|Basic Information on Check|
|Name of Check||ICMP||Technical Name||check_icmp|
|Available in||Standard||Number of Arguments||0|
|From Version||ARANSEC 1.2||Compability||All ARANSEC and CustoSec|
Scope of Check
This is an easy-to-use standard check to check the network connectivity to a Host within the local network or the internet. By doing so, it has 2 different scopes of application:
- To check the network connectivity (in this case it is implemented as a service check)
- To check the availability of a Host (when implemented as a host check)
The check sends a series of ping’s (based on the ICMP protocol) to the targeted host and waits for an answer. WARNING and CRITICAL values are fixed and cannot be changed.
For the check to work properly the following requirements must be met:
- the check is configured as a service check on the target host that should be monitored (for network connectivity) or
- the Check is implemented as a Host Check to check the availability (standard setting in ARANSEC/CustoSec)
There are no arguments for this check.
How the Check works
As a Service Check: The check will send 5 ping’s (echo requests) to the targeted host, once it is executed. The ping’s are sent out as fast as possible, where one ping is only sent when the previous ping has got an answer or latest after 80.000 milliseconds (80 seconds). Out of the answers (echo responses) it is calculating the check result as an arithmetical average. The output contains the following information:
- IP-Address or hostname of the targeted host;
- rta (Round Trip Average) in milliseconds (ms). This is calculated based on the RTT (Round Trip Time) of each single ping. The (fixed) threshold for WARNING is 200.000 ms (which equals 2 seconds) and for CRITICAL is 500.000 ms (5 seconds);
- lost (packet loss) in percent (%): A packet is declared lost if the ICMP message has been discard on the way or if it is returned after the timeout value equal to 2 seconds. Packet losses will lead to a high TCP retransmission rate with the consequence of a slow or interrupted network application. In a LAN environment there shouldn't be any packet losses (cited after www.openmaniak.com/ping.php). The check itself will provide the average calculated out of the 5 ping’s it does. The WARNING threshold is 40% and the CRITICAL threshold is 80%.
As a Host Check: For a host check there is no need to test the time to answer. All you want to know in this case is if the host is alive or not. The check will also send the ping’s and wait for an answer. But after the first echo reply (answer) that he gets, the check will deliver an "OK". Reason is to keep workload for the monitoring system as low as possible.
Returned Values of the Check
The Check returns the following values and information (Check ICMP - other variants of the ICMP checks work accordingly).
|OK||rta=0.014ms;200.000;500.000;0; pl=0%;40;80;;||The output contains the Status, the IP Address of the targeted hosts; the rta (return time average) in milliseconds and the lost packages in %. The rest of the string contains the rta and the packet losses together with their WARNING and CRITICAL thresholds.|
|WARNING||rta=0.021ms;200.000;500.000;0; pl=50%;40;80;;||WARNING is issued, because the packet loss was 50% and the WARNING threshold is 40%.|
|CRITICAL||rta=653.153ms;200.000;500.000;0; pl=50%;40;80;;||CRITICAL is issued, because the rta was 653.1534 milliseconds which is more than the Critical threshold; the packet loss was 50% and the WARNING threshold is 40%, so there would have been a WARNING as well, which is not issued because the status became CRITICAL anyway.|
Overview ICMP Checks
ICMP Checks come in different variants. There are 3 versions with fixed WARNING and CRITICAL thresholds. They are designed to be easy and quickly to use.
All of these checks can be used as host or service checks.
ICMP Checks with fixed thresholds:
|Check||RTA-WARNING (ms)||RTA-CRITICAL (ms)||Lost Packets WARNING||Lost Packets CRITICAL||Remarks|
|Check ICMP||200.000||500.000||40||80||Standard settings|
|Check ICMP High||1200.000||1500.000||25||30||Usually longer RTA lead to less packet loss|
|Check ICMP Very High||3000.000||6000.000||50||80||Very high values.|
Besides these Standard Checks, there are 2 versatile checks available with arguments to set WARNING and CRITICAL thresholds as needed.
|Check||Argument 1||Argument 2||Argument 3||Argument 4||Argument 5||Remarks|
|Check ICMP Free||WARNING Thresholds||CRITICAL Threshold||Read more on the check's site|
|Check ICMP Free Packets||Packet Intervall||Packets||Timeout||WARNING||CRITICAL||Read more on the check's site|
- Just to make it clear: The notation for milliseconds is: 1000.000 for one million, with the "." dot as a thousands separator at the first thousand.
- This check can also be used to monitor a website. in this case the website has to be configured as a host and ICMP Check as a Host and/or Service Check.
In large networks with a big number of hosts that are all being monitored with this ICMP check and a short check interval, it can lead to problems with the routers and switches. This is a typical scenario:
There is a host group containing 400 hosts and this host group has an ICMP check as a service check with a check interval of let's say 2 minutes.
The check will return a lot of these hosts as CRITICAL or WARNING (always different hosts) and high rta-values (round trip average) and a lot of lost packages.
If one of these hosts is pinged from a different system (i.e. a work station), the ping returns a normal rtt (round trip times).
This very much looks like a cause for a complaint, since ARANSEC / CustoSec obviously does not work correctly. But this is wrong!
Usually the problem are switches or routers, that cannot handle the amount of ping's (2.000 in 120 seconds in this case, which is 16,7 ping's per second).
To solve this problem it is recommended to use the ICMP Free Packets Check.