Network Management

 View Only
  • 1.  IMC: Critical alarm device does not respond to ping packets, IMC not send icmp requests

    Posted Oct 25, 2024 08:41 AM

    Hi,

    I have got these "fake" alarms continuosly. I have read some other post with same and similar topic, but different contexts.

    My context is the next:

    • I got these alarms every few minutes, it does not look fixed period time.
    • It happens with different random devices (Procurve and Comware 5), there is no pattern. 
    • Alarm duration is ALWAYS 1min (1min 0 to 5 seg).
    • IMC is en L2 deployment (same local network as switches).
    • Zabbix in L3 deployment has no problem with icmp tests to same devices (poll interval can be higher).
    • iMC PLAT 7.3 (E0710) with 180 devices.
    • Resources are not satured/high.
    • Bigger databse is about 3xx Mb.
    • Java Heap size was increased for testing and network card buffers in Red Hat. Same result.
    • Performance view index configured are the next ones:
    Total number of index instances monitored: 2740 Total collecting frequency (times/hour): 32880 Total number of collecting units: 2740
    Total number of instances managed by performance management: 2740 Total collecting frequency of the instance managed by performance management (times/hour): 32880 Total number of collecting units of the instance managed by performance management: 2740

    • Poll interval is the next (I think default):
      - Status poll: 60 sec
      - Configuration poll: 120 min

    After doing a tcpdump capture at same machine, I can notice the next:

    • In general way, I can not see packet lost (all icmp requests has reply).
    • Observing an alarm on a device during that time I can see snmp request and reply to that device, icmp reply and request to other devices. But there are not icmp request to that device during that minute. When icmp reply and requests show up, alarm recovers.

    Do you know this problem or behavior?



  • 2.  RE: IMC: Critical alarm device does not respond to ping packets, IMC not send icmp requests

    Posted Oct 28, 2024 03:46 AM

    Hi Narciso,

    I've recently had similar issue in the lab due to network infrastructure changes, I re-deployed the affected switches, and the problem then went away. Please try to unmanage and delete some of the affected devices, re-add them again and see if the issue will be solved.

    Thank you,

    Best Regards,

    Ivaylo




  • 3.  RE: IMC: Critical alarm device does not respond to ping packets, IMC not send icmp requests

    Posted Oct 31, 2024 09:27 AM

    Hi,

    I have unmanage + delete + add again 10 devices. But alarms show up again.

    One think I do not understand is how it works this alarm or test. Because poll status happens every 60 sec, and alarm it shows up a few seconds after last icmp/ping and recover in next icmp test. It is like out of sync, a poll delay or similar.

    Thanks, 

    Best Regards




  • 4.  RE: IMC: Critical alarm device does not respond to ping packets, IMC not send icmp requests

    Posted Nov 04, 2024 05:11 AM

    Hi Narciso,

    in the administrator guide you can find more information about how alarms and events are generated, chapter Event and alarm management - Microsoft Word - HPE IMC Enterprise and Standard Platform Administrator Guide-20210423-EN.docx

    extract from the guide:

    In IMC, an event is an incident of interest in the network infrastructure. An event could indicate a
    failure or fault on a network device. An event could also indicate a resolution of fault in the network.
    Or an event can be informational. An alarm is an event that has been escalated in IMC for viewing by
    an IMC operator, network administrator, or support team using one of the IMC alarm browser views.
    IMC can receive SNMP traps and Syslog entries as real time alarm sources. You can configure all
    devices in the network infrastructure to send traps to IMC when issues arise and when issues are
    resolved. In addition, you can configure all devices to forward specified Syslog messages to IMC for
    notification of faults or their resolutions.
    IMC can be a source of traps for events. IMC generates traps that are displayed in IMC when events
    arise for managed devices such as when performance thresholds are exceeded, when IP address
    conflicts arise, or when configuration management tasks do not complete. In addition, the IMC
    system is also a managed device and traps can also be generated by IMC when a condition arises
    within IMC such as high CPU utilization, disk space issues, or IMC process issues on the IMC server.
    In addition, IMC has a built in engine for polling configured devices for performance metrics. Systemand user-defined thresholds translate a polling result into an event, whether the event is a fault or its
    resolution.
    IMC itself is a source of events. IMC generates events for IMC.
    Each of these three sources of events (traps, Syslog events, and performance polling) in the network
    infrastructure serves as inputs for alarms in IMC. System- and user-defined rules determine which of
    the events generated by these three sources become an alarm.
    Alarms take the form of entries into alarm browser views in IMC. They also can be escalated into
    alarm notifications through mail, SMS text messaging, or alarm forwarding to help desk and other
    management systems.
    Once an event becomes an alarm, it is written to the alarm database. There are two ways to remove
    an alarm from IMC's views and further notifications. 

    Thank you,

    Best Regards,

    Ivaylo