Page MenuHomePhabricator
Create Task
Maniphest T252630

LibreNMS monitoring glitch caused paging
Closed, ResolvedPublic
Actions

Description

The monitoring glitch showed in https://librenms.wikimedia.org/graphs/to=1589328000/id=19265/type=port_bits/from=1589320800/

Caused the following faulty alert in LibreNMS:

Alert for device asw2-esams.mgmt.esams.wmnet - Primary outbound port utilisation over 80%  #page
Device Name: asw2-esams.mgmt.esams.wmnet
Severity: critical
Timestamp: 2020-05-12 23:10:55
Rule:  Primary outbound port utilisation over 80%  #page
Physical Interface: ae2
Interface Description: Core: cr2-esams:ae1
Interface Speed: 80 Gbs
Inbound Utilization: 5.43847256
Outbound Utilization: 395288.13516505

The alert stayed active for 10min:

  1. t=0 device is pulled: alert triggered
  2. t=5 device is pulled: no recoveries
  3. t=10 device is pulled: recoveries

This was enough to trigger the related Icinga alert.

My guess is a bug in asw2-esams SNMP daemon (see also all the VCPs)

As:

  • A switch stack upgrade (especially in esams) is a heavy operation (requires site depool), see T252631
  • Implementing a safeguard in LibreNMS' code is time consuming (if doable)

We can either live with it until the upgrade (low probability of pages, no operational impact), or find a workaround.
For example:

  • Split the Primary outbound port utilisation over 80% alert in two, one that pages (for CRs) and one that alerts normally (for everything else)

I don't think a LibreNMS upgrade would have helped, but doesn't hurt. See T251222.

Related Objects

Event Timeline

ayounsi triaged this task as Medium priority.May 13 2020, 9:37 AM
ayounsi created this task.
Restricted Application added a project: SRE. · View Herald TranscriptMay 13 2020, 9:37 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
ayounsi mentioned this in T252631: Upgrade Junos on asw2-esams.May 13 2020, 9:39 AM
ayounsi updated the task description. (Show Details)
CDanis added a comment.EditedJul 12 2020, 2:04 AM

This happened again just now.

Something else we could do as a temporary mitigation is just accept a longer time-to-page in legitimate incidents and increase retries to require 15 minutes before a page. Or (Arzhel's suggestion) configure the LibreNMS alert to also require <101% utilization to be an alert.

ayounsi added a comment.Jul 15 2020, 7:50 AM

I added an extra condition to the inbound and outbound alerts to trigger: usage needs to be < 150%. Which is way bellow the crazy % we saw when the bug happens.

This should mitigates this specific issue until the switch stack gets upgraded.

fgiunchedi moved this task from Inbox to Backlog on the observability board.Jul 20 2020, 1:10 PM
ayounsi closed this task as Resolved.Aug 21 2020, 9:16 AM
ayounsi claimed this task.

With the mitigation and the task to upgrade the router it's fine to close that one.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL