We are monitoring more than 400 devices via SNMP, there is no limitation for number of nodes to monitor, licensed for unlimited nodes
the problem is alarms are malfunctioning, the monitoring software team told windows servers cannot handle more than 100 SNMP packets per second, Is it true?
Windows does not process the SNMP packets, it only hands them over to the monitoring software just like any other network packet. To say that Windows cannot handle 100 SNMP packets per second is saying that Windows cannot handle 100 packets of any kind per second.
That does not mean it is impossible for Windows to be the weakest link, but there are other more likely bottlenecks:
Your server hardware (mostly CPU and the network interface).
Your network (cabling, routers, switches, VPN connections, proxies, ..).
The devices you are monitoring. Devices like IP-phones, printers etc do not have a lot of processing power and may not be able to keep up with the SNMP requests from the server.
The monitoring software itself.
Related
I am working on a project where I want to use MQTT, some of my project requirements are around 25k clients connected and a message rate around 4000 messages/sec, after looking some open-source broker option I have been making some test whit mosquitto.
I am using a software called JMTER(it can simulate by threads the clients and messages that I need).
The machine where I am doing the test has 2 Intel® Xeon® Processors E5-2620 v3, it has 6 cores and 12 threads each one, and 9 GB ram,15M Cache, 2.40 GHz, my OS is windows server 2012 R2, so I have a good machine to host a broker.
To monitor my testing attempts I use MQTT explorer which is a plugging specially design to mosquitto.
I have been making some test trying 2k clients (1k publishing 1000 messages/second during 15 seconds, the message was “Hola1” and also 1k subscribers) these numbers where the highest ones that I could get, every time I tried to pass this number of clients mosquitto just died and I lost the connections.
I have been looking in web sites and some people say that mosquitto can handle up to 100k connections, some people say that you can configure your broker to support more connections but I haven’t figured out the way to configure my broker, is there any guide or documentation available to do this?
I have a general question but I could not find any useful information to answer it.
Just to be clear, I do understand how the SNMP works (Manager, Agent, MIB).
What I do not understand is how a device becomes SNMP enabled?
Does it happen at the manufacturing stage?
Can anyone explain this to me, please?
SNMP is a protocol (set of rules) for device communications. An application on the device opens a network port, listens for connections, and responds to those connections. It's similar, at least in theory, to a web server or any other kind of server. Usually the SNMP server software will be written into firmware on the device by the manufacturer, but for computers it may be loaded at boot time or on demand.
There is a hardware system that uses a gsm shield to have an access to the internet. The system should be reliable and all ddos attack vectors are taken into account.
We afraid of sms ddos attack, that can be realized via sending too much sms messages (or especially malformed sms/invisible sms/binary sms). The question is does the receiving of sms hampers the traffic sending for gsm shield/modem? What happens with traffic sending at the moment when the sms is received? How many time the shield /modem is out of sending traffic service per each sms?
SMSs are usually transmitted over a control channel, like the SDCCH (Stand-alone Dedicated Control Channel) or the FACCH (Fast Associated Control Channel). These are the same channels which are used to initiate and hold a call. It is possible to receive SMS while a call is in progress by temporarily reallocating part of the data channel to a control channel (e.g. SDCCH) and using this bandwidth to transmitt/receive an SMS.
If DDOS is possible, I think, depends more on the bandwidth allocation policy of the mobile network operator.
Of course, since the free air used for signal transmission is a shared medium for everyone in a cell, it is always possible to generate heavy load by gathering a group of people all sending SMS and making phone calls at the same time in close proximity of e.g. your GSM shield, effectively staging a DDOS attack if it's done on purpose.
I’m trying to optimize the communication in a large system which is based on UDP.
By optimizing, I mean to minimize the loss of packets.
(Yes I know the inherent limitations of UDP, don’t suggest another protocol)
We have several .exe each with several threads, and use
setsockopt with SO_SNDBUF & SO_RCVBUF to increase to bufers.
We have experienced that setting very large buffer for many sockets degrade the overall performance (more packet loss)
But how to monitor the effect of these increased buffer sizes? . Especially on the receive side, I would like to see if any ports gets messages is discarded due to lack of buffer.
Please suggest how this can be done,
(Windbg in user or kernel mode, special programs, witting something self)
EDIT:
#EdChum:
I have already used WireShark, and yes its painful to correlate the packets on the wire with the packets received by the application. And I have seen several occasions where the packet is on the wire, (captured by Wireshark) but not received by the application.
Those packets lost are usually a small packet to a multicast destination, which is sent with a very little time gap after a big unicast packet. The receiver of the unicast looses the multicast, but other receives it.
My suspicion is that XP sometimes suffer from some buffer starvation somewhere in the NDIS or IP layers and therefore silently drops packets. If there is a counter somewhere I could get this confirmed.
Not sure how to do this using WinDbg but I would use either NetMon or WireShark to monitor the packets and see if any are being discarded, it will be painful depending on how easy it is to reproduce and you will need to learn how to filter the packets so that the display shows what you are interested in but the help for both those apps are very useful.
You have to listen to a physical socket and not the loopback address in order to monitor the packets.
we using Tibco RVRD for both Unix and windows as the messaging system. Just wonder, other than buy HAWK from Tibco, is there anyway to measure the network usage, before and after RVRD compression?
There is a really great tool for this called Rai Insight
Basically what it can do is to sit on a box and silently listen all the multicast data and represent statistics even in real time. We used it to monitor traffic flow spikes with just few seconds delay.
It can give you traffic statistics braked down by multicast group, service number or even sending machine. Traffic flow peak/average, retransmission rate peak/average. All you can think of.
I haven't really used it for such, but the rvrd web gui (default http://server:7580) provides some statistics on inbound/outbound messages and bytes.