RidgeRun SNMP guide

From RidgeRun Developer Wiki
Revision as of 15:59, 18 March 2014 by Spalli (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Introduction

On this page you will find a set of useful links that will allow you understand the basic concepts related with the Simple Network Management Protocol (SNMP) as well as its architecture or model mainly constituted by the SNMP Manager, managed devices, SNMP agents and a Management Information Base (MIB). Furthermore, you will find an explanation about how to use the snmpd application which is a SNMP daemon that you can run in your network device in order to monitor or control it. This SNMP application is part of a set of tools called Net-SNMP that is included in the RidgeRun SDK.

SNMP

The Simple Network Management Protocol (SNMP) is an application layer protocol to exchange information between network devices. It has as main goal facilitate the monitor and manage of these devices as well as enhance the network performance and solve network problems.

A comprehensive explanation about SNMP and its model can be found in Simple Network Management Protocol which can be complemented with the information available in SNMP tutorial

Net-SNMP

In order to support the SNMP protocol RidgeRun has included the net-snmp application in its SDK allowing the user to obtain information from the board that is running the RidgeRun's SDK. To enable this application in your SDK open a make config menu and go to File System Configuration ->Select target's file system software and select net-snmp-5.6, finally, compile your SDK again. With this, the SDK is going to compile and integrate the application in your system.

Mainly two executables are added to your board, if $(FSROOT) contains the root filesystem's path of your board, these binaries will be stored in $(FSROOT)/usr/sbin/. The first of these binaries, called snmpd is the SNMP daemon or agent that allows the target board to send a response when a SNMP request from a network management system (NMS) is received, this according to the definitions or objects contained in the MIB located in $(FSROOT)/usr/share/snmp/mibs. Moreover, the second one called snmptrapd is an application that allows to receive traps and run or execute some commands once the trap has been received. In this section you will find how to use snmpd, further information about snmptrapd and its uses can be found in Net-SNMP Tutorial -- traps.

SNMP daemon (snmpd)

Configuration

In order to run properly the snmpd daemon you need to define the configuration's parameters to be used by the daemon, these parameters are defined in a file called snmpd.conf that is located in $(FSROOT)/usr/share/snmpd/snmpd.conf. Among the most important parameters that you must define in this file are:

1. Ports to listen: This can be a port or a list of ports that the snmpd will be listening for snmpd requests. 

agentAddress udp:161,udp6:161

In this case, ports numbers 161 for both, IPv4 and IPv6 are being used to receive snmp requests, if your configuration doesn't support IPv6 you should use: 

agentAddress udp:161

It's important to mention that the Net-SNMP included in the RidgeRun's SDK has been modified to run properly even in cases when there are IPv6 ports definitions to listen in the configuration file and you board doesn't have the IPv6 kernel module enabled. Hence, you can use the same configuration file with a list of ports to listen and the daemon will run properly if at least one of the ports specified in the list can be opened by snmpd.

2. Community: with this definition you will set the privileges that an specific community of users will have, i.e, the permissions that a NMS will have to control your board, for instance, suppose a community called users1 that will access the target board using IPv4 and must have read only privileges. Furthermore, suppose another community called users2 that have to have read and write permissions and access the board using IPv6, in this case the following definitions have to be added to the configuration file: 

rocommunity  users1  default   
rwcommunity6 users2  default

There are a lot of possible configurations for the snmp daemon and it will depend of your application, a detailed manual of definitions that can be included in the snmpd.conf configuration file can be found in the snmpd.conf manpage. Furthermore, a stable and tested configuration file with the above example can be found in RidgeRun SNMP configuration file

Running SDMPD

In this section you will find how to start the snmp daemon in your board as well as some examples about how to access it using from a NMS in an UBUNTU host machine.

Board Side

1. Start the snmp daemon, you need to specify the path of your configuration file with the option -c: 

snmpd -c /usr/share/snmp/snmpd.conf

2. Check if the ports specified in your configuration file have been properly opened using the netstat command: 

/ # netstat -na
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
udp        0      0 0.0.0.0:2048            0.0.0.0:*                           
udp        0      0 0.0.0.0:161             0.0.0.0:*                           
udp        0      0 0.0.0.0:162             0.0.0.0:*                           
udp        0   1360 0.0.0.0:750             0.0.0.0:*                           
udp        0      0 :::161                  :::*                                
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ]         DGRAM                      1015 /dev/log

In this case the port number 161 for both internet protocols (IPv4 and IPv6) are open. At this point your board is able to receive and reply SNMP requests.

Ubuntu Host Machine Side(NMS)

1. Download the Net-SNMP tools from the Net-SNMP Sourceforge Page and uncompress it. 

wget http://downloads.sourceforge.net/project/net-snmp/net-snmp/5.6.1/net-snmp-5.6.1.tar.gz
tar -xf net-snmp-5.6.1.tar.gz

2. Go to the net-snmp-5.6.1 and run the configure script with the following parameters 

cd net-snmp-5.6.1
./configure --enable-ipv6  --enable-mfd-rewrites --with-default-snmp-version="3" --with-sys-contact="Name <email@address>" --with-sys-location="Description" --with-logfile="/var/log/snmpd.log" --with-persistent-directory="/var/net-snmp"

this is going to configure your Net-SNMP tools to support IPv6 and you should see a configuration summary like this: 

---------------------------------------------------------
            Net-SNMP configuration summary:
---------------------------------------------------------

  SNMP Versions Supported:    1 2c 3
  Building for:               linux
  Net-SNMP Version:           5.6.1
  Network transport support:  Callback Unix Alias TCP UDP TCPIPv6 UDPIPv6 IPv4Base SocketBase TCPBase UDPIPv4Base UDPBase IPv6Base
  SNMPv3 Security Modules:     usm
  Agent MIB code:             default_modules =>  snmpv3mibs mibII ucd_snmp notification notification-log-mib target agent_mibs agentx disman/event disman/schedule utilities host
  MYSQL Trap Logging:         unavailable
  Embedded Perl support:      enabled
  SNMP Perl modules:          building -- embeddable
  SNMP Python modules:        disabled
  Crypto support from:        internal
  Authentication support:     MD5 SHA1
  Encryption support:         DES AES

---------------------------------------------------------

3. Compile Net-SNMP 

make

4. Now you can go to the apps directory and use the tool that you want. 

cd apps

You can find more information about each of these tools in the section called Net-SNMP Command Line Applications in the Net-SNMP Tutorial. In this guide three main tools are going to be explained with examples: snmpwalk, snmpget and snmpset.

snmpwalk

The command takes a single object identifier ( OID), and will display a list of all the results which lie within the subtree rooted on this OID, for instance if you want to receive all the subtree of interfaces you can run: 

./snmpwalk -Os -c RidgeRun -v 1 IPv4addressOfYourBoard interfaces

You should receive a log like this: 

ifNumber.0 = INTEGER: 3
ifIndex.1 = INTEGER: 1
ifIndex.2 = INTEGER: 2
ifIndex.3 = INTEGER: 3
ifDescr.1 = STRING: lo
ifDescr.2 = STRING: eth0
ifDescr.3 = STRING: sit0
ifType.1 = INTEGER: softwareLoopback(24)
ifType.2 = INTEGER: ethernetCsmacd(6)
ifType.3 = INTEGER: tunnel(131)
ifMtu.1 = INTEGER: 16436
ifMtu.2 = INTEGER: 1500
ifMtu.3 = INTEGER: 1480
ifSpeed.1 = Gauge32: 10000000
ifSpeed.2 = Gauge32: 100000000
ifSpeed.3 = Gauge32: 0
ifPhysAddress.1 = STRING: 
ifPhysAddress.2 = STRING: 34:12:78:56:ab:90
ifPhysAddress.3 = STRING: 
ifAdminStatus.1 = INTEGER: up(1)
ifAdminStatus.2 = INTEGER: up(1)
ifAdminStatus.3 = INTEGER: down(2)
ifOperStatus.1 = INTEGER: up(1)
ifOperStatus.2 = INTEGER: up(1)
ifOperStatus.3 = INTEGER: down(2)
ifLastChange.1 = Timeticks: (0) 0:00:00.00
ifLastChange.2 = Timeticks: (0) 0:00:00.00
ifLastChange.3 = Timeticks: (0) 0:00:00.00
ifInOctets.1 = Counter32: 3437332
ifInOctets.2 = Counter32: 31611097
ifInOctets.3 = Counter32: 0
ifInUcastPkts.1 = Counter32: 24337
ifInUcastPkts.2 = Counter32: 170721
ifInUcastPkts.3 = Counter32: 0
ifInNUcastPkts.1 = Counter32: 0
ifInNUcastPkts.2 = Counter32: 529
ifInNUcastPkts.3 = Counter32: 0
ifInDiscards.1 = Counter32: 0
ifInDiscards.2 = Counter32: 0
ifInDiscards.3 = Counter32: 0
ifInErrors.1 = Counter32: 0
ifInErrors.2 = Counter32: 0
ifInErrors.3 = Counter32: 0
ifInUnknownProtos.1 = Counter32: 0
ifInUnknownProtos.2 = Counter32: 0
ifInUnknownProtos.3 = Counter32: 0
ifOutOctets.1 = Counter32: 3437332
ifOutOctets.2 = Counter32: 3320365
ifOutOctets.3 = Counter32: 0
ifOutUcastPkts.1 = Counter32: 24337
ifOutUcastPkts.2 = Counter32: 44039
ifOutUcastPkts.3 = Counter32: 0
ifOutNUcastPkts.1 = Counter32: 0
ifOutNUcastPkts.2 = Counter32: 0
ifOutNUcastPkts.3 = Counter32: 0
ifOutDiscards.1 = Counter32: 0
ifOutDiscards.2 = Counter32: 0
ifOutDiscards.3 = Counter32: 0
ifOutErrors.1 = Counter32: 0
ifOutErrors.2 = Counter32: 0
ifOutErrors.3 = Counter32: 0
ifOutQLen.1 = Gauge32: 0
ifOutQLen.2 = Gauge32: 0
ifOutQLen.3 = Gauge32: 0
ifSpecific.1 = OID: zeroDotZero
ifSpecific.2 = OID: zeroDotZero
ifSpecific.3 = OID: zeroDotZero

You can request the same information using IPv6 with the following command: 

./snmpwalk -Os -c RidgeRun -v 1 ipv6:[IPv6addressOfYourBoard] interfaces

Moreover, if you want to know all the OIDs (and its current values) that your board contains in its MIB you can run snmpwalk without specify any OID: 

./snmpwalk -Os -c RidgeRun -v 1 IPv4addressOfYourBoard
snmpget

This command is used to request the value associated with a specific OID in your board or agent, for instance in the subtree called interfaces there is an object called ifPhysAddress.2 that contains the MAC address of your device. If you want to request the value of that OID, you can issue: 

./snmpget -v2c -Cf -c RidgeRun IPv4addressOfYourBoard ifPhysAddress.2

response: 

IF-MIB::ifPhysAddress.2 = STRING: 34:12:78:56:ab:90

with an IPv6 address 

./snmpget -v2c -Cf -c RidgeRun ipv6:[IPv6addressOfYourBoard] ifPhysAddress.2
snmpset

This command is used to set or changes values in the MIB of your target board. For instance, if you want to change the name of your board in the network you can issue 

./snmpset  -c RidgeRun -v2c IPv4addressOfYourBoard sysName.0 s NewName

You can check that the name has changed using snmpget: 

./snmpget  -c RidgeRun -v2c IPv4addressOfYourBoard sysName.0

the result will be: 

SNMPv2-MIB::sysName.0 = STRING: NewName

LINKS

Retrieved from "http://developer.ridgerun.com/wiki/index.php?title=RidgeRun_SNMP_guide&oldid=6299"