Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,000 --> 00:00:03,000 Before 2 00:00:11,040 --> 00:00:17,279 we start, I think I owe you a little bit 3 00:00:14,000 --> 00:00:20,320 of some uh introduction of who I'm 4 00:00:17,279 --> 00:00:23,439 actually am to be sitting here and 5 00:00:20,320 --> 00:00:27,519 talking for two hours about Isab uh more 6 00:00:23,439 --> 00:00:30,000 specifically about uh SNMP and SNMP 7 00:00:27,519 --> 00:00:33,440 traps in Isabic. I guess for those like 8 00:00:30,000 --> 00:00:35,280 who know me probably you saw me in in 9 00:00:33,440 --> 00:00:38,079 YouTube in all sort of different videos 10 00:00:35,280 --> 00:00:39,840 about the zabics that's how most of the 11 00:00:38,079 --> 00:00:41,760 community actually found out about me 12 00:00:39,840 --> 00:00:43,440 like 7 years ago I started a YouTube 13 00:00:41,760 --> 00:00:45,920 channel designated for all sort of 14 00:00:43,440 --> 00:00:49,360 zabics tutorials at this point we have 15 00:00:45,920 --> 00:00:51,039 something around likeund and uh I guess 16 00:00:49,360 --> 00:00:54,160 55ish 17 00:00:51,039 --> 00:00:55,760 videos about zabics and uh at the end of 18 00:00:54,160 --> 00:00:57,760 this presentation I'm also going to 19 00:00:55,760 --> 00:01:00,160 share like the channel itself and and 20 00:00:57,760 --> 00:01:02,239 the links to to the playlists for the 21 00:01:00,160 --> 00:01:04,799 Zavix tutorial. 22 00:01:02,239 --> 00:01:06,880 Um, long story short also happens to be 23 00:01:04,799 --> 00:01:09,680 like where this knowledge comes from. 24 00:01:06,880 --> 00:01:12,560 Um, not just from my own personal usage 25 00:01:09,680 --> 00:01:15,280 of Zabix and monitoring. Um, happens to 26 00:01:12,560 --> 00:01:18,720 be that I also worked in a Zavix company 27 00:01:15,280 --> 00:01:21,680 uh itself for uh basically 9 years close 28 00:01:18,720 --> 00:01:26,159 to that. I did start as a support 29 00:01:21,680 --> 00:01:28,960 engineer. Um learned a lot about concept 30 00:01:26,159 --> 00:01:30,560 of monitoring about isabics about Linux 31 00:01:28,960 --> 00:01:32,159 about all sort of the different 32 00:01:30,560 --> 00:01:34,960 distributions 33 00:01:32,159 --> 00:01:37,840 databases scripting monitoring types and 34 00:01:34,960 --> 00:01:40,320 so on and so on. Uh eventually gathered 35 00:01:37,840 --> 00:01:42,479 enough knowledge and experience like to 36 00:01:40,320 --> 00:01:46,240 deliver some turnkey solutions to the 37 00:01:42,479 --> 00:01:49,040 customers all over the globe. um also 38 00:01:46,240 --> 00:01:51,520 did uh a lot of the trainings. uh 39 00:01:49,040 --> 00:01:55,360 proudly can say that I deliver the 40 00:01:51,520 --> 00:01:58,399 trainings for many uh existing trainers 41 00:01:55,360 --> 00:02:02,079 uh that are out there uh right now which 42 00:01:58,399 --> 00:02:04,880 which is awesome and uh so yeah overall 43 00:02:02,079 --> 00:02:08,000 it was like amazing journey um in in the 44 00:02:04,880 --> 00:02:10,399 Zabics in the monitoring sphere and uh 45 00:02:08,000 --> 00:02:12,720 over those years I gathered quite a lot 46 00:02:10,399 --> 00:02:16,239 of experience and and knowledge about 47 00:02:12,720 --> 00:02:19,040 all of these things which kind of makes 48 00:02:16,239 --> 00:02:21,280 me uh comfortable enough to sit here in 49 00:02:19,040 --> 00:02:23,680 front of you and talk about uh 50 00:02:21,280 --> 00:02:25,760 interesting topics. I'm going to move 51 00:02:23,680 --> 00:02:28,239 the Paul results away just to not 52 00:02:25,760 --> 00:02:31,200 confuse anyone. And as you know already 53 00:02:28,239 --> 00:02:35,760 like the topic today is SNMP and SNMP 54 00:02:31,200 --> 00:02:37,360 traps in the Zavix 7.0 which is in my 55 00:02:35,760 --> 00:02:40,560 opinion like let me move to the next 56 00:02:37,360 --> 00:02:42,560 slide to at least have uh some some 57 00:02:40,560 --> 00:02:44,879 movement here on the screen. In my 58 00:02:42,560 --> 00:02:47,120 opinion, it could be like one of the 59 00:02:44,879 --> 00:02:49,120 most 60 00:02:47,120 --> 00:02:52,720 I I don't want to say like complicated, 61 00:02:49,120 --> 00:02:56,959 but most needed topics that people 62 00:02:52,720 --> 00:03:00,959 usually seek questions about because 63 00:02:56,959 --> 00:03:04,720 what SNMP monitoring essentially means 64 00:03:00,959 --> 00:03:08,239 is simple network management protocol 65 00:03:04,720 --> 00:03:12,000 that was that's what SNMP stands for. 66 00:03:08,239 --> 00:03:14,239 But uh in a simple word saying we talk 67 00:03:12,000 --> 00:03:17,360 about SNMP 68 00:03:14,239 --> 00:03:20,239 every time when we're thinking about 69 00:03:17,360 --> 00:03:22,959 monitoring of some network devices and 70 00:03:20,239 --> 00:03:26,319 happens to be that like again over all 71 00:03:22,959 --> 00:03:28,640 those years of experience um going to 72 00:03:26,319 --> 00:03:32,519 all sort of different exhibitions and 73 00:03:28,640 --> 00:03:32,519 conferences about Isab 74 00:03:36,640 --> 00:03:41,280 is it's the software which is like for 75 00:03:38,799 --> 00:03:43,280 the network monitoring. And you guys 76 00:03:41,280 --> 00:03:46,080 probably already know that the Zavix can 77 00:03:43,280 --> 00:03:48,879 do like much more than just the network 78 00:03:46,080 --> 00:03:50,640 monitoring. But for many people 79 00:03:48,879 --> 00:03:53,920 monitoring is all around the network 80 00:03:50,640 --> 00:04:00,159 stuff because you can have some sort of 81 00:03:53,920 --> 00:04:03,120 the um company or or or business or some 82 00:04:00,159 --> 00:04:05,920 setup building whatever let's say 83 00:04:03,120 --> 00:04:08,640 without AWS setup or without a docker 84 00:04:05,920 --> 00:04:10,799 setup or without posgress database that 85 00:04:08,640 --> 00:04:12,560 you would want to monitor but it's very 86 00:04:10,799 --> 00:04:15,920 rarely when you will have some sort of 87 00:04:12,560 --> 00:04:18,799 the setup without a single network 88 00:04:15,920 --> 00:04:21,199 device and all of the network devices 89 00:04:18,799 --> 00:04:22,880 usually have a big impact on our 90 00:04:21,199 --> 00:04:25,040 environment. Like we are getting 91 00:04:22,880 --> 00:04:28,800 internet access from those network 92 00:04:25,040 --> 00:04:30,800 devices which means that uh any outage 93 00:04:28,800 --> 00:04:33,199 of our network device which also means 94 00:04:30,800 --> 00:04:36,080 the outage of the internet would 95 00:04:33,199 --> 00:04:37,840 directly impact um output of our 96 00:04:36,080 --> 00:04:40,479 business potentially would lose some 97 00:04:37,840 --> 00:04:44,000 money. So that is always very important 98 00:04:40,479 --> 00:04:48,000 and and we worry a lot about it which 99 00:04:44,000 --> 00:04:52,320 makes us wanting to like monitor all of 100 00:04:48,000 --> 00:04:53,919 that stuff and uh so SNMP is internet 101 00:04:52,320 --> 00:04:55,759 standard protocol for collecting and 102 00:04:53,919 --> 00:04:58,000 organizing information about a managed 103 00:04:55,759 --> 00:04:59,520 devices on IP networks and for modifying 104 00:04:58,000 --> 00:05:01,680 that information to change device 105 00:04:59,520 --> 00:05:03,520 behavior. modifying like that is 106 00:05:01,680 --> 00:05:05,600 supported with the SNMP that is possible 107 00:05:03,520 --> 00:05:07,759 but in terms of the Zabix we usually 108 00:05:05,600 --> 00:05:09,680 talk about monitoring and devices that 109 00:05:07,759 --> 00:05:12,320 typically support the SNMP include cable 110 00:05:09,680 --> 00:05:14,960 modms routers network switches servers 111 00:05:12,320 --> 00:05:16,560 workstations printers and more and those 112 00:05:14,960 --> 00:05:19,840 are like the ones that we usually think 113 00:05:16,560 --> 00:05:21,199 about but um for some it might be 114 00:05:19,840 --> 00:05:24,960 surprising that you could actually 115 00:05:21,199 --> 00:05:26,880 monitor like uh Windows um server 116 00:05:24,960 --> 00:05:29,120 computer you can monitor a Linux machine 117 00:05:26,880 --> 00:05:31,440 through the SNMP though it's not like 118 00:05:29,120 --> 00:05:33,759 the most popular way how to do that 119 00:05:31,440 --> 00:05:36,080 because there are much more easier and 120 00:05:33,759 --> 00:05:38,560 much more convenient monitoring types. 121 00:05:36,080 --> 00:05:41,520 As example on a Linux you can install 122 00:05:38,560 --> 00:05:43,120 just the Zabix agent and uh most 123 00:05:41,520 --> 00:05:45,440 critical metrics are going to be 124 00:05:43,120 --> 00:05:48,560 accessible for you out of the box. So 125 00:05:45,440 --> 00:05:53,400 there's no reason to over complicate a 126 00:05:48,560 --> 00:05:53,400 setup um with a SNMP. 127 00:05:53,840 --> 00:06:01,039 When we talk about SNMP um we usually 128 00:05:57,280 --> 00:06:04,560 hear about we usually hear like three 129 00:06:01,039 --> 00:06:09,520 different u namings. We have SNMP v1, 130 00:06:04,560 --> 00:06:11,440 SNMP v2 C and SNMP v3. And as you can 131 00:06:09,520 --> 00:06:13,199 tell, as you can imagine, like all of 132 00:06:11,440 --> 00:06:16,720 those three are basically three 133 00:06:13,199 --> 00:06:20,720 different SNMP versions, while SNMP v1 134 00:06:16,720 --> 00:06:24,319 is the first one which was released uh 135 00:06:20,720 --> 00:06:26,880 published in 1988. 136 00:06:24,319 --> 00:06:30,639 That's quite a long time ago, right? I I 137 00:06:26,880 --> 00:06:34,319 was born in 1989. So SNMPv1 was out 138 00:06:30,639 --> 00:06:37,440 there to monitor your um routers and and 139 00:06:34,319 --> 00:06:41,199 modms when I was not even born. um 140 00:06:37,440 --> 00:06:45,360 SNMPv2 which is I would say it's like 141 00:06:41,199 --> 00:06:48,479 the golden standard right now. Um 142 00:06:45,360 --> 00:06:50,639 and uh that's the typical what people 143 00:06:48,479 --> 00:06:53,360 use because it has like a good 144 00:06:50,639 --> 00:06:55,360 compromise of uh supporting all of the 145 00:06:53,360 --> 00:06:57,039 monitoring metrics. We're going to talk 146 00:06:55,360 --> 00:06:59,199 a little bit in the in the next slides 147 00:06:57,039 --> 00:07:04,000 like what's the main differences between 148 00:06:59,199 --> 00:07:07,039 SNPv1 and V2 um and between SNMPv3 which 149 00:07:04,000 --> 00:07:09,520 is the most secure but uh security and 150 00:07:07,039 --> 00:07:12,880 encryption always comes with with some 151 00:07:09,520 --> 00:07:15,440 price of uh performance that you need to 152 00:07:12,880 --> 00:07:18,080 pay because encryption takes some time 153 00:07:15,440 --> 00:07:20,319 to deliver the data right and also 154 00:07:18,080 --> 00:07:23,520 complexity of the setup like if we talk 155 00:07:20,319 --> 00:07:25,599 about SNMPv2 then you just need a 156 00:07:23,520 --> 00:07:28,560 community string paying for SNMP v3 157 00:07:25,599 --> 00:07:32,000 usually for someone who has no 158 00:07:28,560 --> 00:07:33,680 experience of uh SNMP usage and as I 159 00:07:32,000 --> 00:07:36,880 said like it's not the most trivial 160 00:07:33,680 --> 00:07:39,680 topic in uh the monitoring and overall 161 00:07:36,880 --> 00:07:42,479 uh it might be just too complicated to 162 00:07:39,680 --> 00:07:45,440 set up uh monitoring with SNMPv3 because 163 00:07:42,479 --> 00:07:47,759 even creating a users and setting up all 164 00:07:45,440 --> 00:07:50,800 the authentification is a little bit of 165 00:07:47,759 --> 00:07:53,680 a hustle. So naturally people might 166 00:07:50,800 --> 00:07:58,000 think like okay SNMPv1 is old that we 167 00:07:53,680 --> 00:08:00,080 know for sure SNMPv2 is like uh most 168 00:07:58,000 --> 00:08:02,800 popular version of SNMP to monitor 169 00:08:00,080 --> 00:08:05,360 SNMPv3 is secure uh when there's going 170 00:08:02,800 --> 00:08:08,479 to be SNMPv4 and will it bring something 171 00:08:05,360 --> 00:08:11,120 new and uh I've actually like yesterday 172 00:08:08,479 --> 00:08:14,160 preparing for this webinar did some 173 00:08:11,120 --> 00:08:17,199 research about the exact question are 174 00:08:14,160 --> 00:08:20,000 there any plans for SNPv4 and I really 175 00:08:17,199 --> 00:08:24,479 like the responses is that I found that 176 00:08:20,000 --> 00:08:26,400 SNMPv3 is considered complete. It has 177 00:08:24,479 --> 00:08:29,840 everything. It has everything that 178 00:08:26,400 --> 00:08:32,959 people need to monitor network devices, 179 00:08:29,840 --> 00:08:34,800 servers, uh over the over the network, 180 00:08:32,959 --> 00:08:36,640 over the internet and collect all of the 181 00:08:34,800 --> 00:08:39,039 data. It has security. It has 182 00:08:36,640 --> 00:08:41,440 protection. It has all sort of different 183 00:08:39,039 --> 00:08:43,360 abilities to collect hundreds and 184 00:08:41,440 --> 00:08:46,720 thousands of the metrics. So, there's 185 00:08:43,360 --> 00:08:49,200 just no need for SNMPv4. 186 00:08:46,720 --> 00:08:51,279 And uh ultimately 187 00:08:49,200 --> 00:08:54,320 most of the softwares and most of the 188 00:08:51,279 --> 00:08:57,360 systems right now are pushing in front 189 00:08:54,320 --> 00:09:00,399 of the streaming telemetry data and 190 00:08:57,360 --> 00:09:01,920 telemetry data is something that uh if 191 00:09:00,399 --> 00:09:03,680 you are researching some sort of the 192 00:09:01,920 --> 00:09:07,040 monitoring you definitely heard about 193 00:09:03,680 --> 00:09:09,279 it. Um a lot of the monitoring tools are 194 00:09:07,040 --> 00:09:11,680 uh using telemetry as their like 195 00:09:09,279 --> 00:09:13,839 flagship feature for for the marketing 196 00:09:11,680 --> 00:09:16,399 and advertising that hey we do support a 197 00:09:13,839 --> 00:09:19,760 telemetry and uh interesting to know 198 00:09:16,399 --> 00:09:24,080 that also like uh Zabex uh goes in the 199 00:09:19,760 --> 00:09:27,200 same direction and um like well we 200 00:09:24,080 --> 00:09:30,240 cannot tell for sure until it is really 201 00:09:27,200 --> 00:09:33,040 released but at least uh everything 202 00:09:30,240 --> 00:09:34,320 including the road map evidences that in 203 00:09:33,040 --> 00:09:37,760 a Zavix 204 00:09:34,320 --> 00:09:41,360 8.0 uh we're going to have uh telemetry 205 00:09:37,760 --> 00:09:44,640 monitoring uh support within a zabix. So 206 00:09:41,360 --> 00:09:48,800 that's going to be a good thing. How 207 00:09:44,640 --> 00:09:54,399 SNMP actually works? SNMP agent checks 208 00:09:48,800 --> 00:09:56,240 UDP port 161. So what do we know about 209 00:09:54,399 --> 00:09:59,360 uh UDP? 210 00:09:56,240 --> 00:10:03,839 alternative is like TCP and in case of 211 00:09:59,360 --> 00:10:06,959 UDP we can lose the data and that's fine 212 00:10:03,839 --> 00:10:08,880 we don't really care about it so much 213 00:10:06,959 --> 00:10:11,680 that's how the standard works and 214 00:10:08,880 --> 00:10:13,680 basically there are two key principles 215 00:10:11,680 --> 00:10:16,800 and key ways how we could collect the 216 00:10:13,680 --> 00:10:21,440 data when we talk about SNMP agent that 217 00:10:16,800 --> 00:10:26,000 includes all three SNMP v1 SNMP2C and 218 00:10:21,440 --> 00:10:29,839 SNMP v3 as well um that goes on a port 219 00:10:26,000 --> 00:10:32,320 UDP 161. Basically in this case like if 220 00:10:29,839 --> 00:10:35,440 we're talking about a zabic server then 221 00:10:32,320 --> 00:10:40,720 we have zabic server which makes request 222 00:10:35,440 --> 00:10:44,320 over SNMP UDP port 161 to let's say some 223 00:10:40,720 --> 00:10:47,760 um network device requests the data 224 00:10:44,320 --> 00:10:50,959 which could be let's say um incoming 225 00:10:47,760 --> 00:10:53,040 traffic on Ethernet one or CPU load of 226 00:10:50,959 --> 00:10:55,200 the device or the memory usage or 227 00:10:53,040 --> 00:10:56,959 operational status of the port like 228 00:10:55,200 --> 00:11:00,480 there's really a lot of the metrics that 229 00:10:56,959 --> 00:11:03,040 we can collect and device responds with 230 00:11:00,480 --> 00:11:06,399 the actual metric. 231 00:11:03,040 --> 00:11:08,720 in terms of like how do I know what do I 232 00:11:06,399 --> 00:11:10,480 actually request and how do I request 233 00:11:08,720 --> 00:11:11,920 that like when we talk about isabics 234 00:11:10,480 --> 00:11:13,760 agent monitoring it's mostly 235 00:11:11,920 --> 00:11:16,959 straightforward like you don't need to 236 00:11:13,760 --> 00:11:19,040 have a deep understand understanding and 237 00:11:16,959 --> 00:11:21,040 a deep knowledge of the things you 238 00:11:19,040 --> 00:11:22,800 install agent as example you open 239 00:11:21,040 --> 00:11:24,399 documentation look for the supported 240 00:11:22,800 --> 00:11:26,800 items and they're kind of 241 00:11:24,399 --> 00:11:29,360 self-explanatory right you just look 242 00:11:26,800 --> 00:11:33,920 through the table and you see like oh 243 00:11:29,360 --> 00:11:35,440 there is a key system CPU dot load. Do 244 00:11:33,920 --> 00:11:38,240 you need more information to understand 245 00:11:35,440 --> 00:11:39,600 what this metric is? Probably not. You 246 00:11:38,240 --> 00:11:42,000 understand that we're talking about a 247 00:11:39,600 --> 00:11:44,240 CPU. With SNMP, it's a bit more 248 00:11:42,000 --> 00:11:47,519 difficult. And I guess that's the main 249 00:11:44,240 --> 00:11:50,160 confusion. Uh why 250 00:11:47,519 --> 00:11:52,320 so often SNMP is so difficult for many 251 00:11:50,160 --> 00:11:54,880 people because 252 00:11:52,320 --> 00:12:00,680 in SNMP we do the monitoring based on 253 00:11:54,880 --> 00:12:00,680 oid which is like this syntax of.13.6 254 00:12:01,279 --> 00:12:09,440 six and sometimes this string is like 20 255 00:12:05,600 --> 00:12:11,600 30 different numbers w with the dots in 256 00:12:09,440 --> 00:12:14,560 between them and each of those numbers 257 00:12:11,600 --> 00:12:17,440 each of those oids actually references 258 00:12:14,560 --> 00:12:19,760 some specific metric some specific data 259 00:12:17,440 --> 00:12:23,279 type later again we're going to talk 260 00:12:19,760 --> 00:12:25,680 about uh how can we understand what they 261 00:12:23,279 --> 00:12:28,079 are what's the structure and and how to 262 00:12:25,680 --> 00:12:32,000 work with all of that but alternatively 263 00:12:28,079 --> 00:12:34,880 to SNMP agent checks when our Zabix 264 00:12:32,000 --> 00:12:37,440 server SNMP polar as example or the 265 00:12:34,880 --> 00:12:40,079 regular polar connect to the network 266 00:12:37,440 --> 00:12:42,079 device and request the data receives the 267 00:12:40,079 --> 00:12:45,760 response. There are also such things 268 00:12:42,079 --> 00:12:47,839 about like SNMP traps and uh the 269 00:12:45,760 --> 00:12:52,240 difference is 270 00:12:47,839 --> 00:12:56,399 SNMP agent is uh monitoring all the time 271 00:12:52,240 --> 00:12:58,560 like uh operational status up or down. 272 00:12:56,399 --> 00:13:01,839 We might be monitoring this specific 273 00:12:58,560 --> 00:13:04,240 port or all ports on our device and uh 274 00:13:01,839 --> 00:13:06,079 even if status is okay, we are still 275 00:13:04,240 --> 00:13:08,959 collecting the data. We're just checking 276 00:13:06,079 --> 00:13:11,519 every 10 seconds status okay, status 277 00:13:08,959 --> 00:13:14,959 okay, status okay, everything is fine. 278 00:13:11,519 --> 00:13:17,920 So SNMP trap work differently. They work 279 00:13:14,959 --> 00:13:20,480 on some specific event that happens on a 280 00:13:17,920 --> 00:13:23,600 device. So let's say on a device we can 281 00:13:20,480 --> 00:13:27,600 configure that hey when operational 282 00:13:23,600 --> 00:13:30,240 status of this port goes to down I want 283 00:13:27,600 --> 00:13:33,519 to send a trap and only then if it's up 284 00:13:30,240 --> 00:13:36,480 I don't care so I will receive something 285 00:13:33,519 --> 00:13:39,360 in my monitoring server in Zabix only 286 00:13:36,480 --> 00:13:41,600 some if something is going to go off and 287 00:13:39,360 --> 00:13:43,279 a good thing for you guys that like in 288 00:13:41,600 --> 00:13:46,399 this webinar we're going to talk about 289 00:13:43,279 --> 00:13:48,160 both of these SNMP agents and also SNMP 290 00:13:46,399 --> 00:13:51,120 traps and I think also important to 291 00:13:48,160 --> 00:13:54,160 mention like uh both of these 292 00:13:51,120 --> 00:13:56,240 configuration is done not only on a 293 00:13:54,160 --> 00:14:00,079 Zabic server you're also going to need 294 00:13:56,240 --> 00:14:02,240 some input from uh network devices and 295 00:14:00,079 --> 00:14:05,199 for whole of this webinar when we talk 296 00:14:02,240 --> 00:14:08,240 about SNMP I'm going to focus more like 297 00:14:05,199 --> 00:14:10,399 on uh network devices right routers 298 00:14:08,240 --> 00:14:13,120 Cisco microte 299 00:14:10,399 --> 00:14:15,440 ubiquity uh you name it right because 300 00:14:13,120 --> 00:14:18,480 those are the most popular ones like 301 00:14:15,440 --> 00:14:20,480 Windows Linux is also an option but uh 302 00:14:18,480 --> 00:14:22,399 not not not so popular as a network 303 00:14:20,480 --> 00:14:24,560 devices. So you would need some 304 00:14:22,399 --> 00:14:27,600 configuration and preparation on the 305 00:14:24,560 --> 00:14:30,320 network device as well which means that 306 00:14:27,600 --> 00:14:33,440 uh if you're started to work in some 307 00:14:30,320 --> 00:14:36,880 company as uh Zavix monitoring engineer 308 00:14:33,440 --> 00:14:40,000 and you get uh a task that uh hey we're 309 00:14:36,880 --> 00:14:42,240 just onboarding our Zabix uh in in in 310 00:14:40,000 --> 00:14:45,360 our office in our business and you need 311 00:14:42,240 --> 00:14:48,000 to set up monitoring of all our network 312 00:14:45,360 --> 00:14:49,440 stuff. you're going to need access to to 313 00:14:48,000 --> 00:14:52,000 that network stuff or you're going to 314 00:14:49,440 --> 00:14:55,040 need someone who has access because you 315 00:14:52,000 --> 00:14:58,160 will have to go to each of the devices 316 00:14:55,040 --> 00:15:00,880 enable SNMP monitoring choose the 317 00:14:58,160 --> 00:15:03,600 version. If you want to go with a 318 00:15:00,880 --> 00:15:05,199 version two, you will need to specify 319 00:15:03,600 --> 00:15:07,120 community name which is going to be used 320 00:15:05,199 --> 00:15:09,440 for authentification. If you're going to 321 00:15:07,120 --> 00:15:12,160 use this in a PV3, you're going to uh 322 00:15:09,440 --> 00:15:14,880 need to create a users and also make 323 00:15:12,160 --> 00:15:18,639 sure that some other parameters as 324 00:15:14,880 --> 00:15:21,199 engine ID are set correctly. So when we 325 00:15:18,639 --> 00:15:25,360 know like how the communication actually 326 00:15:21,199 --> 00:15:29,160 happens. Um let me actually try to also 327 00:15:25,360 --> 00:15:29,160 where do we have here? 328 00:15:30,880 --> 00:15:34,880 Okay, I'll try to find it later. I 329 00:15:32,560 --> 00:15:39,040 wanted to get a Q&A section but never 330 00:15:34,880 --> 00:15:42,959 mind. Um, a bit more on SNMP versions 331 00:15:39,040 --> 00:15:45,920 like the the theory the the plain raw 332 00:15:42,959 --> 00:15:51,839 data SNMP version one uh applies with 333 00:15:45,920 --> 00:15:54,800 RFC uh 1213 released in 1988. Plain text 334 00:15:51,839 --> 00:15:57,600 community string uh so community string 335 00:15:54,800 --> 00:15:59,839 is used for authentification. That's 336 00:15:57,600 --> 00:16:01,199 just going to be like one word or or 337 00:15:59,839 --> 00:16:04,320 something like that. Just some sort of 338 00:16:01,199 --> 00:16:07,120 the string uh that we're going to use to 339 00:16:04,320 --> 00:16:10,880 authenticate end to end that make sure 340 00:16:07,120 --> 00:16:13,680 that our router authentificates with our 341 00:16:10,880 --> 00:16:15,920 zabix they have community string which 342 00:16:13,680 --> 00:16:17,920 matches and then we are allowed to do 343 00:16:15,920 --> 00:16:20,560 the monitoring. The biggest problem with 344 00:16:17,920 --> 00:16:24,480 the 7PV1 probably is that because it is 345 00:16:20,560 --> 00:16:28,000 so old um it supports only 32bit 346 00:16:24,480 --> 00:16:30,480 counters. And uh if right now like 32bit 347 00:16:28,000 --> 00:16:33,279 counter sounds like what are you even 348 00:16:30,480 --> 00:16:34,880 talking about? What does it mean? Wait 349 00:16:33,279 --> 00:16:36,959 for the next slide. We're going to have 350 00:16:34,880 --> 00:16:40,560 the real example of what's the 351 00:16:36,959 --> 00:16:44,639 difference. Um the golden standard SNMP 352 00:16:40,560 --> 00:16:48,240 version 2C uh supplies with RFC 1441 uh 353 00:16:44,639 --> 00:16:50,320 released in 93. Um, so a bit younger, 354 00:16:48,240 --> 00:16:52,800 right? Uh, same plain text community 355 00:16:50,320 --> 00:16:56,160 string adds a support for 64-bit 356 00:16:52,800 --> 00:16:59,440 counters, which allows it to still 357 00:16:56,160 --> 00:17:02,320 successfully work with uh everything 358 00:16:59,440 --> 00:17:04,720 modern um like internet connections and 359 00:17:02,320 --> 00:17:08,400 most importantly internet speeds that 360 00:17:04,720 --> 00:17:11,280 are more common um to nowadays than they 361 00:17:08,400 --> 00:17:15,439 were in uh 1988. 362 00:17:11,280 --> 00:17:17,760 introduces getbulk command which is uh a 363 00:17:15,439 --> 00:17:20,400 more efficient way how to get like a lot 364 00:17:17,760 --> 00:17:23,120 of the data from the device at once 365 00:17:20,400 --> 00:17:26,319 because as I said like we cover just 366 00:17:23,120 --> 00:17:28,640 small examples of uh operational status 367 00:17:26,319 --> 00:17:31,440 of the port or or description of the 368 00:17:28,640 --> 00:17:34,640 port or incoming traffic but imagine if 369 00:17:31,440 --> 00:17:37,039 we talk about like 20 port device and on 370 00:17:34,640 --> 00:17:40,080 each port you have like around 12 371 00:17:37,039 --> 00:17:43,280 different metrics and multiply that with 372 00:17:40,080 --> 00:17:46,640 a 20 ports plus additionally you might 373 00:17:43,280 --> 00:17:50,320 have hundreds of different metrics like 374 00:17:46,640 --> 00:17:51,919 uh some VPN statuses uh BGP and and all 375 00:17:50,320 --> 00:17:54,720 sort of that stuff. So we're actually 376 00:17:51,919 --> 00:17:57,520 talking about quite a lot of metrics 377 00:17:54,720 --> 00:18:01,600 that can even reach thousands and 378 00:17:57,520 --> 00:18:04,400 collecting all that data one by one um 379 00:18:01,600 --> 00:18:08,240 even despite like being possible in 380 00:18:04,400 --> 00:18:10,080 theory is often not efficient. So we we 381 00:18:08,240 --> 00:18:13,679 need to deal with all sort of things 382 00:18:10,080 --> 00:18:18,400 that allows us to gather the data in 383 00:18:13,679 --> 00:18:20,960 bulk. And then SNMP version 3 RFC 2570 384 00:18:18,400 --> 00:18:23,440 released in 1999 385 00:18:20,960 --> 00:18:26,080 adds authentification, adds encryption, 386 00:18:23,440 --> 00:18:29,120 improved error reporting and reliability 387 00:18:26,080 --> 00:18:33,039 and adds multiple SNMP contexts. So 388 00:18:29,120 --> 00:18:36,960 SNMPv3 is basically designated to have 389 00:18:33,039 --> 00:18:39,280 um a better security. So for those 390 00:18:36,960 --> 00:18:41,200 companies, businesses, environments and 391 00:18:39,280 --> 00:18:43,919 uh different use cases when you really 392 00:18:41,200 --> 00:18:46,480 care about uh security and privacy and 393 00:18:43,919 --> 00:18:49,840 making sure that nothing bad can happen 394 00:18:46,480 --> 00:18:51,600 uh in between of your monitoring 395 00:18:49,840 --> 00:18:54,559 uh setup and the device that you are 396 00:18:51,600 --> 00:18:57,600 monitoring, you probably want to choose 397 00:18:54,559 --> 00:18:59,760 SNMPv3. Although, as I said, it's going 398 00:18:57,600 --> 00:19:02,400 to be a little bit more complicated 399 00:18:59,760 --> 00:19:03,919 journey to set everything up. And uh 400 00:19:02,400 --> 00:19:06,960 it's also going to be a little bit 401 00:19:03,919 --> 00:19:11,120 easier to make some mistakes that can 402 00:19:06,960 --> 00:19:13,840 potentially cause you um spending some 403 00:19:11,120 --> 00:19:17,039 time, hours or even days to troubleshoot 404 00:19:13,840 --> 00:19:19,679 and understand what happened in case if 405 00:19:17,039 --> 00:19:21,520 you don't know all the specifics 406 00:19:19,679 --> 00:19:24,320 and uh things that you need to keep in 407 00:19:21,520 --> 00:19:26,160 mind when you are working with SNMP SNMP 408 00:19:24,320 --> 00:19:29,360 which is exactly what we're going to try 409 00:19:26,160 --> 00:19:32,880 to cover here today. and uh going in a 410 00:19:29,360 --> 00:19:37,440 bit more details like 32bit versus 64 411 00:19:32,880 --> 00:19:40,240 bits. So, SNP v1 versus uh V2 and V3. 412 00:19:37,440 --> 00:19:42,000 The shift from one to other in SNMP is 413 00:19:40,240 --> 00:19:45,120 primarily about preventing counter 414 00:19:42,000 --> 00:19:47,760 rollovers or also sometimes called as 415 00:19:45,120 --> 00:19:50,480 counter overflow on high-speed 416 00:19:47,760 --> 00:19:54,880 interfaces. And here is example the 417 00:19:50,480 --> 00:20:00,000 traffic volume 10 gigs is roughly 1.25 418 00:19:54,880 --> 00:20:02,559 25 GB per second. 32bit limit is this 419 00:20:00,000 --> 00:20:06,960 crazy number of the bytes which is appro 420 00:20:02,559 --> 00:20:11,440 approximately 4.3 GB rollover time at 421 00:20:06,960 --> 00:20:14,400 this speed of the internet which is like 422 00:20:11,440 --> 00:20:16,640 nothing big right now for for for 423 00:20:14,400 --> 00:20:19,440 current time it's like nothing big. 424 00:20:16,640 --> 00:20:23,919 32bit counter will hit its limit and 425 00:20:19,440 --> 00:20:26,880 reset every 3.4 4 seconds. Which means 426 00:20:23,919 --> 00:20:31,120 that like if we would be monitoring 427 00:20:26,880 --> 00:20:33,919 um this link with a zabix with 32bit 428 00:20:31,120 --> 00:20:36,799 counters uh we would just get some sort 429 00:20:33,919 --> 00:20:39,520 of the graphic uh which let's say gives 430 00:20:36,799 --> 00:20:42,080 us uh incoming speed outgoing speed or 431 00:20:39,520 --> 00:20:44,159 something like that. And every 3.4 432 00:20:42,080 --> 00:20:47,520 seconds we would have some sort of the 433 00:20:44,159 --> 00:20:50,000 drop down. That would be the time when 434 00:20:47,520 --> 00:20:54,000 uh the counter actually overflows. And 435 00:20:50,000 --> 00:20:57,679 to fix that the solution is like 64-bit 436 00:20:54,000 --> 00:21:02,880 uh counter. Uh it's also different 437 00:20:57,679 --> 00:21:06,559 in terms of uh oid that you monitor. So 438 00:21:02,880 --> 00:21:09,840 the actual identifier of the metric. I 439 00:21:06,559 --> 00:21:14,400 previously mentioned that we have like.1 440 00:21:09,840 --> 00:21:16,960 3.6 and so on and so on and so on. Um, 441 00:21:14,400 --> 00:21:20,480 I think it's time for me to actually 442 00:21:16,960 --> 00:21:23,840 bring up the terminal and show something 443 00:21:20,480 --> 00:21:28,679 uh something real. 444 00:21:23,840 --> 00:21:28,679 Give me a second. Uh, 445 00:21:31,440 --> 00:21:34,919 yeah. So 446 00:21:35,280 --> 00:21:40,880 what I was saying um we have 447 00:21:39,360 --> 00:21:44,480 this 448 00:21:40,880 --> 00:21:48,559 oid which let's say 449 00:21:44,480 --> 00:21:50,880 um yeah this would be the numerical way 450 00:21:48,559 --> 00:21:55,039 right the oid that I was talking about 451 00:21:50,880 --> 00:21:56,960 1312 4 114 where people will usually 452 00:21:55,039 --> 00:21:59,440 look at it and not understand what it 453 00:21:56,960 --> 00:22:03,840 actually means but if you have a mid 454 00:21:59,440 --> 00:22:07,120 files which are like a libraries of 455 00:22:03,840 --> 00:22:09,679 these identifier and next to them having 456 00:22:07,120 --> 00:22:14,240 a bunch of information of like what this 457 00:22:09,679 --> 00:22:15,840 number actually means. Um then we see 458 00:22:14,240 --> 00:22:18,720 this 459 00:22:15,840 --> 00:22:21,360 as this with the actual textual 460 00:22:18,720 --> 00:22:24,080 information and index in the end which 461 00:22:21,360 --> 00:22:26,640 allows us to more easily perceive. So 462 00:22:24,080 --> 00:22:29,200 the point that I'm trying to make is 463 00:22:26,640 --> 00:22:33,360 that here I have as examples listed 464 00:22:29,200 --> 00:22:36,799 32bit counter if in octets which is the 465 00:22:33,360 --> 00:22:41,039 translated oid name. You can monitor if 466 00:22:36,799 --> 00:22:47,440 in octets and you have a 64bit counter 467 00:22:41,039 --> 00:22:51,600 if HC in octets. Right? So each of these 468 00:22:47,440 --> 00:22:56,159 could also be used as some sort of 469 00:22:51,600 --> 00:22:59,200 numerical oid 136121140 470 00:22:56,159 --> 00:23:01,280 whatever it would match for this one. So 471 00:22:59,200 --> 00:23:04,400 basically no matter if you see the 472 00:23:01,280 --> 00:23:06,159 textual representation or the numbers 473 00:23:04,400 --> 00:23:10,400 we're basically talking about same 474 00:23:06,159 --> 00:23:13,280 stuff. This one if we have MIB files, 475 00:23:10,400 --> 00:23:15,840 this one if we don't. And uh what are 476 00:23:13,280 --> 00:23:18,400 actual uh differences between both 477 00:23:15,840 --> 00:23:21,440 cases? Again, we're going to cover um 478 00:23:18,400 --> 00:23:24,080 actually next slide. Uh management 479 00:23:21,440 --> 00:23:26,159 information base, MIB, which is a 480 00:23:24,080 --> 00:23:27,919 management information base, a database 481 00:23:26,159 --> 00:23:30,000 used for managing the entities in the 482 00:23:27,919 --> 00:23:33,840 communication network. It's exactly like 483 00:23:30,000 --> 00:23:36,880 a library to help you understand what 484 00:23:33,840 --> 00:23:41,440 everything is and what each number means 485 00:23:36,880 --> 00:23:43,039 because every time when you get um 486 00:23:41,440 --> 00:23:45,840 uh are you going to explain how to 487 00:23:43,039 --> 00:23:48,240 create a template from a myip file? Not 488 00:23:45,840 --> 00:23:50,000 not directly but I'm going to talk in a 489 00:23:48,240 --> 00:23:52,480 way that you will understand how that 490 00:23:50,000 --> 00:23:54,720 actually works. So every time we are 491 00:23:52,480 --> 00:23:58,240 receiving SNMP 492 00:23:54,720 --> 00:24:00,400 um SNMP data like a bunch of different 493 00:23:58,240 --> 00:24:02,480 oids it's very difficult to understand 494 00:24:00,400 --> 00:24:04,400 what exactly we need to monitor because 495 00:24:02,480 --> 00:24:06,640 we might be talking about hundreds or 496 00:24:04,400 --> 00:24:09,760 even thousands different oids. So 497 00:24:06,640 --> 00:24:13,600 without any knowledge and uh without the 498 00:24:09,760 --> 00:24:15,840 MIBs we might end up just having to use 499 00:24:13,600 --> 00:24:17,919 Google um let's say if we have some 500 00:24:15,840 --> 00:24:22,960 Cisco whatever device you might google 501 00:24:17,919 --> 00:24:25,600 just Cisco uh SNMP oid for the CPU load 502 00:24:22,960 --> 00:24:28,000 but the problem is that very often you 503 00:24:25,600 --> 00:24:30,400 will find something which you it's hard 504 00:24:28,000 --> 00:24:32,960 to verify like you can check that value 505 00:24:30,400 --> 00:24:35,520 through the S&P get or through the zabix 506 00:24:32,960 --> 00:24:37,679 and you will receive some value but uh 507 00:24:35,520 --> 00:24:40,880 there's no guarantee that what you're 508 00:24:37,679 --> 00:24:43,200 getting is actually what you want to get 509 00:24:40,880 --> 00:24:46,159 like um you might be looking for CPU 510 00:24:43,200 --> 00:24:47,919 load but uh the real metric that you are 511 00:24:46,159 --> 00:24:52,559 receiving might be something else that's 512 00:24:47,919 --> 00:24:55,200 why the MIBs are very much um 513 00:24:52,559 --> 00:24:58,000 helping us to determine what is going on 514 00:24:55,200 --> 00:25:00,159 and here is uh RFC definition and some 515 00:24:58,000 --> 00:25:03,520 examples so I previously mentioned this 516 00:25:00,159 --> 00:25:07,919 1 3 6 1 right and basically each of 517 00:25:03,520 --> 00:25:10,240 these oids is like a path to the actual 518 00:25:07,919 --> 00:25:14,880 metric. Here we have everything written 519 00:25:10,240 --> 00:25:17,919 just in one table. So one means or three 520 00:25:14,880 --> 00:25:20,880 means sorry three means org uh six means 521 00:25:17,919 --> 00:25:23,919 dot internet is again one then we have 522 00:25:20,880 --> 00:25:26,320 directory management 2 transmission 523 00:25:23,919 --> 00:25:29,520 experimental private enterprises and so 524 00:25:26,320 --> 00:25:32,559 on. And each of these numbers gets us 525 00:25:29,520 --> 00:25:35,440 somewhere into the tree so that in the 526 00:25:32,559 --> 00:25:38,480 end we can get to the box where we have 527 00:25:35,440 --> 00:25:40,880 our information. as example if we would 528 00:25:38,480 --> 00:25:44,559 be looking for something about the 529 00:25:40,880 --> 00:25:46,880 interfaces the good old um interface 530 00:25:44,559 --> 00:25:49,679 status uh operational status that I 531 00:25:46,880 --> 00:25:52,799 talked about we need to provide this 532 00:25:49,679 --> 00:25:55,760 long oid to actually get to the data 533 00:25:52,799 --> 00:25:57,840 which would for us be like we can our 534 00:25:55,760 --> 00:26:00,480 oid that we're monitoring can start with 535 00:25:57,840 --> 00:26:02,799 a zero but it doesn't bring us anywhere 536 00:26:00,480 --> 00:26:05,919 two also doesn't bring us anywhere so 537 00:26:02,799 --> 00:26:08,919 for us it's going to be 1.36 538 00:26:05,919 --> 00:26:08,919 6.1.2.1 539 00:26:10,080 --> 00:26:16,640 and2 that is going to bring us into the 540 00:26:12,799 --> 00:26:18,720 interfaces and further down like it 541 00:26:16,640 --> 00:26:21,679 doesn't stop here. It just stops here on 542 00:26:18,720 --> 00:26:24,000 the on the slide but actually it goes 543 00:26:21,679 --> 00:26:27,200 much more deeper and under those 544 00:26:24,000 --> 00:26:29,039 interfaces we would have even more data 545 00:26:27,200 --> 00:26:31,120 about all sort of different stuff where 546 00:26:29,039 --> 00:26:33,840 we could also find incoming traffic, 547 00:26:31,120 --> 00:26:36,559 outgoing traffic, operational status and 548 00:26:33,840 --> 00:26:40,000 all of the other stuff. And uh here how 549 00:26:36,559 --> 00:26:42,880 it looks like from just uh different uh 550 00:26:40,000 --> 00:26:46,799 perceptions. So 13612 551 00:26:42,880 --> 00:26:49,600 management MIB system private Cisco 552 00:26:46,799 --> 00:26:54,480 enterprise HP and and so on with the 553 00:26:49,600 --> 00:26:56,720 explanation of like um what each 554 00:26:54,480 --> 00:26:59,520 oid 555 00:26:56,720 --> 00:27:01,919 index each box actually gives us like 556 00:26:59,520 --> 00:27:04,559 system related information as example 557 00:27:01,919 --> 00:27:06,320 device description or uptime interfaces 558 00:27:04,559 --> 00:27:09,120 as I mentioned interface related 559 00:27:06,320 --> 00:27:13,520 information example network interfaces 560 00:27:09,120 --> 00:27:16,559 on the device. Some uh some MIBs and and 561 00:27:13,520 --> 00:27:18,880 oids are vendor specific. As example 562 00:27:16,559 --> 00:27:21,760 here you can see Cisco specific MIB, 563 00:27:18,880 --> 00:27:25,440 Cisco devices, private MIB objects. And 564 00:27:21,760 --> 00:27:27,919 when we talk about the SNMP monitoring, 565 00:27:25,440 --> 00:27:31,840 even if we talk about the Zabix, let me 566 00:27:27,919 --> 00:27:35,200 bring now a little bit of the Zabix on 567 00:27:31,840 --> 00:27:37,440 the screen. Uh there we go. 568 00:27:35,200 --> 00:27:40,159 We have if we talk about the templates 569 00:27:37,440 --> 00:27:42,080 SNMP there's actually a lot of them 570 00:27:40,159 --> 00:27:47,200 right we can see there's something from 571 00:27:42,080 --> 00:27:51,440 brocade Aruba Cisco dealing Dell generic 572 00:27:47,200 --> 00:27:54,399 HP and there are four pages and in total 573 00:27:51,440 --> 00:27:56,559 151 uh different templates for all sort 574 00:27:54,399 --> 00:27:59,039 of different SNMP devices and obviously 575 00:27:56,559 --> 00:28:01,360 like not all of them you can find a lot 576 00:27:59,039 --> 00:28:03,200 uh in the internet and uh there's also 577 00:28:01,360 --> 00:28:04,799 integration page in asabics where you 578 00:28:03,200 --> 00:28:07,279 can find a lot of community made 579 00:28:04,799 --> 00:28:11,279 templates for network devices. But the 580 00:28:07,279 --> 00:28:15,360 thing is that whenever we talk about the 581 00:28:11,279 --> 00:28:18,240 basic data like stuff about interfaces 582 00:28:15,360 --> 00:28:21,520 uh incoming traffic, outgoing traffic, 583 00:28:18,240 --> 00:28:25,679 that stuff is going to work exactly the 584 00:28:21,520 --> 00:28:28,240 same over all sort of different 585 00:28:25,679 --> 00:28:31,919 um different vendors and different 586 00:28:28,240 --> 00:28:36,480 devices. That's why in the zabix we also 587 00:28:31,919 --> 00:28:39,440 have a template generic by SNMP which by 588 00:28:36,480 --> 00:28:41,840 default uh probably this one will be 589 00:28:39,440 --> 00:28:44,960 better network generic device by SNMP 590 00:28:41,840 --> 00:28:48,320 which has 12 items and also discovery 591 00:28:44,960 --> 00:28:50,880 rules that are discovering as example 592 00:28:48,320 --> 00:28:53,440 network interfaces and for each 593 00:28:50,880 --> 00:28:55,360 discovered inter discovered interface 594 00:28:53,440 --> 00:28:59,039 they're going to create an item to 595 00:28:55,360 --> 00:29:01,520 monitor um incoming octets 596 00:28:59,039 --> 00:29:04,799 sent inbuilt packets, interface type, 597 00:29:01,520 --> 00:29:07,200 operational status, uh discarded packets 598 00:29:04,799 --> 00:29:09,840 with errors and and speed. And this is 599 00:29:07,200 --> 00:29:12,559 going to be applicable for any device 600 00:29:09,840 --> 00:29:15,120 may be microte, may it be Cisco again, 601 00:29:12,559 --> 00:29:19,840 ubiquity where where anything else 602 00:29:15,120 --> 00:29:23,039 because they are sharing the same 603 00:29:19,840 --> 00:29:25,520 path and the same MIB that is shared 604 00:29:23,039 --> 00:29:28,559 across all of the devices. But for each 605 00:29:25,520 --> 00:29:31,520 of the vendor there usually also is 606 00:29:28,559 --> 00:29:34,000 something specific and that specific 607 00:29:31,520 --> 00:29:36,559 part is something that we cannot apply 608 00:29:34,000 --> 00:29:40,799 to all of the devices and that's why 609 00:29:36,559 --> 00:29:43,039 sometimes when we have some um if we 610 00:29:40,799 --> 00:29:44,960 have some 611 00:29:43,039 --> 00:29:47,760 requests from the management to set up 612 00:29:44,960 --> 00:29:50,799 the monitoring of Cisco uh some specific 613 00:29:47,760 --> 00:29:52,559 device model whatsoever and uh we don't 614 00:29:50,799 --> 00:29:54,799 know how to create a template so we 615 00:29:52,559 --> 00:29:57,440 search for something in the internet and 616 00:29:54,799 --> 00:29:59,279 we find something which supposedly 617 00:29:57,440 --> 00:30:01,679 matches what we are looking for and then 618 00:29:59,279 --> 00:30:04,480 we import the template in a Zabix and we 619 00:30:01,679 --> 00:30:06,399 see that some items work and those that 620 00:30:04,480 --> 00:30:09,200 are working are probably those that are 621 00:30:06,399 --> 00:30:11,760 common between all sort of uh different 622 00:30:09,200 --> 00:30:13,919 vendors and some items are not supported 623 00:30:11,760 --> 00:30:15,600 because those that are not supported are 624 00:30:13,919 --> 00:30:18,559 most likely made to some specific 625 00:30:15,600 --> 00:30:22,159 vendor, some specific device and uh 626 00:30:18,559 --> 00:30:24,080 might be even also same device but just 627 00:30:22,159 --> 00:30:26,799 uh different versions which also 628 00:30:24,080 --> 00:30:31,679 sometimes happens because like vendors 629 00:30:26,799 --> 00:30:33,760 make also some changes to um SNMP 630 00:30:31,679 --> 00:30:35,200 uh libraries and and some things might 631 00:30:33,760 --> 00:30:38,200 work different in between of the 632 00:30:35,200 --> 00:30:38,200 versions 47776