002237s;;;0.000000 ipv4_size=523B;;;0 Status details: IPv6/demo.funet.fi: HTTP OK: HTTP/1.1 301 Moved Permanently - 523 bytes in 0.005 second response time IPv4/demo.funet.fi: HTTP OK: HTTP/1.1 301 Moved Permanently - 523 bytes in 0.002 second response time 13

  14. Demo: SSH monitoring $ check_ssh -4 -H demo.funet.fi SSH OK - OpenSSH_5.3p1 Debian-3ubuntu7 (protocol 2.0) 14

  15. Demo: SSH monitoring $ check_ssh -4 -H demo.funet.fi SSH OK - OpenSSH_5.3p1 Debian-3ubuntu7 (protocol 2.0) $ check_ssh -6 -H demo.funet.fi SSH OK - OpenSSH_5.3p1 Debian-3ubuntu7 (protocol 2.0) 15

  16. Demo: SSH monitoring $ check_ssh -4 -H demo.funet.fi SSH OK - OpenSSH_5.3p1 Debian-3ubuntu7 (protocol 2.0) $ check_ssh -6 -H demo.funet.fi SSH OK - OpenSSH_5.3p1 Debian-3ubuntu7 (protocol 2.0) $ check_v46 check_ssh -H demo.funet.fi OK: IPv6/demo.funet.fi OK, IPv4/demo.funet.fi OK Status details: IPv6/demo.funet.fi: SSH OK - OpenSSH_5.3p1 Debian-3ubuntu7 (protocol 2.0) IPv4/demo.funet.fi: SSH OK - OpenSSH_5.3p1 Debian-3ubuntu7 (protocol 2.0) 16

  17. Demo: Ping monitoring $ check_fping -4 -H demo.funet.fi FPING OK - demo.funet.fi (loss=0%, rta=0.330000 ms)|loss=0%;;;0;100 rta=0.000330s;;;0.000000 17

  18. Demo: Ping monitoring $ check_fping -4 -H demo.funet.fi FPING OK - demo.funet.fi (loss=0%, rta=0.330000 ms)|loss=0%;;;0;100 rta=0.000330s;;;0.000000 We use patched check_fping $ check_fping -6 -H demo.funet.fi FPING OK - demo.funet.fi (loss=0%, rta=0.360000 ms)|loss=0%;;;0;100 rta=0.000360s;;;0.000000 18

  19. Demo: Ping monitoring $ check_fping -4 -H demo.funet.fi FPING OK - demo.funet.fi (loss=0%, rta=0.330000 ms)|loss=0%;;;0;100 rta=0.000330s;;;0.000000 We use patched check_fping $ check_fping -6 -H demo.funet.fi FPING OK - demo.funet.fi (loss=0%, rta=0.360000 ms)|loss=0%;;;0;100 rta=0.000360s;;;0.000000 $ check_v46 check_fping -H demo.funet.fi OK: IPv6/demo.funet.fi OK, IPv4/demo.funet.fi OK | ipv6_loss=0%;;;0;100 ipv6_rta=0.000440s;;;0.000000 ipv4_loss=0%;;;0;100 ipv4_rta=0.000380s;;;0.000000 Status details: IPv6/demo.funet.fi: FPING OK - demo.funet.fi (loss=0%, rta=0.440000 ms) IPv4/demo.funet.fi: FPING OK - demo.funet.fi (loss=0%, rta=0.380000 ms) 19

  20. Demo: Broken IPv6 $ check_fping -4 -H demo.funet.fi FPING OK - demo.funet.fi (loss=0%, rta=0.310000 ms)|loss=0%;;;0;100 rta=0.000310s;;;0.000000 20

  21. Demo: Broken IPv6 $ check_fping -4 -H demo.funet.fi FPING OK - demo.funet.fi (loss=0%, rta=0.310000 ms)|loss=0%;;;0;100 rta=0.000310s;;;0.000000 $ check_fping -6 -H demo.funet.fi FPING CRITICAL - demo.funet.fi (loss=100% )|loss=100%;;;0;100 21

  22. Demo: Broken IPv6 $ check_fping -4 -H demo.funet.fi FPING OK - demo.funet.fi (loss=0%, rta=0.310000 ms)|loss=0%;;;0;100 rta=0.000310s;;;0.000000 $ check_fping -6 -H demo.funet.fi FPING CRITICAL - demo.funet.fi (loss=100% )|loss=100%;;;0;100 $ check_v46 check_fping -H demo.funet.fi CRITICAL: IPv6/demo.funet.fi CRITICAL, IPv4/demo.funet.fi OK | ipv6_loss=100%;;;0;100 ipv4_loss=0%;;;0;100 ipv4_rta=0.000400s;;;0.000000 Status details: IPv6/demo.funet.fi: FPING CRITICAL - demo.funet.fi (loss=100% ) IPv4/demo.funet.fi: FPING OK - demo.funet.fi (loss=0%, rta=0.400000 ms) 22

  23. Demo: IPv4 address removed  $ check_fping -4 -H demo.funet.fi check_fping: Invalid hostname/address - demo.funet.fi Usage: check_fping <host_address> -w limit -c limit [-b size] [-n number] [-T number] [-i number] 23

  24. Demo: IPv4 address removed  $ check_fping -4 -H demo.funet.fi check_fping: Invalid hostname/address - demo.funet.fi Usage: check_fping <host_address> -w limit -c limit [-b size] [-n number] [-T number] [-i number] $ check_fping -6 -H demo.funet.fi FPING OK - demo.funet.fi (loss=0%, rta=0.430000 ms)|loss=0%;;;0;100 rta=0.000430s;;;0.000000 24

  25. Demo: IPv4 address removed  $ check_fping -4 -H demo.funet.fi check_fping: Invalid hostname/address - demo.funet.fi Usage: check_fping <host_address> -w limit -c limit [-b size] [-n number] [-T number] [-i number] $ check_fping -6 -H demo.funet.fi FPING OK - demo.funet.fi (loss=0%, rta=0.430000 ms)|loss=0%;;;0;100 rta=0.000430s;;;0.000000 $ check_v46 check_fping -H demo.funet.fi OK: IPv6/demo.funet.fi OK | ipv6_loss=0%;;;0;100 ipv6_rta=0.001330s;;;0.000000 Status details: IPv6/demo.funet.fi: FPING OK - demo.funet.fi (loss=0%, rta=1.330000 ms) 25

  26. Conclusions The wrapper makes dual-stack monitoring very easy. The wrapper plugin is available at: https://gitorious.org/nagios-monitoring-tools/nagios-monitoring- tools/blobs/master/check_v46 check_fping IPv6 patch is available at: http://sourceforge.net/tracker/?func=detail&aid=3490731&group_id =29880&atid=397599 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1 DUT DNS . FW Dual-Stack WWW Dual-Stack . Internet WLAN . IPv6 DUT 1) Silent drop

1 DUT DNS . FW Dual-Stack WWW Dual-Stack . Internet WLAN . IPv6 DUT 1) Silent drop

1 DUT DNS . FW Dual-Stack WWW Dual-Stack . Internet WLAN . IPv6 DUT 1) Silent drop IPv6 ICMPv6 no route 2) IPv6 ICMPv6 address unreachable 3) 2 Device DNS query IPv6 broken, time until fallback to IPv4 Comments sending

278 views • 6 slides
Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com

Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com

Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com When will IPv6-only deployment happen? Hypothesis 1 1st node is All IPv4 nodes dual-stack speak also IPv6 IPv4-only IPv4 &amp; IPv6 IPv6-only

675 views • 25 slides
SIIT-DC: IPv4 Service Contjnuity for IPv6 Data Centres Tore Anderson Redpill Linpro AS UKNOF36,

SIIT-DC: IPv4 Service Contjnuity for IPv6 Data Centres Tore Anderson Redpill Linpro AS UKNOF36,

SIIT-DC: IPv4 Service Contjnuity for IPv6 Data Centres Tore Anderson Redpill Linpro AS UKNOF36, London, January 2017 Incremental IPv6 deployment in DC IPv4-only IPv4-only + IPv6 via NAT/proxy/etc Dual-stacked public frontend, IPv4 BE Full

550 views • 15 slides
dIVI-pd: Dual-Stateless IPv4/IPv6 Translation with Prefix Delegation X. Li, C. Bao, W. Dec, R.

dIVI-pd: Dual-Stateless IPv4/IPv6 Translation with Prefix Delegation X. Li, C. Bao, W. Dec, R.

dIVI-pd: Dual-Stateless IPv4/IPv6 Translation with Prefix Delegation X. Li, C. Bao, W. Dec, R. Asati, C. Xie, Q. Sun 2011-11-12 Introduction The dIVI-PD is an extension of stateless IPv4/IPv6 translation with address sharing RFC6052:

890 views • 15 slides
IPv6 only Session IPv6 only Session APAN 29 Sydney 10 th February, 2010 W here w e are W

IPv6 only Session IPv6 only Session APAN 29 Sydney 10 th February, 2010 W here w e are W

IPv6 only Session IPv6 only Session APAN 29 Sydney 10 th February, 2010 W here w e are W here w e are All IPv4/IPv6 dual stack Dual 10 Gbps circuits / 3 A Little closer A Little closer I Pv6 Deploym ent I Pv6 Deploym ent We

548 views • 20 slides
Microsoft IT: Journey to IPv6 Veronika McKillop Network Architect Microsoft CSE&amp;O Agenda

Microsoft IT: Journey to IPv6 Veronika McKillop Network Architect Microsoft CSE&amp;O Agenda

Microsoft IT: Journey to IPv6 Veronika McKillop Network Architect Microsoft CSE&amp;O Agenda Network Overview Dual-Stack Status Moving to IPv6-Only June 2015 Apple WWDC IPv4 Market Group This WAS the plan RFC 7269 Dual

662 views • 28 slides
IPv6 Avanzado Introduccin Toms Lynch LACNOG WHERE ARE WE? IPv4 Yes, the IPv4 pool

IPv6 Avanzado Introduccin Toms Lynch LACNOG WHERE ARE WE? IPv4 Yes, the IPv4 pool

IPv6 Avanzado Introduccin Toms Lynch LACNOG WHERE ARE WE? IPv4 Yes, the IPv4 pool IPv4 with NAT/Tunnels But we can use IPv4 and NAT or Tunnels!!! Yeah, right IPv6 IPv6 Readiness Laptops, pads, mobile phones, dongles,

477 views • 19 slides
IPv6 Yourself Jumping Bean What is IPv6? Replacement for IPv4, 128 bit IP address

IPv6 Yourself Jumping Bean What is IPv6? Replacement for IPv4, 128 bit IP address

IPv6 Yourself Jumping Bean What is IPv6? Replacement for IPv4, 128 bit IP address IPv4 allowed for 4.3 billion possible addresses, IPv6 allows for 340 undecillion addresses 3.40E38, 7.9E28 more than IPv4 addresses, ~ 4.8x10

1.07k views • 28 slides
Versatile IPv6 Mobility Deployment with Dual Stack Mobile IPv6 Romain KUNTZ (LSIIT, Strasbourg,

Versatile IPv6 Mobility Deployment with Dual Stack Mobile IPv6 Romain KUNTZ (LSIIT, Strasbourg,

Versatile IPv6 Mobility Deployment with Dual Stack Mobile IPv6 Romain KUNTZ (LSIIT, Strasbourg, France) - kuntz@lsiit.u-strasbg.fr Jean LORCHAT (IIJ, Japan) - jean@iij.ad.jp 2008/08/22 - MobiArch IPv6 and Mobility In a nutshell Goal : moving

309 views • 15 slides
Understanding the Share of IPv6 Traffic in a Dual-Stack ISP Enric Pujol, Philipp Richter, and

Understanding the Share of IPv6 Traffic in a Dual-Stack ISP Enric Pujol, Philipp Richter, and

Understanding the Share of IPv6 Traffic in a Dual-Stack ISP Enric Pujol, Philipp Richter, and Anja Feldmann PAM 2017, Sydney, Australia IPv6 adoption metrics User end hosts Server-side measurements e.g., Google reports 20% of the hosts have

869 views • 40 slides
Measuting IPv6 Network Quality 1 dual-stack node discovery Table 1: IPv6 prefixes extracted

Measuting IPv6 Network Quality 1 dual-stack node discovery Table 1: IPv6 prefixes extracted

Measuting IPv6 Network Quality 1 dual-stack node discovery Table 1: IPv6 prefixes extracted prefix prefix use 2004/06 2004/08 2005/01 2001::/16 Aggregatable Global Unicast 6,585 6,665 4,394 3ffe::/16 6bone 1,762 1,459 291

401 views • 6 slides
Comparing IPv4 and IPv6 from the perspec7ve of BGP dynamic

Comparing IPv4 and IPv6 from the perspec7ve of BGP dynamic

Comparing IPv4 and IPv6 from the perspec7ve of BGP dynamic ac7vity Geoff Huston APNIC February 2012 The IPv4 Table: 2004 - now The IPv6

770 views • 47 slides
Life with IPv6 Journe Cohabitation IPv4-IPv6 16 Fvrier 2005 Keiichi SHIMA

Life with IPv6 Journe Cohabitation IPv4-IPv6 16 Fvrier 2005 Keiichi SHIMA

Life with IPv6 Journe Cohabitation IPv4-IPv6 16 Fvrier 2005 Keiichi SHIMA &lt;keiichi@iijlab.net&gt; IIJ Research Laboratory / WIDE project Contents IPv6 service in Japan How I live Example of IPv6 configuration Some news of IPv6

653 views • 16 slides
H3C S5500-SI System Description ISSUE 2.0 Date Hangzhou H3C Technologies Co., Ltd. Review

H3C S5500-SI System Description ISSUE 2.0 Date Hangzhou H3C Technologies Co., Ltd. Review

H3C S5500-SI System Description ISSUE 2.0 Date Hangzhou H3C Technologies Co., Ltd. Review Impelling 1000M desktop connection demands Development of IPV6 applications New-generation full 1000M IPv4/IPv6 dual-stack switch

580 views • 45 slides
IPv6 Presentation Template (Make this title your own!) Whats happening with IPv4? IPv4

IPv6 Presentation Template (Make this title your own!) Whats happening with IPv4? IPv4

IPv6 Presentation Template (Make this title your own!) Whats happening with IPv4? IPv4 exhaustion (link to RIRs and highlight relevant trends for your region) Regional Internet Authorities are in various phases of IPv4 exhaustion

486 views • 13 slides
Large-scale introduction of IPv6 system - 280 sites all over Japan VoIP carrier IPv4 - IPv6 Node

Large-scale introduction of IPv6 system - 280 sites all over Japan VoIP carrier IPv4 - IPv6 Node

Large-scale introduction of IPv6 system - 280 sites all over Japan VoIP carrier IPv4 - IPv6 Node as many as 20,000 IPv6/IPv4 The IP Centrex service, &quot;IP Business Phone&quot;, Translator developed by FreeBit, has got a major contract with

752 views • 5 slides
The State of the Art in Bufferbloat Testing and Reduction on Linux Toke Hiland-Jrgensen

The State of the Art in Bufferbloat Testing and Reduction on Linux Toke Hiland-Jrgensen

The State of the Art in Bufferbloat Testing and Reduction on Linux Toke Hiland-Jrgensen Roskilde University IETF 86, 12th March 2013 1 / 31 Outline Introduction Recent changes in the Linux kernel Testing methodology and best practices

689 views • 31 slides
The value of repeatable experiments and negative results Dave Tht Bufferbloat.net Sigcomm CCW

The value of repeatable experiments and negative results Dave Tht Bufferbloat.net Sigcomm CCW

The value of repeatable experiments and negative results Dave Tht Bufferbloat.net Sigcomm CCW Aug 18 th , 2014 Installing netperf-wrapper Linux (debian or ubuntu) sudo apt-get install python-matplotlib python-qt4 fping subversion

690 views • 43 slides
Neurologic Emergencies Case #1 A 67F is hospitalized with a community-acquired pneumonia. On

Neurologic Emergencies Case #1 A 67F is hospitalized with a community-acquired pneumonia. On

Neurologic Emergencies Case #1 A 67F is hospitalized with a community-acquired pneumonia. On Day#3 she is feeling much better awaiting discharge when her nurse finds her unresponsive with rhythmic shaking of all limbs. PMHx: COPD

502 views • 13 slides
MOVING THE WORLD AT WORK Wilson R. Jones President and Chief Executive Officer Oshkosh

MOVING THE WORLD AT WORK Wilson R. Jones President and Chief Executive Officer Oshkosh

MOVING THE WORLD AT WORK Wilson R. Jones President and Chief Executive Officer Oshkosh Corporation David M. Sagehorn (NYSE:OSK) Executive Vice President and Chief Financial Officer Fourth Quarter Fiscal 2017 Patrick N. Davidson Senior Vice

363 views • 20 slides
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning Objectives

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning Objectives

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning Objectives After reading this chapter and completing the exercises, you will be able to: Describe port scanning and types of port scans Describe

368 views • 5 slides
BISmark Platform 2015/16 Status and Roadmap Agenda Project Status &amp; Architecture

BISmark Platform 2015/16 Status and Roadmap Agenda Project Status &amp; Architecture

BISmark Platform 2015/16 Status and Roadmap Agenda Project Status &amp; Architecture What we have (deployed)? What we want (roadmap)? Project Status Broadband Internet Service Benchmark 2010; OpenWrt based customized

378 views • 14 slides
Other monitoring tools Bartek Gajda Poznan Supercomputing and Networking Center

Other monitoring tools Bartek Gajda Poznan Supercomputing and Networking Center

Other monitoring tools Bartek Gajda Poznan Supercomputing and Networking Center gajda@man.poznan.pl EGI TF, Madrid September 2013 connect communicate collaborate Other monitoring tools Do we need other monitoring tools? There are

498 views • 26 slides
Different Goals for our NMS Many uses for Internet-scale path measurements: Towards a High

Different Goals for our NMS Many uses for Internet-scale path measurements: Towards a High

Different Goals for our NMS Many uses for Internet-scale path measurements: Towards a High Quality Path- Discover network trends, find paths Building network models oriented Network Measurement Run experiments using models and

209 views • 4 slides

More recommend