MG Broadcast Packets

[trilogy8]

I have my MG's onboarded to a 3rd party monitoring platform using basic SNMP. I get daily alerts from this system that there are 1.431655765333E8 broadcast packets per second on Avaya Inc., G450 Media Gateway, SW Version 36.22.0 Router on MG-G450.
This started at 2019-02-13 10:48:05 EST - or 0h 0m ago.
Note that excess broadcast packets can indicate a misconfigured layer 2 switch topology.

How do I check if this is real or just this system not understanding the MIBs?

 

[kyle555]

If you go in SMGR-->Configurations-->SMGR-->Trap Listener, you'll see SMGR's default trap receiver. You defined the SNMPv2/v3 strings when you deployed the OVA. Usually it's port 10162 and a community of like "avaya" or "initial"

If you show run in your G450, you'll see the SNMP config. You can add a SNMP destination of SMGR
You can see in SMGR's alarms viewer the traps the G450 is sending.

That would be if the G450 is sending SNMP traps advising of the condition. Its possible you have SNMP polling on port 161 enabled on the gateway. Stuff like "snmp poll: whats the temperature". Sure, the gateway has thresholds for "getting hot in here - MAJOR!" and "I'm cookin, time to shutdown - CRITICAL!" and those might be 35 and 40C respectively.
Your SNMP guys might poll temperature and if it's always 17C and over a few days it climbs to 25C, it might not be enough for the G450 to send an SNMP trap, but your SNMP guys logic might be "if temp on device is >X degrees above baseline monitoring, then make alarm"

So, maybe they're just polling the G450 about broadcast packets. Now, 1.431655765333E8 ... does that mean 143,165,576 packets/second? like 1.43x10^8? That could be a serious problem.

I've done a command within vlan 1:
(super-if:Vlan 1)# no ip directed-broadcast

It was on a real dumpster fire of a network. Windows 10 machines getting IPv6 and IPv4 addresses. What happens is if the Win10 box gets IPv4 192.168.1.2/24, they all ARP 192.168.1.3, 192.168.1.4, etc. So, 255 PCs ARP broadcasting 255 others for 65535 broadcasts. Not forwarding those broadcasts in the G450 helped a touch, but that was in major panic mode, like the gateway with PRI and phones at 1 location reporting upwards of 50% packet loss per call.

Having a quick look through the MIB files, it would appear that the G450 adopts pretty standard MIBs - so things like "SNMP poll interface status" and stuff would be nothing too proprietary. To say, the SNMP world has some standards for real basic stuff and on first glance, I might think Avaya adopted that methodology so you could SNMP poll 'broadcast packets per second' the same way on a G450 as any other common data switch that chose to adopt it.

Ask your guys if it was a poll or a trap. If it's a trap, you can make it hit SMGR to see for yourself. If it's a poll, then maybe they're right. Your next question to the LAN guys is "why are bajillions of broadcasts hitting my voip gateway?

 

[trilogy8]

If I log into the MG.. or a few different ones and clear counters and then run command 'show interface vlan 1' I see 1 broadcast appearing every 10-15 mins. Is that normal? The only things in this vlan are the MG/s8300 and IP phones.

 

[kyle555]

1 broadcast packet = nothing
1.4x10^8 broadcast packets per second = lethal

A broadcast is fine. Its normal and has to happen. When you plug on a network and get an IP 192.168.1.10 and you go

http://192.168.1.11,

you sent a broadcast to ARP "hey every MAC address, tell me if you are 192.168.1.11, I have a HTTP packet to send you"

Why do your network guys think the number is obscenely high?

 

[trilogy8]

It's not them. This monitoring tool is polling the MG via snmp and either needs to be tweaked and/or is misinterpreting what it's getting back from the MG. I saw the same alarm coming and clearing on multiple MG's for the same thing and started to look into it. They didn't think it was possible.

 

[kyle555]

If it's not them and the gateway is sending a trap, configure it to SMGR to see it for yourself - could always be a firmware bug.
Or, set yourself up a SNMP poll on the G450 and poll the same OID they are. If you poll "how many broadcasts are you receiving?" and the answer is ridiculously high when it is clearly not true, then you probably have a firmware bug

 

[trilogy8]

Is there a read on how to set this up? I'll also look into release notes on the different f/w versions.

 

[kyle555]

It's in the CLI and admin guides.

If you're brave, just 'show run' and you'll see a bunch of stuff about how the SNMP is setup. Copy/paste those lines with a new trap destination or a new IP the G450 will allow for polling and you should be able to work backwards from a gateway config.