summaryrefslogtreecommitdiffstats
path: root/doc/user/snmp.rst
blob: 1a24d56cb76ef01d22d1c801036883ab7ff907c6 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
.. _snmp-support:

************
SNMP Support
************

:abbr:`SNMP (Simple Network Managing Protocol)` is a widely implemented feature
for collecting network information from router and/or host. FRR itself does
not support SNMP agent (server daemon) functionality but is able to connect to
a SNMP agent using the SMUX protocol (:rfc:`1227`) or the AgentX protocol
(:rfc:`2741`) and make the routing protocol MIBs available through it.

Note that SNMP Support needs to be enabled at compile-time and loaded as module
on daemon startup. Refer to :ref:`loadable-module-support` on the latter.

.. _getting-and-installing-an-snmp-agent:

Getting and installing an SNMP agent
====================================

There are several SNMP agent which support SMUX or AgentX. We recommend to use
the latest version of `net-snmp` which was formerly known as `ucd-snmp`. It is
free and open software and available at `http://www.net-snmp.org/ <http://www.net-snmp.org/>`_
and as binary package for most Linux distributions. `net-snmp` has to be
compiled with `--with-mib-modules=agentx` to be able to accept connections from
FRR using AgentX protocol or with `--with-mib-modules=smux` to use SMUX
protocol.

Nowadays, SMUX is a legacy protocol. The AgentX protocol should be preferred
for any new deployment. Both protocols have the same coverage.

.. _agentx-configuration:

AgentX configuration
====================

.. program:: configure

To enable AgentX protocol support, FRR must have been build with the
:option:`--enable-snmp` or `--enable-snmp=agentx` option. Both the
master SNMP agent (snmpd) and each of the FRR daemons must be configured. In
:file:`/etc/snmp/snmpd.conf`, the ``master agentx`` directive should be added.
In each of the FRR daemons, ``agentx`` command will enable AgentX support.

:file:`/etc/snmp/snmpd.conf`:
   #
   # example access restrictions setup
   #
   com2sec readonly default public
   group MyROGroup v1 readonly
   view all included .1 80
   access MyROGroup "" any noauth exact all none none
   #
   # enable master agent for AgentX subagents
   #
   master agentx

:file:`/etc/frr/ospfd.conf:`

   .. code-block:: frr

      ! ... the rest of ospfd.conf has been omitted for clarity ...
      !
      agentx
      !


Upon successful connection, you should get something like this in the log of
each FRR daemons:

::

   2012/05/25 11:39:08 ZEBRA: snmp[info]: NET-SNMP version 5.4.3 AgentX subagent connected


Then, you can use the following command to check everything works as expected:

::

   # snmpwalk -c public -v1 localhost .1.3.6.1.2.1.14.1.1
   OSPF-MIB::ospfRouterId.0 = IpAddress: 192.168.42.109
   [...]


The AgentX protocol can be transported over a Unix socket or using TCP or UDP.
It usually defaults to a Unix socket and depends on how NetSNMP was built. If
need to configure FRR to use another transport, you can configure it through
:file:`/etc/snmp/frr.conf`:

::

   [snmpd]
   # Use a remote master agent
   agentXSocket tcp:192.168.15.12:705


.. _smux-configuration:

SMUX configuration
==================

To enable SMUX protocol support, FRR must have been build with the
:option:`--enable-snmp` option.

A separate connection has then to be established between the SNMP agent (snmpd)
and each of the FRR daemons. This connections each use different OID numbers
and passwords. Be aware that this OID number is not the one that is used in
queries by clients, it is solely used for the intercommunication of the
daemons.

In the following example the ospfd daemon will be connected to the snmpd daemon
using the password "frr_ospfd". For testing it is recommending to take exactly
the below snmpd.conf as wrong access restrictions can be hard to debug.

:file:`/etc/snmp/snmpd.conf`:
   #
   # example access restrictions setup
   #
   com2sec readonly default public
   group MyROGroup v1 readonly
   view all included .1 80
   access MyROGroup "" any noauth exact all none none
   #
   # the following line is relevant for FRR
   #
   smuxpeer .1.3.6.1.4.1.3317.1.2.5 frr_ospfd

:file:`/etc/frr/ospf`:
   ! ... the rest of ospfd.conf has been omitted for clarity ...
   !
   smux peer .1.3.6.1.4.1.3317.1.2.5 frr_ospfd
   !


After restarting snmpd and frr, a successful connection can be verified in the
syslog and by querying the SNMP daemon:

::

   snmpd[12300]: [smux_accept] accepted fd 12 from 127.0.0.1:36255
   snmpd[12300]: accepted smux peer: \\
      oid GNOME-PRODUCT-ZEBRA-MIB::ospfd, frr-0.96.5

   # snmpwalk -c public -v1 localhost .1.3.6.1.2.1.14.1.1
   OSPF-MIB::ospfRouterId.0 = IpAddress: 192.168.42.109


Be warned that the current version (5.1.1) of the Net-SNMP daemon writes a line
for every SNMP connect to the syslog which can lead to enormous log file sizes.
If that is a problem you should consider to patch snmpd and comment out the
troublesome `snmp_log()` line in the function `netsnmp_agent_check_packet()` in
`agent/snmp_agent.c`.

MIB and command reference
=========================

The following OID numbers are used for the interprocess communication of snmpd and
the FRR daemons with SMUX only.::

  .    (OIDs below .iso.org.dod.internet.private.enterprises)
  zebra	.1.3.6.1.4.1.3317.1.2.1 .gnome.gnomeProducts.zebra.zserv
  bgpd	.1.3.6.1.4.1.3317.1.2.2 .gnome.gnomeProducts.zebra.bgpd
  ripd	.1.3.6.1.4.1.3317.1.2.3 .gnome.gnomeProducts.zebra.ripd
  ospfd	.1.3.6.1.4.1.3317.1.2.5 .gnome.gnomeProducts.zebra.ospfd
  ospf6d	.1.3.6.1.4.1.3317.1.2.6 .gnome.gnomeProducts.zebra.ospf6d


Sadly, SNMP has not been implemented in all daemons yet. The following
OID numbers are used for querying the SNMP daemon by a client:::

  zebra	.1.3.6.1.2.1.4.24   .iso.org.dot.internet.mgmt.mib-2.ip.ipForward
  ospfd	.1.3.6.1.2.1.14	    .iso.org.dot.internet.mgmt.mib-2.ospf
  bgpd	.1.3.6.1.2.1.15	    .iso.org.dot.internet.mgmt.mib-2.bgp
  ripd	.1.3.6.1.2.1.23	    .iso.org.dot.internet.mgmt.mib-2.rip2
  ospf6d	.1.3.6.1.3.102	    .iso.org.dod.internet.experimental.ospfv3


The following syntax is understood by the FRR daemons for configuring SNMP
using SMUX:

.. index:: smux peer OID
.. clicmd:: smux peer OID
.. index:: no smux peer OID
.. clicmd:: no smux peer OID
.. index:: smux peer OID PASSWORD
.. clicmd:: smux peer OID PASSWORD
.. index:: no smux peer OID PASSWORD
.. clicmd:: no smux peer OID PASSWORD

Here is the syntax for using AgentX:

.. index:: agentx
.. clicmd:: agentx
.. index:: no agentx
.. clicmd:: no agentx


.. include:: snmptrap.rst