ASA 8.4 PAT utilization

[kbetsis]

Dear All

I am a newbie in regard to cacti and i would like to ask you all if anyone has accomplished graphing the port utilization per public IP address on an ASA 8.4 version.

After research the following have been identified for several IP blocks PATted to a few public IP address
e.g.
[192.168.0.0/24 PATted to 1.1.1.1]
[192.168.1.0/24 PATted to 1.1.1.1]
[192.168.2.0/24 PATted to 1.1.1.1]
[192.168.3.0/24 PATted to 1.1.1.1]

[192.168.4.0/24 PATted to 1.1.1.2]
[192.168.5.0/24 PATted to 1.1.1.2]
[192.168.6.0/24 PATted to 1.1.1.2]
[192.168.7.0/24 PATted to 1.1.1.2]

1. For a 'n' number of PAT entries the ASA appliance creates different OIDs in order to identify them.
The relevant OID for the identification of the interfaces where the IPs are mapped to
is iso.3.6.1.2.1.123.1.4.1.2.x.y
x signifies the interface and y the relevant number of IPs mapped to that interface.

The produced string for each OID is the name of the interface as configured with the nameif command.
e.g.
iso.3.6.1.2.1.123.1.4.1.2.8.1 = STRING: 'Outside'
iso.3.6.1.2.1.123.1.4.1.2.8.2 = STRING: 'Outside'
iso.3.6.1.2.1.123.1.4.1.2.8.3 = STRING: 'Outside'
iso.3.6.1.2.1.123.1.4.1.2.8.4 = STRING: 'Outside'
iso.3.6.1.2.1.123.1.4.1.2.8.5 = STRING: 'Outside'
iso.3.6.1.2.1.123.1.4.1.2.8.6 = STRING: 'Outside'
iso.3.6.1.2.1.123.1.4.1.2.8.7 = STRING: 'Outside'
iso.3.6.1.2.1.123.1.4.1.2.8.8 = STRING: 'Outside'
e.t.c.

The reason we are seen 8 OIDs instead of 2 is because each public IP address is capable of translating up to 4 IP protocols
TCP, UDP, ICMP and other such as GRE, IPv6 tunnels etc

2. For each OID produced in step 1 a relevant OID is created in order to show the type of each PAT.
The relevant OID for this identification is
iso.3.6.1.2.1.123.1.4.1.10.x.y. = INTEGER: z
where x and y are identical to the previously stated OID in order to identify them and z is according to the protocol used.
The available output is
0:unknown
1:ipv4
2:ipv6
3:ipv4z
4:ipv6z
16:dns

Since we are interested in IPv4 traffic each OID identified above will produce the following result
iso.3.6.1.2.1.123.1.4.1.10.8.1 = INTEGER: 1
iso.3.6.1.2.1.123.1.4.1.10.8.2 = INTEGER: 1
iso.3.6.1.2.1.123.1.4.1.10.8.3 = INTEGER: 1
iso.3.6.1.2.1.123.1.4.1.10.8.4 = INTEGER: 1
iso.3.6.1.2.1.123.1.4.1.10.8.5 = INTEGER: 1
iso.3.6.1.2.1.123.1.4.1.10.8.6 = INTEGER: 1
iso.3.6.1.2.1.123.1.4.1.10.8.7 = INTEGER: 1
iso.3.6.1.2.1.123.1.4.1.10.8.8 = INTEGER: 1

3. The mapped IP addresses can be retrieved from 2 OID.
One OID [iso.3.6.1.2.1.123.1.4.1.11.x.y] is used to state the starting IP address of a range and
one OID [iso.3.6.1.2.1.123.1.4.1.12.x.y] is used to state the last IP Address of a range.
Both of the above OIDs produce the configured IP addresses in HEX format.
We therefore have to convert it to binary in order to resolve the IP addresses stated.

In our case since we have 2 Public IP addresses the following output will be produced
for the starting IP address
iso.3.6.1.2.1.123.1.4.1.11.8.1 = Hex-STRING: 01 01 01 01
iso.3.6.1.2.1.123.1.4.1.11.8.2 = Hex-STRING: 01 01 01 01
iso.3.6.1.2.1.123.1.4.1.11.8.3 = Hex-STRING: 01 01 01 01
iso.3.6.1.2.1.123.1.4.1.11.8.4 = Hex-STRING: 01 01 01 01
iso.3.6.1.2.1.123.1.4.1.11.8.5 = Hex-STRING: 01 01 01 02
iso.3.6.1.2.1.123.1.4.1.11.8.6 = Hex-STRING: 01 01 01 02
iso.3.6.1.2.1.123.1.4.1.11.8.7 = Hex-STRING: 01 01 01 02
iso.3.6.1.2.1.123.1.4.1.11.8.8 = Hex-STRING: 01 01 01 02

for the ending IP address
iso.3.6.1.2.1.123.1.4.1.12.8.1 = Hex-STRING: 01 01 01 01
iso.3.6.1.2.1.123.1.4.1.12.8.2 = Hex-STRING: 01 01 01 01
iso.3.6.1.2.1.123.1.4.1.12.8.3 = Hex-STRING: 01 01 01 01
iso.3.6.1.2.1.123.1.4.1.12.8.4 = Hex-STRING: 01 01 01 01
iso.3.6.1.2.1.123.1.4.1.12.8.5 = Hex-STRING: 01 01 01 02
iso.3.6.1.2.1.123.1.4.1.12.8.6 = Hex-STRING: 01 01 01 02
iso.3.6.1.2.1.123.1.4.1.12.8.7 = Hex-STRING: 01 01 01 02
iso.3.6.1.2.1.123.1.4.1.12.8.8 = Hex-STRING: 01 01 01 02

4. The range of ports used for the PAT can be calculated via 2 OIDs.
OID iso.3.6.1.2.1.123.1.4.1.13.x.y is used for the starting port
and OID iso.3.6.1.2.1.123.1.4.1.14.x.y used for the end port, where x.y remain the same as above for correlation with the public IP Addresses.

Therefore the relevant example the result would be:
iso.3.6.1.2.1.123.1.4.1.13.8.1 = Gauge32: 1
iso.3.6.1.2.1.123.1.4.1.13.8.2 = Gauge32: 1
iso.3.6.1.2.1.123.1.4.1.13.8.3 = Gauge32: 1
iso.3.6.1.2.1.123.1.4.1.13.8.4 = Gauge32: 1
iso.3.6.1.2.1.123.1.4.1.13.8.5 = Gauge32: 1
iso.3.6.1.2.1.123.1.4.1.13.8.6 = Gauge32: 1
iso.3.6.1.2.1.123.1.4.1.13.8.7 = Gauge32: 1
iso.3.6.1.2.1.123.1.4.1.13.8.8 = Gauge32: 1
and
iso.3.6.1.2.1.123.1.4.1.14.8.1 = Gauge32: 65535
iso.3.6.1.2.1.123.1.4.1.14.8.2 = Gauge32: 65535
iso.3.6.1.2.1.123.1.4.1.14.8.3 = Gauge32: 65535
iso.3.6.1.2.1.123.1.4.1.14.8.4 = Gauge32: 65535
iso.3.6.1.2.1.123.1.4.1.14.6.5 = Gauge32: 65535
iso.3.6.1.2.1.123.1.4.1.14.6.6 = Gauge32: 65535
iso.3.6.1.2.1.123.1.4.1.14.8.7 = Gauge32: 65535
iso.3.6.1.2.1.123.1.4.1.14.8.8 = Gauge32: 65535

Through steps 3 and 4 we can calculate the maximum number of PATted connections.
In this example we have 65535 as the maximum concurrent connections mapped to each public IP address.

5. Each of the above ports as stated above is for a specific protocol.
The protocol resulting to each OID previously created can be derived from
OID iso.3.6.1.2.1.123.1.4.1.15.x.y

For our example the produced result will be
iso.3.6.1.2.1.123.1.4.1.14.8.1 = Hex-STRING: 10
iso.3.6.1.2.1.123.1.4.1.14.8.2 = Hex-STRING: 80
iso.3.6.1.2.1.123.1.4.1.14.8.3 = STRING: "@"
iso.3.6.1.2.1.123.1.4.1.14.8.4 = STRING: " "
iso.3.6.1.2.1.123.1.4.1.14.6.5 = STRING: "@"
iso.3.6.1.2.1.123.1.4.1.14.6.6 = Hes-STRING: 80
iso.3.6.1.2.1.123.1.4.1.14.8.7 = Hex-SSTRING: 10
iso.3.6.1.2.1.123.1.4.1.14.8.8 = STRING: " "

The values that are of interest are Hex-STRING: 10 and Hex-STRING: 80
which are for TCP and UDP respectively.

6. The actual number of ports used for each public IP address can be derived from OID
iso.3.6.1.2.1.123.1.4.1.19.x.y

In our case the output would be
iso.3.6.1.2.1.123.1.4.1.19.14.1 = Gauge32: 2521
iso.3.6.1.2.1.123.1.4.1.19.14.2 = Gauge32: 1026
iso.3.6.1.2.1.123.1.4.1.19.14.3 = Gauge32: 6
iso.3.6.1.2.1.123.1.4.1.19.14.4 = Gauge32: 9
iso.3.6.1.2.1.123.1.4.1.19.14.5 = Gauge32: 1
iso.3.6.1.2.1.123.1.4.1.19.14.6 = Gauge32: 7785
iso.3.6.1.2.1.123.1.4.1.19.14.7 = Gauge32: 13248
iso.3.6.1.2.1.123.1.4.1.19.14.8 = Gauge32: 4

What we are trying to do is create a template that can take all of the above information correlate them and produce a graph for each identified Public IP Address.

From my newbie way of thinking one should first obtain the configured public IP addresses through
OID iso.3.6.1.2.1.123.1.4.1.12.x.y group them together in regard to the produced HEX value.
Then read OIDs iso.3.6.1.2.1.123.1.4.1.15.x.y in order to obtain the relevant type of translation used for the graph
e.g. TCP and UDP.

And finally graph the relevant values from OID iso.3.6.1.2.1.123.1.4.1.19.x.y with the stated max values derived subtraction
from OIDs iso.3.6.1.2.1.123.1.4.1.11.x.y and iso.3.6.1.2.1.123.1.4.1.12.x.y.

Is there anyone who can produce this via a scripted-snmp query or whatever mean is available from CACTI and graph this utilization?

We are very experienced with CISCO products and can help you with any configuration or information needed from the network side, but unfortunately system/coding side is not our strong point.

Thank you all and sorry to trouble you with this big request.

[undeaddemon]

Man... this would be AWESOME... !
bumpity bump bump..

[BR92056]

Bump