High ARP cache usage-radware-alteon-os

error
health-checks
alteon-os
radware
High ARP cache usage-radware-alteon-os
0

#1

High ARP cache usage-radware-alteon-os

Vendor: radware

OS: alteon-os

Description:
Indeni will alert when the number of ARP entries stored by a device is nearing the allowed limit.

Remediation Steps:
Identify the cause of the large ARP table. If it is due to a legitimate cause, such as a high number of hosts visible on the available networks, please contact your technical support provider.

radware-switchCapIpARPCurrEnt

#! META
name: radware-switchCapIpARPCurrEnt
description: get the ARP cache utilization
type: monitoring
monitoring_interval: 5 minute 
requires:
    os.name: "alteon-os"
    vendor: "radware"
    or:
        -
            vadc: "true"
        -
            standalone: "true"

#! REMOTE::HTTP
url: /config/switchCapIpARPCurrEnt
protocol: HTTPS

#! PARSER::JSON
_metrics:
    -
        _value.double:
            _value: switchCapIpARPCurrEnt
        _tags:
            "im.name":
                _constant: "arp-total-entries"
            "live-config":
                _constant: "true"
            "display-name":
                _constant: "ARP - Entries"
            "im.dstype.displayType":
                _constant: "number"

radware-api-config-switchCapIpARPMaxEnt

#! META
name: radware-api-config-switchCapIpARPMaxEnt
description: retrieve the maximum number of ARP entries allowed
type: monitoring
monitoring_interval: 59 minute 
requires:
    os.name: "alteon-os"
    vendor: "radware"
    or:
        -
            vsx: "true"
        -
            standalone: "true"

#! COMMENTS
arp-limit:
    why: |
        It is important to track the ARP table of any networking device. For Alteon, this extremely crucial to track as having a full ARP table indicates a saturation of hosts within the subnet and runs the risk of having routing issues.
    how: |
        This script runs the "/config/switchCapIpARPMaxEnt" through the Alteon API gateway.
    without-indeni: |
        An administrator would need to log in to the device and run a CLI command or run the API command "/config/switchCapIpARPMaxEnt".
    can-with-snmp: true
    can-with-syslog: false
    vendor-provided-management: |
        Can be done through Management GUI (Vision or Alteon VX).

#! REMOTE::HTTP
url: /config/switchCapIpARPMaxEnt
protocol: HTTPS

#! PARSER::JSON
_metrics:
    -
        _value.double:
            _value: switchCapIpARPMaxEnt
        _tags:
            "im.name":
                _constant: "arp-limit"
            "live-config":
                _constant: "true"
            "display-name":
                _constant: "ARP - Cache Limit"
            "im.dstype.displayType":
                _constant: "number"

arp_neighbor_overflow

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.ConditionalRemediationSteps
import com.indeni.server.rules.library.templates.NearingCapacityTemplateRule

/**
  *
  */
case class arp_neighbor_overflow() extends NearingCapacityTemplateRule(
  ruleName = "arp_neighbor_overflow",
  ruleFriendlyName = "All Devices: High ARP cache usage",
  ruleDescription = "Indeni will alert when the number of ARP entries stored by a device is nearing the allowed limit.",
  usageMetricName = "arp-total-entries",
  limitMetricName = "arp-limit",
  threshold = 80.0,
  alertDescriptionFormat = "The ARP table has %.0f entries where the limit is %.0f.\n\nThis alert was added per the request of Mart Khizner (Leumi Card).",
  baseRemediationText = "Identify the cause of the large ARP table. If it is due to a legitimate cause, such as a high number of hosts visible on the available networks, please contact your technical support provider.")(
  ConditionalRemediationSteps.VENDOR_CP -> "Review sk43772: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk43772",
  ConditionalRemediationSteps.OS_NXOS ->
    """|
      |1. Use the "show iparp" NX-OS  command to display the Address Resolution Protocol (ARP) table statistics. Note: You must use the feature interface-vlan command before you can display the ARP information for VLAN interfaces.
      |2. Review the ARP table for unknown hosts which may saturate the ARP table of the switch.
      |3. If the number of ARP entries is normal then consider to upgrade the Nexus switch since it is close to the ARP limit capacity.
      |4. For more information review the next Cisco Configuration  guide: https://www.cisco.com/c/m/en_us/techdoc/dc/reference/cli/n5k/commands/show-ip-arp.html""".stripMargin
)