Problem
You launched an SNMP discovery run but didn't find all of the expected devices.
Solution
The SNMP discovery process will run against every IP address in your list from the cidrs section in the discovery configuration. During the scan, there's a TCP port check to ensure the target IP address is responsive. If successful, ktranslate will then attempt to communicate with the IP address via SNMP.
Common failure points in the discovery process include:
- Timeouts due to either network latency or device response times to SNMP requests. Meraki Cloud Controllers recommend at least a 10s timeout value, for instance.
- Initial failures on the responsiveness check from devices that are generally under tighter security postures, like firewalls.
- Timeouts due to excessively large IP range presented in the
cidrssection of the discovery configuration.
Important
By default, the SNMP discovery uses 4 threads to run asynchronously with a 3 second timeout per IP address. For a /22 CIDR block with 1,024 total IP addresses, you should expect approximately 13 minutes for a discovery job to complete:
1,024 IPs / 4 threads = 256 IPs per thread 256 IPs per thread * 3 seconds per IP = 768 seconds768 seconds / 60 = 12.8 minutesFor a /16 CIDR block with 65,536 total IP addresses, it'd take approximately 13.65 hours.
To work around these problems, try one or all of the following solutions:
- Edit the
snmp-base.yamland increase the timeout value for thetimeout_msvariable. - For devices that still seem unresponsive, set all the
cidrsvalues to a length of/32, which forces the discovery process to skip the responsiveness check and only attempts the SNMP connection. - If you are receiving timeouts on the entire job, ensure that you're limiting the provided CIDR blocks to 1,024 or less total IPs. For example, a CIDR range between
/22and/32. You can provide multiple blocks of/22in a single configuration file, but overall we recommend you to horizontally scale into multiple containers when you have large target environment versus trying to do all of the work in a single container.
Tip
If you have a large set of devices that are being skipped because of the port scan you can edit the snmp-base.yaml file and enable the option for check_all_ips to skip the port scan and just go directly to testing SNMP credentials against every address in your discovery. Keep in mind that this option will increase the time it takes to complete a discovery based on the timeout and retry values in the configuration.