#Harvest should monitor Cisco switches

The initial focus is on Cisco switches used as part of Metrocluster's Inter-Switch Link. We may expand support to other Cisco switches, but want to focus on Metrocluster first.

If you're interested in this feature, please run the script in this comment and email the Harvest team your switch details. This will help ensure that your switches are able to be monitored.

Thanks!

Is your plan to use SSH calls for the monitoring?

Yes

Are you aware that Cisco offers a REST API?

It appears that enabling them on boxes with specific versions is necessary or they are not available across all versions.

I think enabling a feature is not a big deal. The only non-EOA model NX9336C supports it for sure, even back to NX-OS 9.3 & 10.2, which was supported with ONTAP 9.8.

Sure. Yes we ll check this.

I'm no friend of poking the SSH for device monitoring. Though I must admit this "json-pretty" makes it somewhat usable 😅

yes. ssh json is the one we are exploring.

@left rain thanks again for the log files!

Can you say more about your reservations for using ssh to collect monitoring metrics? That seems like the transport that has the best support and best documentation for the CLI commands. Even though there are several REST models, it seems like ssh is still most often used to monitor (with a monitoring user that has limited privileges). The json filter means we don't need to parse unstructured CLI output

SSH is made for human interfacing and not an API. With the availability of a native and documented REST API it just feels wrong to rely on SSH. But maybe that is just my point of view.

understood

thanks for the feedback

Hi @left rain, We have a beta version of the Cisco collector available in nightly if you want to try it. We're working on a Cisco dashboard now. We took your feedback and switched the collector to REST instead of SSH. That means you will need to enable that feature on your switch.

To enable the REST API on your switch - ssh to your switch, and type

conf t
feature nxapi

To add the switch to your harvest.yml

switch1:
    addr: 10.65.50.35
    username: user               
    password: pass
    collectors:
        - CiscoRest

Do I need this configuration for each switch?

yes

Auto discovery of switches that are already configured in ONTAP would be cool.

I will try it out.

great!

I get some warnings like this:

level=WARN source=environment.go:259 msg="Unable to parse actualOut" Poller=redacted plugin=CiscoRest:Environment object=Environment error="strconv.ParseFloat: parsing " 132": invalid syntax" trimmed=" 132"

thanks @left rain we'll fix that. If you curl the poller, do you see the switch metrics?

Which model of switch gave that warning? Looks like a format change between versions

harvest status doesn't return a port where it is running

found it, exporters section was missing

I've fixed the bug you shared above. Do you see any other errors? Feel free to upload log files to https://upload.nabox.org/wany-quja-xare and I'll check

I get the interface statistics

Looks good

Do you plan to include SFP statistics?

I can't see any other error in the log.

SFP statistics, would that be collected via show interface transceiver | json-pretty?

The fix for the parsing bug is in the latest nightly if you want to try collecting environment stats. https://github.com/NetApp/harvest/releases/tag/nightly

Yes

Thanks. We should be able to add that. Here is an example out from one of your switches. Can you describe what you want included?

{
  "interface": "Ethernet1/1",
  "sfp": "present",
  "type": "QSFP-100G-PCC",
  "name": "Molex",
  "partnum": "aaa-bbb",
  "rev": "B0",
  "serialnum": "serial",
  "nom_bitrate": "25500",
  "len_cu": "2",
  "ciscoid": "17",
  "ciscoid_1": "0"
}

The inter-site links through our DWDM equipment use "glass" connections. It is important to monitor the SFPs power levels. These are good indicators to see if a connection goes bad.

{ "interface": "Ethernet1/15", "sfp": "present", "type": "10Gbase-SR", "name": "AVAGO", "partnum": "AFBR-710SMZ", "rev": "G5.1", "serialnum": "AC2211P0FH3", "nom_bitrate": "10300", ... "TABLE_lane": { "ROW_lane": { "temperature": "42.63", "temp_flag": null, "temp_alrm_hi": "85.00", "temp_alrm_lo": "-5.00", "temp_warn_hi": "80.00", "temp_warn_lo": "0.00", "voltage": "3.28", "volt_flag": null, "volt_alrm_hi": "3.60", "volt_alrm_lo": "3.00", "volt_warn_hi": "3.46", "volt_warn_lo": "3.13", "current": "7.06", "current_flag": null, "current_alrm_hi": "10.50", "current_alrm_lo": "2.50", "current_warn_hi": "10.50", "current_warn_lo": "2.50", "tx_pwr": "-2.38", "tx_pwr_flag": null, "tx_pwr_alrm_hi": "3.01", "tx_pwr_alrm_lo": "-8.99", "tx_pwr_warn_hi": "-1.02", "tx_pwr_warn_lo": "-4.98", "rx_pwr": "-3.72", "rx_pwr_flag": null, "rx_pwr_alrm_hi": "3.01", "rx_pwr_alrm_lo": "-15.08", "rx_pwr_warn_hi": "-1.02", "rx_pwr_warn_lo": "-15.08", "xmit_faults": "0" } }

interesting - looks like that show command has different shaped returns. For example, Ethernet1/1 has the shape I pasted above (no power), but Ethernet1/15 does have power

rx_pwr und tx_pwr in this example

Depends on what is inserted in the slot.

yep we replied at the same time 🙂

The controllers and shelfs are connected with copper cables.

There is no optic in that case.

wonder what unit this is? "tx_pwr": "-2.38",

maybe dBm

yes dBm

https://www.fs.com/blog/how-to-understand-rxtx-power-range-on-sfp-modules-392.html

thanks

I confirm latest nightly fixes the WARN events. Only the "Cluster info" message looks a bit weird. I don't know if that's important.

level=INFO source=poller.go:1515 msg="Cluster info" Poller=switchname remote="{Name:switchname Model:nxos UUID: Version:10.3.4a Release: Serial:cisco Nexus9000 C9336C-FX2 Chassis IsSanOptimized:false IsDisaggregated:false ZAPIsExist:false HasREST:false IsClustered:false}"

Do you mean that this log message is missing UUID and Release fields?

Yes, and "Serial" reporting the model.

Currently, the serial number is tagged with chassis_id.

https://github.com/NetApp/harvest/blob/main/cmd/collectors/cisco/rest/client.go#L174

What should we map it to? We are extracting data from show version for this purpose.
Are the UUID and release fields applicable for a Cisco switch? If not, we can consider hiding these in the logs for the switch.

It was just something I noticed and wanted to bring to your attention in case you see any relevance in it.

I don't think there is a UUID.

Sure Thanks! We'll check.

Thanks for confirming that nightly fixes the issues Mamoep. We'll ping you when we have the dashboard and optics collector completed. Please let us know if anything else is missing or needed

@left rain Optics collector is available in latest nightly. I used the json you shared earlier to help build it since the switch I have access to does not have optical interfaces.

@whole lichen The latest nightly isn't collecting anything and emits some warnings. I send the log via mail.

@left rain
There is an issue in the nightly build that prevents Cisco templates from working. It will be fixed in the PR (https://github.com/NetApp/harvest/pull/3578). As a workaround until a new nightly build is available, you can try removing the double quotes from the query in the template which should work.

https://github.com/NetApp/harvest/blob/main/conf/ciscorest/nxos/9.3.12/environment.yaml#L2
https://github.com/NetApp/harvest/blob/main/conf/ciscorest/nxos/9.3.12/interface.yaml#L2
https://github.com/NetApp/harvest/blob/main/conf/ciscorest/nxos/9.3.12/optic.yaml#L2

@left rain thanks for trying out the optics collector and reporting the bug you found. We've fixed that bug in the latest nightly

Latest Nightly does deliver some values. TX values seem cut-off

cisco_optic_rx{datacenter="",interface="Ethernet1/15",switch="switchname"} -3.12
cisco_optic_rx{datacenter="",interface="Ethernet1/16",switch="switchname"} -2.69
cisco_optic_rx{datacenter="",interface="Ethernet1/17",switch="switchname"} -2.51
cisco_optic_rx{datacenter="",interface="Ethernet1/18",switch="switchname"} -3.05
cisco_optic_tx{datacenter="",interface="Ethernet1/15",switch="switchname"} -2
cisco_optic_tx{datacenter="",interface="Ethernet1/16",switch="switchname"} -2
cisco_optic_tx{datacenter="",interface="Ethernet1/17",switch="switchname"} -2
cisco_optic_tx{datacenter="",interface="Ethernet1/18",switch="switchname"} -2

Also there are no values for the existing 40G transceivers that are offline.

thanks for the confirmation! Let me check the json you provided earlier

They report tx_pwr but no rx_pwr. I didn't know if it was intended to leave out offline ports.

I see three kinds of responses to show interface transceiver details and I captured those in testdata here https://github.com/NetApp/harvest/blob/main/cmd/collectors/cisco/plugins/optic/testdata/N9K-C9336C-FX2_10.3.4-show_interface_transceiver_details.json#L6

I don't see any examples from the json's your provided earlier that include tx_pwr without rx_pwr. Do you have a json (from show interface transceiver details | json-pretty) you can share that shows that behavior?

"cisco_nx9336c_mcc-switch_out.txt" I shared, Port Ethernet1/22/*

thanks! yes, I see that. tx_pwr is present but rx_pwr is missing. My regex was defeated because all of the other matchin rx_pwr_* keys. I'll update the code to handle this case, exporting tx_pwr metrics when rx_pwr metrics are missing and fix the tx_pwr truncation you highlighted above

I'm not seeing any parser bugs for the truncated cisco_optic_tx metric - since a few minutes have passed, do you still see the collector reporting -2? And if so, does show interface transceiver details | json-pretty show a different value for tx_pwr for one of the interfaces with truncated power?

The existing testcase, parses rxpower and txpower from the json's you provided and verifies that the values match https://github.com/NetApp/harvest/blob/8009aa493e472957119555b25c4c91bf4ebcf2d2/cmd/collectors/cisco/plugins/optic/optic_test.go#L23

Issue is still visible, CLI output is similar to the test data.

"tx_pwr": "-2.35"
"tx_pwr": "-2.51"
"tx_pwr": "-2.31"
"tx_pwr": "-2.50"

thanks for confirmation

RX and TX are treated differently in the optic.go

https://github.com/NetApp/harvest/blob/8009aa493e472957119555b25c4c91bf4ebcf2d2/cmd/collectors/cisco/plugins/optic/optic.go#L171

Nevermind, I missed line 163 where RX is assigned earlier 😄

that code mens if rx_pwr is missing, tx_pwr won't be exported. That's the bug I've fixed, but that does not explain the parsing difference

the testcase, I pasted above, passes with your provided json so the truncation bug must happen further downstream. hmmm

new nightly fixes offline transceiver issue you reported. Let us know if that fixes the issue when you get a chance. With the new nightly, if you still see truncated tx values can you email us the output from show interface transceiver details | json-pretty again? If I still don't see the issue, we'll provide a debug build. Can you remind me how you are installing Harvest to test these Cisco runs?

I tested the new build. The truncated values are still visible. I sent the output via email.

I use the RPM on RHEL8

Thanks. It is strange that RX works fine but TX has issues given both have similiar code.

In test case, TX data looks correct

I noticed that the datacenter label is empty in the switch metrics. Is the datacenter field missing in the Switch Harvest configuration?

yes, that is not configured currently

hi @left rain perhaps the CLI is returning different values than nx-api. Let's check that. Can you try running the following and sending us the show-interface-transceiver-details.json file? Please replace $user, $pass, $ip with your values
curl -k -u$user:$pass -X POST https://$ip/ins -H "Content-Type: application/json" -d '{"ins_api":{"version":"1.0","type":"cli_show","chunk":"0","sid":"sid","input":"show interface transceiver details","output_format":"json"}}' > show-interface-transceiver-details.json

Seems like you're correct. 😩 I sent the file as requested.

thanks!

sigh indeed, looks like a Cisco bug. What if you change type from cli_show to cli_show_array, does that give you a float instead of an int?

curl -k -u$user:$pass -X POST https://$ip/ins -H "Content-Type: application/json" -d '{"ins_api":{"version":"1.0","type":"cli_show_array","chunk":"0","sid":"sid","input":"show interface transceiver details","output_format":"json"}}'

That looks better

Native API output from "/api/class/eqptFcotSensor.json" also delivers good values.

excellent, thanks

There's a new nightly that uses cli_show_array instead of cli_show if you want to try it out

Latest nightly doesn't collect any Optic Metrics

time=2025-04-30T09:45:23.142+02:00 level=INFO source=collector.go:601 msg=Collected Poller=switchname collector=CiscoRest:Optic apiMs=0 bytesRx=14338 calcMs=0 exportMs=0 instances=0 instancesExported=0 metrics=0 metricsExported=0 numCalls=1 parseMs=0 pluginInstances=0 pluginMs=1150 pollMs=1150 renderedBytes=0 zBegin=1745999121992

I see the issue. Structure for cli_show_array is little different. This needs to be handled.

We'll fix it via https://github.com/NetApp/harvest/pull/3589 and update you once new nightly is available with fix.
Thanks.

@left rain Fix is included in nightly build https://github.com/NetApp/harvest/releases/tag/nightly
Please let us know if it fixes the optics issue.

Is it also planed to check cisco crc port errors?

Could you share the cisco switch CLI command for that?

--------------------------------------------------------------------------------
Port          Align-Err    FCS-Err   Xmit-Err    Rcv-Err  UnderSize OutDiscards
--------------------------------------------------------------------------------
mgmt0                 0          0         --         --         --          --
Eth1/1                0          0          0          0          0           0
Eth1/2                0          0          0          0          0           0
Eth1/3                0          0          0          0          0           0
Eth1/4                0          0          0          0          0           0
Eth1/5                0          0          0          0          0     1857168
Eth1/6                0          0          0          0          0    27884464
Eth1/7                0          0          0          0          0           0
Eth1/8                0          0          0          0          0           0
Eth1/9                0          0    4128188          0          0        6370 ```

or ``` nasw3-mc1-nbg3# show interface counters errors non-zero

Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize OutDiscards

Eth1/5 0 0 0 0 0 187319
Eth1/6 0 0 0 0 0 3644271
Eth1/15 1 30930 0 30931 0 0
Po20 0 0 133191230816256 0 4294967296 0 ```

Thanks! You want to monitor all these Err? or specific ones?

let me check...

it think this command is more clear

Ethernet1/15 is up
admin state is up, Dedicated Interface
  Belongs to Po20
...
  RX
    219811618009 unicast packets  5555257 multicast packets  13166 broadcast packets
    219825261692 input packets  590755573107974 bytes
    69196011137 jumbo packets  0 storm suppression bytes
    0 runts  7434 giants  8067826 CRC  0 no buffer
    8075260 input error  0 short frame  0 overrun   0 underrun  0 ignored
    0 watchdog  0 bad etype drop  0 bad proto drop  0 if down drop
    0 input with dribble  0 input discard
    0 Rx pause
    0 Stomped CRC
  TX
    228647074372 unicast packets  1767250 multicast packets  16213 broadcast packets
    228648857835 output packets  723081482793294 bytes
    85844898339 jumbo packets
    0 output error  0 collision  0 deferred  0 late collision
    0 lost carrier  0 no carrier  0 babble  1213 output discard
    0 Tx pause

nasw3-mc1-nbg3#  ``` CRC should be enough

may input errors too

Could you share which fields are you looking for in attached output?

 "eth_inerr": 0,```

We are already collecting below for each interface

eth_inbytes
eth_outbytes
eth_inerr
eth_outerr
eth_inmcast
eth_inbcast

Thanks. We'll add eth_crc as well.

perfect - thanks

It will be added via PR https://github.com/NetApp/harvest/pull/3590
This is for each interface.

this improvement will also help to improve troubleshooting for https://kb.netapp.com/on-prem/ontap/Ontap_OS/OS-KBs/CRC_Errors_Detected_-_High_CRC_errors_detected_on_cluster_port

Nice!

Next step is building a dashboard to make the crc errors visible?

yes, that is being done in https://github.com/NetApp/harvest/pull/3574

nice

wow, the nexus os and bios version will also be collected "biosVersion": "BIOS Version", "chassis": "Chassis", "hostname": "HostName", "osVersion": "OS Version", https://github.com/NetApp/harvest/blob/hl_cisco_dash/grafana/dashboards/cisco/cisco.json

@idle flame appreciate you taking a look, please let us know if there is anything else needed. @pulsar tundra is working on the dashboard and the switch, hostname, up time, chassis, bios, and os version will be shown like this in the dashboard

RCF Version ?

do you know which command returns the RCF version?

let me check

******************************************************************************
* NetApp Reference Configuration File (RCF)
*
* Switch    : NX9336C (direct storage, Transition, L2 Networks, direct ISL)
* Filename  : NX9336C-FX2_v2.10_Switch-B2.txt
* Date      : Generator: v1.6c 2023-12-05_001, file creation: 2024-07-29, 11:19:36
*
* Platforms : 1: MetroCluster 1 : FAS9000, AFF-A700, AFF-C800, ASA-C800, AFF-A800, ASA-A800
*           : 3: MetroCluster 1 : Cluster Port Speed FC Nodes
*
* Port Usage:
* Ports  1- 2: Intra-Cluster Node Ports, Cluster: MetroCluster 1, VLAN 201
* Ports  3- 4: Ports not used
* Ports  5- 6: 40G / 100G Ports for MetroCluster FC to IP transition
* Ports  7- 8: Intra-Cluster ISL Ports, local cluster, VLAN 201
* Ports  9-10: MetroCluster 1, Node Ports, VLAN 20
* Ports 11-12: Ports not used
* Ports 13-14: Ports not used
* Ports 15-20: MetroCluster ISL, VLAN 20, Port Channel 20, 40G / 100G
* Ports 21-24: MetroCluster ISL, VLAN 20, Port Channel 21, 4x10G breakout
* Ports 25-30: Ports not used
* Ports 31-36: Ports not used
*
******************************************************************************
nasw3-mc1-nbg3# ```

thanks! same should be available via show version

so * Date : and * Filename:

we'll add those

show version doesn't display these details

yes, I noticed. The ssh banner does, which was how I was running show version. I see it with show banner motd

thanks, we'll add this and include in the same table I shared above

@idle flame how does this look? Given the following banner motd filename and date
Filename : NX3132Q-V_v2.00_Switch-A1.txt
Date : Generator: v1.6b_2023-07-18_001, file creation: 2024-02-15, 10:28:44

We will export switch labels that look like this:
rcf_filename="NX3132Q-V_v2.00_Switch-A1.txt", rcf_generator="v1.6b_2023-07-18_001"

How does that look? Do you also want file creation?

looks okay for me 🙂

Storage Switch RCF looks a little different than MCC Switch

`**********************************************************

• NetApp Reference Configuration File (RCF)
• Switch : Nexus N9K-C9336C-FX2
• Filename : Nexus-9336C-RCF-v1.8-Storage.txt
• Date : 07-15-2021
• Version : v1.8
• Port Usage : Storage configuration
• Ports 1-36: 100GbE Controller and Shelf Storage Ports

**********************************************************`

if possible Version: could be collected as well

thanks Mamoep. @idle flame are you saying that it would be better to publish rcf_version instead of rcf_generator? For the example text you provided, would version be 1.6c or would it be v1.6c_2023-12-05_001

Another example for cluster switches:
`******************************************************************************

• NetApp Reference Configuration File (RCF)

• Switch : NX3232C

• Filename : NX3232C-RCF-v1.10-Cluster-HA.txt

• Date : 10-04-2023

• Version : v1.10

• Port Usage:

• Ports 1-30: 40/100GbE Intra-Cluster/HA Ports, int e1/1-30

• Ports 31-32: Intra-Cluster ISL Ports, int e1/31-32

• Ports 33-34: 10G Intra-Cluster/HA Ports, e1/33-34

• This RCF supports Clustering, HA, RDMA, and DCTCP using a single port profile.

• IMPORTANT NOTES

• • This RCF utilizes QoS and requires TCAM re-configuration, requiring RCF

• to be loaded twice with the Cluster Switch rebooted in between.

******************************************************************************`

thanks! so for this switch we would export the labels rcf_filename="NX3232C-RCF-v1.10-Cluster-HA.txt" and rcf_version=v1.10 Does that look good?

the mcc rfc's are generated with a rfc generator from netapp - if this generator would create rfc with the correct version: tag everything would be a bit easier

ah, that makes sense. Assuming that we can't fix the generator 🙂 what do you think about the labels shown above?

* Date      : Generator: v1.6c 2023-12-05_001, file creation: 2024-07-29, 11:19:36
 ``` generated with the Generator

* Date     : 10-04-2023
* Version  : v1.10 ``` downloaded from mysupport

i think the labels are fine. Version won't work for the rfc's generated with the generator

I can make it work for the rfc's generated with the generator (assuming that format is stable)
for the first one, would you prefer
rcf_version="v1.6c 2023-12-05_001"
or
rcf_version="v1.6c"

rcf_version="v1.6c"

thanks, we'll do that

I tested the latest nightly. Optics are collected correctly now.

Thanks for the confirmation!

Does ONTAP know the switch credentials? I thought it was just CDP/LLDP communication.

Sorry I'm 2 weeks late to the conversation. This switch monitoring is really cool

ONTAP can be configured for switch log collection and will save credentials for that. Those won't be visible after configuration though. A set of default credentials or a credential provider could be used to for auto-discovered switches.

@left rain @idle flame @shrewd venture Cisco dashboard is checked in and available in nightly build if you want to try. Thanks.
https://github.com/NetApp/harvest/releases/tag/nightly

Anyone tried the new Cisco switch dashboard in nightly yet and if so any feedback?

Some folks have requested that the Cisco collector also collect neighbor info and show that in the dashboard too. If you get a chance please run the following on your switches and email us your response(s) so we can validate the neighbor template. Thanks!
show lldp neighbors detail | json-pretty
show cdp neighbors detail | json-pretty
email: ng-harvest-files@netapp.com

I'm currently busy and wasn't'd able to test the new nightly.

i'll mail you the output to ng-harvest-files@netapp.com ...

thanks!

Do you agree that including LLDP and CDP would be useful?

not really, I've no idea what the add value should be

thanks for the feedback - i'll get more details on the value add from the folks requesting. I think it can show which ONTAP clusters are also connected to the same switch, which is useful for MCC

may it make sense in metro cluster environments, but the neighbors details are static and should not be change ...

thanks for the files @idle flame much appreciated

Hi @whole lichen on the Switch dashboard is noted that the keyperf collector also is needed. Is this in general needed for the cisco metrics or only for the dashboard?

@waxen talon The ONTAP: Switch dashboard displays metrics for switches available via ONTAP. In contrast, the Cisco: Switch dashboard is intended to collect metrics directly from Cisco switches.

Ahh the Cisco Switch dashboard is not imported in the nabox @fleet silo when I remember right there was like a filter for the automated import right?

Humm ... Planning to update on Thursday, to show off the cool new MCC ISL Stats ... Would be good to know if there are any wrinkels or extra steps!

In the iterim, you can import the Cisco dashboard manually if Nabox is not importing it when you upgrade
https://github.com/NetApp/harvest/blob/main/grafana/dashboards/cisco/cisco.json

Hello, my Cisco switches are cluster, not metrocluster. I created the user with role network-operator and enabled the nxapi. However, I am not able to add the switches in the NABox configuration. I am getting the error in the screenshot. Is the Cisco monitoring still targeting just metorcluster switches? The switch Os is a bit old tooSwitch : NX9336C-FX2
| * Filename : NX9336C-FX2-RCF-v1.10-Cluster-HA-Breakout.txt
| * Date : 10-04-2023
| * Version : v1.10

@river bloom Could you upload NABox support bundle @ https://upload.nabox.org/vefe-kovy-pavo

Hi Rahul, thank you for getting back to me! Before collecting the bundle I decided to attempt one more time to add the switch and it worked. Apparently, when I was copying the password, there was an empty character at the end of it. So, this was a user error 😞Thank you again!