NNMi Cisco ASA behaviour affecting the status of nodes
I hope you have the patience to read my whole posting 😉
My client has had the following problem for a while: NNMi 9.x (they have experienced it both with 9.01 and 9.11) on Windows much too often misses that nodes come back up after an outage. They have i.e. stayed red long after they are actually back up again. When they run a manual poll in the GUI, it times out. BUT when they run nnmsnmpwalk.ovpl from the command line, it all works ok! Restarting the NNMi processes has always fixed the issue.
Now they have had a network/FW expert here, and it *seems* that it is a Cisco ASA 5510 device that has been the cause of the problems. The ASA device resides somewhere between the NNMi network and many of the network devices that are being monitored. The ASA runs OSPF to provide routes to the various network devices. According to the networking guy, the following seems to have happened: If a route towards a particular node/network has gone down, the ASA has sent NNMi's packages towards its default gateway instead. This gateway is never able to reach the devices in question, so they have then become Red in NNMi, which is as expected. When the route comes back in to the ASA,however, it still sends NNMi's packages towards its default GW, and it keeps on doing so until NNMi shuts up for at least 2 minutes.. Which it never does.. So to NNMi the affected nodes therefore never come back up again.
It is strange, though, the nnmsnmpwalk.ovpl has worked, but not NNMi's scheduled polls or a manual poll started in the console. But today we tried to set one of the nodes in question as unmanaged, waited for more than 2 minutes, then set it to managed again, and voila - it became green.
My client cannot be the only ones experiencing this, can they? The networking expert has now reduced that interval in the ASA to 1 minutes, which is apparently the lowest configurable setting. But how do those of you with such ASA devices deal with this problem?
This is btw the background info. for my recent posting about how often NNMi polls nodes that are down..