snmp.texi 6.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186
  1. @node SNMP Support
  2. @chapter SNMP Support
  3. @acronym{SNMP,Simple Network Managing Protocol} is a widely implemented
  4. feature for collecting network information from router and/or host.
  5. Quagga itself does not support SNMP agent (server daemon) functionality
  6. but is able to connect to a SNMP agent using the SMUX protocol
  7. (@cite{RFC1227}) or the AgentX protocol (@cite{RFC2741}) and make the
  8. routing protocol MIBs available through it.
  9. @menu
  10. * Getting and installing an SNMP agent::
  11. * AgentX configuration::
  12. * SMUX configuration::
  13. * MIB and command reference::
  14. * Handling SNMP Traps::
  15. @end menu
  16. @node Getting and installing an SNMP agent
  17. @section Getting and installing an SNMP agent
  18. There are several SNMP agent which support SMUX or AgentX. We recommend to use the latest
  19. version of @code{net-snmp} which was formerly known as @code{ucd-snmp}.
  20. It is free and open software and available at @uref{http://www.net-snmp.org/}
  21. and as binary package for most Linux distributions.
  22. @code{net-snmp} has to be compiled with @code{--with-mib-modules=agentx} to
  23. be able to accept connections from Quagga using AgentX protocol or with
  24. @code{--with-mib-modules=smux} to use SMUX protocol.
  25. Nowadays, SMUX is a legacy protocol. The AgentX protocol should be
  26. preferred for any new deployment. Both protocols have the same coverage.
  27. @node AgentX configuration
  28. @section AgentX configuration
  29. To enable AgentX protocol support, Quagga must have been build with the
  30. @code{--enable-snmp} or @code{--enable-snmp=agentx} option. Both the
  31. master SNMP agent (snmpd) and each of the Quagga daemons must be
  32. configured. In @code{/etc/snmp/snmpd.conf}, @code{master agentx}
  33. directive should be added. In each of the Quagga daemons, @code{agentx}
  34. command will enable AgentX support.
  35. @example
  36. /etc/snmp/snmpd.conf:
  37. #
  38. # example access restrictions setup
  39. #
  40. com2sec readonly default public
  41. group MyROGroup v1 readonly
  42. view all included .1 80
  43. access MyROGroup "" any noauth exact all none none
  44. #
  45. # enable master agent for AgentX subagents
  46. #
  47. master agentx
  48. /etc/quagga/ospfd.conf:
  49. ! ... the rest of ospfd.conf has been omitted for clarity ...
  50. !
  51. agentx
  52. !
  53. @end example
  54. Upon successful connection, you should get something like this in the
  55. log of each Quagga daemons:
  56. @example
  57. 2012/05/25 11:39:08 ZEBRA: snmp[info]: NET-SNMP version 5.4.3 AgentX subagent connected
  58. @end example
  59. Then, you can use the following command to check everything works as expected:
  60. @example
  61. # snmpwalk -c public -v1 localhost .1.3.6.1.2.1.14.1.1
  62. OSPF-MIB::ospfRouterId.0 = IpAddress: 192.168.42.109
  63. [...]
  64. @end example
  65. The AgentX protocol can be transported over a Unix socket or using TCP
  66. or UDP. It usually defaults to a Unix socket and depends on how NetSNMP
  67. was built. If need to configure Quagga to use another transport, you can
  68. configure it through @code{/etc/snmp/quagga.conf}:
  69. @example
  70. /etc/snmp/quagga.conf:
  71. [snmpd]
  72. # Use a remote master agent
  73. agentXSocket tcp:192.168.15.12:705
  74. @end example
  75. @node SMUX configuration
  76. @section SMUX configuration
  77. To enable SMUX protocol support, Quagga must have been build with the
  78. @code{--enable-snmp=smux} option.
  79. A separate connection has then to be established between the
  80. SNMP agent (snmpd) and each of the Quagga daemons. This connections
  81. each use different OID numbers and passwords. Be aware that this OID
  82. number is not the one that is used in queries by clients, it is solely
  83. used for the intercommunication of the daemons.
  84. In the following example the ospfd daemon will be connected to the
  85. snmpd daemon using the password "quagga_ospfd". For testing it is
  86. recommending to take exactly the below snmpd.conf as wrong access
  87. restrictions can be hard to debug.
  88. @example
  89. /etc/snmp/snmpd.conf:
  90. #
  91. # example access restrictions setup
  92. #
  93. com2sec readonly default public
  94. group MyROGroup v1 readonly
  95. view all included .1 80
  96. access MyROGroup "" any noauth exact all none none
  97. #
  98. # the following line is relevant for Quagga
  99. #
  100. smuxpeer .1.3.6.1.4.1.3317.1.2.5 quagga_ospfd
  101. /etc/quagga/ospf:
  102. ! ... the rest of ospfd.conf has been omitted for clarity ...
  103. !
  104. smux peer .1.3.6.1.4.1.3317.1.2.5 quagga_ospfd
  105. !
  106. @end example
  107. After restarting snmpd and quagga, a successful connection can be verified in
  108. the syslog and by querying the SNMP daemon:
  109. @example
  110. snmpd[12300]: [smux_accept] accepted fd 12 from 127.0.0.1:36255
  111. snmpd[12300]: accepted smux peer: \
  112. oid GNOME-PRODUCT-ZEBRA-MIB::ospfd, quagga-0.96.5
  113. # snmpwalk -c public -v1 localhost .1.3.6.1.2.1.14.1.1
  114. OSPF-MIB::ospfRouterId.0 = IpAddress: 192.168.42.109
  115. @end example
  116. Be warned that the current version (5.1.1) of the Net-SNMP daemon writes a line
  117. for every SNMP connect to the syslog which can lead to enormous log file sizes.
  118. If that is a problem you should consider to patch snmpd and comment out the
  119. troublesome @code{snmp_log()} line in the function
  120. @code{netsnmp_agent_check_packet()} in @code{agent/snmp_agent.c}.
  121. @node MIB and command reference
  122. @section MIB and command reference
  123. The following OID numbers are used for the interprocess communication of snmpd and
  124. the Quagga daemons with SMUX only.
  125. @example
  126. (OIDs below .iso.org.dod.internet.private.enterprises)
  127. zebra .1.3.6.1.4.1.3317.1.2.1 .gnome.gnomeProducts.zebra.zserv
  128. bgpd .1.3.6.1.4.1.3317.1.2.2 .gnome.gnomeProducts.zebra.bgpd
  129. ripd .1.3.6.1.4.1.3317.1.2.3 .gnome.gnomeProducts.zebra.ripd
  130. ospfd .1.3.6.1.4.1.3317.1.2.5 .gnome.gnomeProducts.zebra.ospfd
  131. ospf6d .1.3.6.1.4.1.3317.1.2.6 .gnome.gnomeProducts.zebra.ospf6d
  132. @end example
  133. Sadly, SNMP has not been implemented in all daemons yet. The following
  134. OID numbers are used for querying the SNMP daemon by a client:
  135. @example
  136. zebra .1.3.6.1.2.1.4.24 .iso.org.dot.internet.mgmt.mib-2.ip.ipForward
  137. ospfd .1.3.6.1.2.1.14 .iso.org.dot.internet.mgmt.mib-2.ospf
  138. bgpd .1.3.6.1.2.1.15 .iso.org.dot.internet.mgmt.mib-2.bgp
  139. ripd .1.3.6.1.2.1.23 .iso.org.dot.internet.mgmt.mib-2.rip2
  140. ospf6d .1.3.6.1.3.102 .iso.org.dod.internet.experimental.ospfv3
  141. @end example
  142. The following syntax is understood by the Quagga daemons for configuring SNMP using SMUX:
  143. @deffn {Command} {smux peer @var{oid}} {}
  144. @deffnx {Command} {no smux peer @var{oid}} {}
  145. @end deffn
  146. @deffn {Command} {smux peer @var{oid} @var{password}} {}
  147. @deffnx {Command} {no smux peer @var{oid} @var{password}} {}
  148. @end deffn
  149. Here is the syntax for using AgentX:
  150. @deffn {Command} {agentx} {}
  151. @deffnx {Command} {no agentx} {}
  152. @end deffn
  153. @include snmptrap.texi