[ZBXNEXT-2352] Cache and reuse EngineID to improve snmpV3 checks performance Created: 2014 Jun 24 Updated: 2024 Mar 01 |
|
Status: | Open |
Project: | ZABBIX FEATURE REQUESTS |
Component/s: | Proxy (P), Server (S) |
Affects Version/s: | 2.2.4, 2.3.1 |
Fix Version/s: | None |
Type: | Change Request | Priority: | Major |
Reporter: | Oleksii Zagorskyi | Assignee: | Zabbix Development Team |
Resolution: | Unresolved | Votes: | 11 |
Labels: | performance, snmpv3 | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Issue Links: |
|
Description |
Described in first comment because of formating. |
Comments |
Comment by Oleksii Zagorskyi [ 2014 Jun 24 ] |
Test performed with single poller configured in server config file. Minor note: Here and next I show 2 consecutive polls for a single item, divided by a line break. Vanilla zabbix server, right after restart: For D-link: No. Time Source Destination Length Protocol Info SRC port Engine-Boots Engine-Time Priv Auth Engine-MAC Enterprise 47 20:03:28.039796000 my-zabbix snmp-3550-6 108 SNMP get-request 60977 0 0 Not set Not set 48 20:03:28.047956000 snmp-3550-6 my-zabbix 148 SNMP report SNMP-USER-BASED-SM-MIB::usmStatsUnknownEngineIDs.0 161 0 0 Not set Not set 00:1b:11:b5:d3:d2 D-Link Systems, Inc. 49 20:03:28.048244000 my-zabbix snmp-3550-6 176 SNMP get-request SNMPv2-MIB::sysDescr.0 60977 0 0 Set Set 00:1b:11:b5:d3:d2 D-Link Systems, Inc. 50 20:03:28.057678000 snmp-3550-6 my-zabbix 182 SNMP report SNMP-USER-BASED-SM-MIB::usmStatsNotInTimeWindows.0 161 12 1165647 Set Set 00:1b:11:b5:d3:d2 D-Link Systems, Inc. 51 20:03:28.057927000 my-zabbix snmp-3550-6 178 SNMP get-request SNMPv2-MIB::sysDescr.0 60977 12 1165647 Set Set 00:1b:11:b5:d3:d2 D-Link Systems, Inc. 52 20:03:28.067628000 snmp-3550-6 my-zabbix 222 SNMP get-response SNMPv2-MIB::sysDescr.0 161 12 1165647 Set Set 00:1b:11:b5:d3:d2 D-Link Systems, Inc. 99 20:03:38.132274000 my-zabbix snmp-3550-6 108 SNMP get-request 43853 0 0 Not set Not set 100 20:03:38.166511000 snmp-3550-6 my-zabbix 148 SNMP report SNMP-USER-BASED-SM-MIB::usmStatsUnknownEngineIDs.0 161 0 0 Not set Not set 00:1b:11:b5:d3:d2 D-Link Systems, Inc. 101 20:03:38.166866000 my-zabbix snmp-3550-6 178 SNMP get-request SNMPv2-MIB::sysDescr.0 43853 12 1165657 Set Set 00:1b:11:b5:d3:d2 D-Link Systems, Inc. 102 20:03:38.185150000 snmp-3550-6 my-zabbix 222 SNMP get-response SNMPv2-MIB::sysDescr.0 161 12 1165657 Set Set 00:1b:11:b5:d3:d2 D-Link Systems, Inc. For localhost: No. Time Source Destination Length Protocol Info SRC port Engine-Boots Engine-Time Priv Auth Engine-MAC Enterprise 153 20:03:50.260837000 127.0.0.1 127.0.0.1 106 SNMP get-request 41899 0 0 Not set Not set 154 20:03:50.261015000 127.0.0.1 127.0.0.1 160 SNMP report SNMP-USER-BASED-SM-MIB::usmStatsUnknownEngineIDs.0 161 9 124074 Not set Not set net-snmp 155 20:03:50.261213000 127.0.0.1 127.0.0.1 190 SNMP get-request SNMPv2-MIB::sysDescr.0 41899 9 124074 Set Set net-snmp 156 20:03:50.261320000 127.0.0.1 127.0.0.1 254 SNMP get-response SNMPv2-MIB::sysDescr.0 161 9 124074 Set Set net-snmp 319 20:04:20.538908000 127.0.0.1 127.0.0.1 106 SNMP get-request 55691 0 0 Not set Not set 320 20:04:20.539180000 127.0.0.1 127.0.0.1 160 SNMP report SNMP-USER-BASED-SM-MIB::usmStatsUnknownEngineIDs.0 161 9 124104 Not set Not set net-snmp 321 20:04:20.539618000 127.0.0.1 127.0.0.1 190 SNMP get-request SNMPv2-MIB::sysDescr.0 55691 9 124105 Set Set net-snmp 322 20:04:20.540077000 127.0.0.1 127.0.0.1 254 SNMP get-response SNMPv2-MIB::sysDescr.0 161 9 124104 Set Set net-snmp As we see in case of D-link after zabbix restart a zabbix process (for details see And here is a question - why do we spend some time to discover engineID? What I did - I hardcoded engineID in zabbix sources (at start for "zbx_snmp_open_session" function, for snmpV3) to see what I can get in a result. // u_char engine_id[] = { 0x80, 0x00, 0x00, 0xab, 0x03, 0x00, 0x1b, 0x11, 0xb5, 0xd3, 0xd2 }; //D-link u_char engine_id[] = { 0x80, 0x00, 0x1f, 0x88, 0x80, 0x93, 0x4e, 0xde, 0x66, 0xfb, 0x80, 0x95, 0x53, 0x00, 0x00, 0x00, 0x00 }; //localhost session.securityEngineID = engine_id; session.securityEngineIDLen = sizeof(engine_id); And I was happy to see success! Patched zabbix server, right after restart: No. Time Source Destination Length Protocol Info SRC port Engine-Boots Engine-Time Priv Auth Engine-MAC Enterprise 17 14:36:18.073879 my-zabbix snmp-3550-6 176 SNMP get-request SNMPv2-MIB::sysDescr.0 35757 0 0 Set Set 00:1b:11:b5:d3:d2 D-Link Systems, Inc. 18 14:36:18.083926 snmp-3550-6 my-zabbix 182 SNMP report SNMP-USER-BASED-SM-MIB::usmStatsNotInTimeWindows.0 161 12 714020 Set Set 00:1b:11:b5:d3:d2 D-Link Systems, Inc. 19 14:36:18.084084 my-zabbix snmp-3550-6 178 SNMP get-request SNMPv2-MIB::sysDescr.0 35757 12 714020 Set Set 00:1b:11:b5:d3:d2 D-Link Systems, Inc. 20 14:36:18.094461 snmp-3550-6 my-zabbix 222 SNMP get-response SNMPv2-MIB::sysDescr.0 161 12 714020 Set Set 00:1b:11:b5:d3:d2 D-Link Systems, Inc. 23 14:36:28.165773 my-zabbix snmp-3550-6 178 SNMP get-request SNMPv2-MIB::sysDescr.0 38450 12 714030 Set Set 00:1b:11:b5:d3:d2 D-Link Systems, Inc. 24 14:36:28.176490 snmp-3550-6 my-zabbix 222 SNMP get-response SNMPv2-MIB::sysDescr.0 161 12 714031 Set Set 00:1b:11:b5:d3:d2 D-Link Systems, Inc. hardcoded localhost's engineID: No. Time Source Destination Length Protocol Info SRC port Engine-Boots Engine-Time Priv Auth Engine-MAC Enterprise 1 13:30:50.918574000 127.0.0.1 127.0.0.1 188 SNMP get-request SNMPv2-MIB::sysDescr.0 48864 0 0 Set Set net-snmp 2 13:30:50.918964000 127.0.0.1 127.0.0.1 176 SNMP report SNMP-USER-BASED-SM-MIB::usmStatsNotInTimeWindows.0 161 20 2419 Not set Set net-snmp 3 13:30:50.919199000 127.0.0.1 127.0.0.1 189 SNMP get-request SNMPv2-MIB::sysDescr.0 48864 20 2419 Set Set net-snmp 4 13:30:50.919468000 127.0.0.1 127.0.0.1 253 SNMP get-response SNMPv2-MIB::sysDescr.0 161 20 2419 Set Set net-snmp 5 13:31:20.995176000 127.0.0.1 127.0.0.1 189 SNMP get-request SNMPv2-MIB::sysDescr.0 46660 20 2449 Set Set net-snmp 6 13:31:20.995528000 127.0.0.1 127.0.0.1 253 SNMP get-response SNMPv2-MIB::sysDescr.0 161 20 2449 Set Set net-snmp We can see that starting from 2nd session, both hosts have only one get/response pair to get a value. So traffic is decreased, time spent decreases, load on monitored device decreased! I checked also bulk-get behavior (for several snmp items, starting from 2.2.3) - for 1st get-request zabbix sent the same 106|108 bytes packet, which contain empty "variable-bindings". So from 2.2.3 traffic and time "overhead" is not so big as previously, but still. What we need is to to cache engineID-IP pairs and reuse engineID later. Just FYI - libnetsnmp have interesting functions:
During experiments I tried to use both - both are working as expected. It can provide some more possibilities - for example detecting duplicated enineIDs and printing very nice error messages to zabbix log (and do not cache them of course) etc. During investigation I used other functions as well, for example dump_etimelist(); (which requires net-snmp recompiled with --enable-testing-code option.) |
Comment by Oleksii Zagorskyi [ 2014 Jun 24 ] |
oh, btw, thanks to asaveljevs who helped me to construct correctly engine_id[] array after 2 hours of my own unsuccessful attempts |
Comment by Vadim Nesterov [ 2015 Dec 22 ] |
Can this be an option? If option is not set, than zabbix per each request does discovering engineid and time ? |
Comment by Oleksii Zagorskyi [ 2017 Jun 14 ] |
Cross link - |
Comment by Alex Kalimulin [ 2022 Sep 12 ] |
If Zabbix is aware of snmpEngineId at the daemon level it could expose it as an item. Then one could create a trigger on engineId change (e.g. to reload net-snmp cache). |
Comment by Oleksii Zagorskyi [ 2023 Dec 18 ] |
|