[j-nsp] NETCONF vs SNMP for monitoring
Phil Mayers
p.mayers at imperial.ac.uk
Mon Sep 1 06:39:17 EDT 2014
On 30/08/14 17:30, Tyler Christiansen wrote:
> SNMP is less resource-intensive and faster than NETCONF. I would use SNMP
> for the things you can and NETCONF for the things you can't. If you
I would agree with this, based on our extensive playing. We tend to
monitor with SNMP, configure with Netconf/Junoscript.
Couple of additional points:
1. Sometimes the SNMP MIB is really horribly organised either from a
performance point of view ("OIDs shall be ordered by prime factorial of
birth date" - hateful if you need to fetch a whole table of 10k rows to
get one item) or needing to fetch a jillion separate tables to get the
final result. In this case, Netconf *may* be faster but...
2. ...you need to account for the overhead of setup/teardown of the
Netconf session, particularly the SSH/HTTPS key exchange. On low-end
devices (EX3300) the CPU were sluggish enough that we opted for plain
TCP transport Junoscript, relying on the firewalled management VLAN for
security. Try to catch everything in one Netconf session - Tyler's point
about async/threading is very relevant here.
3. Occasionally you'll find things not exposed over SNMP; obviously
then Netconf
4. Finally, you may find that bulk data collection - e.g. all the
counters, all the ARP / ethernet switching table entries - is quicker
over Netconf. SNMP results need to be OID-sorted which can be slow, but
also the TCP transport can end up being faster than UDP. Test and see
which works, but also beware faster collection may mean higher CPU on
the monitored device.
More information about the juniper-nsp
mailing list