[mirror_frr.git] / doc / snmp.texi

@node SNMP Support
@chapter SNMP Support

@acronym{SNMP,Simple Network Managing Protocol} is a widely implemented
feature for collecting network information from router and/or host.
Quagga itself does not support SNMP agent (server daemon) functionality
but is able to connect to a SNMP agent using the SMUX protocol
(@cite{RFC1227}) or the AgentX protocol (@cite{RFC2741}) and make the
routing protocol MIBs available through it.

@menu
* Getting and installing an SNMP agent::
* AgentX configuration::
* SMUX configuration::
* MIB and command reference::
* Handling SNMP Traps::
@end menu

@node Getting and installing an SNMP agent
@section Getting and installing an SNMP agent

There are several SNMP agent which support SMUX or AgentX. We recommend to use the latest
version of @code{net-snmp} which was formerly known as @code{ucd-snmp}.
It is free and open software and available at @uref{http://www.net-snmp.org/}
and as binary package for most Linux distributions.
@code{net-snmp} has to be compiled with @code{--with-mib-modules=agentx} to
be able to accept connections from Quagga using AgentX protocol or with
@code{--with-mib-modules=smux} to use SMUX protocol.

Nowadays, SMUX is a legacy protocol. The AgentX protocol should be
preferred for any new deployment. Both protocols have the same coverage.

@node AgentX configuration
@section AgentX configuration

To enable AgentX protocol support, Quagga must have been build with the
@code{--enable-snmp} or @code{--enable-snmp=agentx} option. Both the
master SNMP agent (snmpd) and each of the Quagga daemons must be
configured. In @code{/etc/snmp/snmpd.conf}, @code{master agentx}
directive should be added. In each of the Quagga daemons, @code{agentx}
command will enable AgentX support.

@example
/etc/snmp/snmpd.conf:
	#
	# example access restrictions setup
	#
	com2sec readonly default public
	group MyROGroup v1 readonly
	view all included .1 80
	access MyROGroup "" any noauth exact all none none
	#
	# enable master agent for AgentX subagents
	#
	master agentx

/etc/quagga/ospfd.conf:
	! ... the rest of ospfd.conf has been omitted for clarity ...
	!
	agentx
	!
@end example

Upon successful connection, you should get something like this in the
log of each Quagga daemons:

@example
2012/05/25 11:39:08 ZEBRA: snmp[info]: NET-SNMP version 5.4.3 AgentX subagent connected
@end example

Then, you can use the following command to check everything works as expected:

@example
# snmpwalk -c public -v1 localhost .1.3.6.1.2.1.14.1.1
OSPF-MIB::ospfRouterId.0 = IpAddress: 192.168.42.109
[...]
@end example

The AgentX protocol can be transported over a Unix socket or using TCP
or UDP. It usually defaults to a Unix socket and depends on how NetSNMP
was built. If need to configure Quagga to use another transport, you can
configure it through @code{/etc/snmp/quagga.conf}:

@example
/etc/snmp/quagga.conf:
	[snmpd]
	# Use a remote master agent
	agentXSocket tcp:192.168.15.12:705
@end example

@node SMUX configuration
@section SMUX configuration

To enable SMUX protocol support, Quagga must have been build with the
@code{--enable-snmp=smux} option.

A separate connection has then to be established between the
SNMP agent (snmpd) and each of the Quagga daemons. This connections
each use different OID numbers and passwords. Be aware that this OID
number is not the one that is used in queries by clients, it is solely
used for the intercommunication of the daemons.

In the following example the ospfd daemon will be connected to the
snmpd daemon using the password "quagga_ospfd". For testing it is
recommending to take exactly the below snmpd.conf as wrong access
restrictions can be hard to debug.

@example
/etc/snmp/snmpd.conf:
	#
	# example access restrictions setup
	#
	com2sec readonly default public
	group MyROGroup v1 readonly
	view all included .1 80
	access MyROGroup "" any noauth exact all none none
	#
	# the following line is relevant for Quagga
	#
	smuxpeer .1.3.6.1.4.1.3317.1.2.5 quagga_ospfd

/etc/quagga/ospf:
	! ... the rest of ospfd.conf has been omitted for clarity ...
	!
	smux peer .1.3.6.1.4.1.3317.1.2.5 quagga_ospfd
	!
@end example

After restarting snmpd and quagga, a successful connection can be verified in
the syslog and by querying the SNMP daemon:

@example
snmpd[12300]: [smux_accept] accepted fd 12 from 127.0.0.1:36255 
snmpd[12300]: accepted smux peer: \
	oid GNOME-PRODUCT-ZEBRA-MIB::ospfd, quagga-0.96.5

# snmpwalk -c public -v1 localhost .1.3.6.1.2.1.14.1.1
OSPF-MIB::ospfRouterId.0 = IpAddress: 192.168.42.109
@end example

Be warned that the current version (5.1.1) of the Net-SNMP daemon writes a line
for every SNMP connect to the syslog which can lead to enormous log file sizes.
If that is a problem you should consider to patch snmpd and comment out the
troublesome @code{snmp_log()} line in the function
@code{netsnmp_agent_check_packet()} in @code{agent/snmp_agent.c}.

@node MIB and command reference
@section MIB and command reference

The following OID numbers are used for the interprocess communication of snmpd and
the Quagga daemons with SMUX only.
@example
            (OIDs below .iso.org.dod.internet.private.enterprises)
zebra	.1.3.6.1.4.1.3317.1.2.1 .gnome.gnomeProducts.zebra.zserv
bgpd	.1.3.6.1.4.1.3317.1.2.2 .gnome.gnomeProducts.zebra.bgpd
ripd	.1.3.6.1.4.1.3317.1.2.3 .gnome.gnomeProducts.zebra.ripd
ospfd	.1.3.6.1.4.1.3317.1.2.5 .gnome.gnomeProducts.zebra.ospfd
ospf6d	.1.3.6.1.4.1.3317.1.2.6 .gnome.gnomeProducts.zebra.ospf6d
@end example

Sadly, SNMP has not been implemented in all daemons yet. The following
OID numbers are used for querying the SNMP daemon by a client:
@example
zebra	.1.3.6.1.2.1.4.24   .iso.org.dot.internet.mgmt.mib-2.ip.ipForward
ospfd	.1.3.6.1.2.1.14	    .iso.org.dot.internet.mgmt.mib-2.ospf
bgpd	.1.3.6.1.2.1.15	    .iso.org.dot.internet.mgmt.mib-2.bgp 
ripd	.1.3.6.1.2.1.23	    .iso.org.dot.internet.mgmt.mib-2.rip2
ospf6d	.1.3.6.1.3.102	    .iso.org.dod.internet.experimental.ospfv3
@end example

The following syntax is understood by the Quagga daemons for configuring SNMP using SMUX:
@deffn {Command} {smux peer @var{oid}} {}
@deffnx {Command} {no smux peer @var{oid}} {}
@end deffn

@deffn {Command} {smux peer @var{oid} @var{password}} {}
@deffnx {Command} {no smux peer @var{oid} @var{password}} {}
@end deffn

Here is the syntax for using AgentX:
@deffn {Command} {agentx} {}
@deffnx {Command} {no agentx} {}
@end deffn

@include snmptrap.texi
Commit	Line	Data
76b89b4a	1	@node SNMP Support
718e3744	2	@chapter SNMP Support
718e3744	3
a3957e38	4	@acronym{SNMP,Simple Network Managing Protocol} is a widely implemented
	5	feature for collecting network information from router and/or host.
	6	Quagga itself does not support SNMP agent (server daemon) functionality
	7	but is able to connect to a SNMP agent using the SMUX protocol
0ff4b9c9 VB	8	(@cite{RFC1227}) or the AgentX protocol (@cite{RFC2741}) and make the
0ff4b9c9 VB	9	routing protocol MIBs available through it.
718e3744	10
718e3744	11	@menu
d191eba1	12	* Getting and installing an SNMP agent::
0ff4b9c9	13	* AgentX configuration::
d191eba1	14	* SMUX configuration::
d191eba1	15	* MIB and command reference::
a3957e38	16	* Handling SNMP Traps::
718e3744	17	@end menu
718e3744	18
76b89b4a	19	@node Getting and installing an SNMP agent
d191eba1	20	@section Getting and installing an SNMP agent
d191eba1	21
0ff4b9c9	22	There are several SNMP agent which support SMUX or AgentX. We recommend to use the latest
d191eba1	23	version of @code{net-snmp} which was formerly known as @code{ucd-snmp}.
76b89b4a	24	It is free and open software and available at @uref{http://www.net-snmp.org/}
d191eba1	25	and as binary package for most Linux distributions.
0ff4b9c9 VB	26	@code{net-snmp} has to be compiled with @code{--with-mib-modules=agentx} to
	27	be able to accept connections from Quagga using AgentX protocol or with
	28	@code{--with-mib-modules=smux} to use SMUX protocol.
	29
	30	Nowadays, SMUX is a legacy protocol. The AgentX protocol should be
	31	preferred for any new deployment. Both protocols have the same coverage.
	32
	33	@node AgentX configuration
	34	@section AgentX configuration
	35
	36	To enable AgentX protocol support, Quagga must have been build with the
	37	@code{--enable-snmp} or @code{--enable-snmp=agentx} option. Both the
	38	master SNMP agent (snmpd) and each of the Quagga daemons must be
	39	configured. In @code{/etc/snmp/snmpd.conf}, @code{master agentx}
	40	directive should be added. In each of the Quagga daemons, @code{agentx}
	41	command will enable AgentX support.
	42
	43	@example
	44	/etc/snmp/snmpd.conf:
	45	#
	46	# example access restrictions setup
	47	#
	48	com2sec readonly default public
	49	group MyROGroup v1 readonly
	50	view all included .1 80
	51	access MyROGroup "" any noauth exact all none none
	52	#
	53	# enable master agent for AgentX subagents
	54	#
	55	master agentx
	56
	57	/etc/quagga/ospfd.conf:
	58	! ... the rest of ospfd.conf has been omitted for clarity ...
	59	!
	60	agentx
	61	!
	62	@end example
	63
	64	Upon successful connection, you should get something like this in the
	65	log of each Quagga daemons:
	66
	67	@example
	68	2012/05/25 11:39:08 ZEBRA: snmp[info]: NET-SNMP version 5.4.3 AgentX subagent connected
	69	@end example
	70
	71	Then, you can use the following command to check everything works as expected:
	72
	73	@example
	74	# snmpwalk -c public -v1 localhost .1.3.6.1.2.1.14.1.1
	75	OSPF-MIB::ospfRouterId.0 = IpAddress: 192.168.42.109
	76	[...]
	77	@end example
	78
	79	The AgentX protocol can be transported over a Unix socket or using TCP
	80	or UDP. It usually defaults to a Unix socket and depends on how NetSNMP
	81	was built. If need to configure Quagga to use another transport, you can
	82	configure it through @code{/etc/snmp/quagga.conf}:
	83
	84	@example
	85	/etc/snmp/quagga.conf:
	86	[snmpd]
	87	# Use a remote master agent
	88	agentXSocket tcp:192.168.15.12:705
	89	@end example
d191eba1	90
76b89b4a	91	@node SMUX configuration
d191eba1	92	@section SMUX configuration
718e3744	93
d191eba1	94	To enable SMUX protocol support, Quagga must have been build with the
0ff4b9c9	95	@code{--enable-snmp=smux} option.
718e3744	96
0ff4b9c9	97	A separate connection has then to be established between the
a3957e38	98	SNMP agent (snmpd) and each of the Quagga daemons. This connections
	99	each use different OID numbers and passwords. Be aware that this OID
	100	number is not the one that is used in queries by clients, it is solely
	101	used for the intercommunication of the daemons.
718e3744	102
a3957e38	103	In the following example the ospfd daemon will be connected to the
	104	snmpd daemon using the password "quagga_ospfd". For testing it is
	105	recommending to take exactly the below snmpd.conf as wrong access
	106	restrictions can be hard to debug.
718e3744	107
718e3744	108	@example
d191eba1	109	/etc/snmp/snmpd.conf:
	110	#
	111	# example access restrictions setup
	112	#
	113	com2sec readonly default public
	114	group MyROGroup v1 readonly
	115	view all included .1 80
	116	access MyROGroup "" any noauth exact all none none
	117	#
	118	# the following line is relevant for Quagga
	119	#
	120	smuxpeer .1.3.6.1.4.1.3317.1.2.5 quagga_ospfd
	121
	122	/etc/quagga/ospf:
	123	! ... the rest of ospfd.conf has been omitted for clarity ...
	124	!
	125	smux peer .1.3.6.1.4.1.3317.1.2.5 quagga_ospfd
	126	!
718e3744	127	@end example
718e3744	128
d191eba1	129	After restarting snmpd and quagga, a successful connection can be verified in
	130	the syslog and by querying the SNMP daemon:
	131
718e3744	132	@example
d191eba1	133	snmpd[12300]: [smux_accept] accepted fd 12 from 127.0.0.1:36255
	134	snmpd[12300]: accepted smux peer: \
	135	oid GNOME-PRODUCT-ZEBRA-MIB::ospfd, quagga-0.96.5
	136
	137	# snmpwalk -c public -v1 localhost .1.3.6.1.2.1.14.1.1
	138	OSPF-MIB::ospfRouterId.0 = IpAddress: 192.168.42.109
718e3744	139	@end example
718e3744	140
d191eba1	141	Be warned that the current version (5.1.1) of the Net-SNMP daemon writes a line
	142	for every SNMP connect to the syslog which can lead to enormous log file sizes.
	143	If that is a problem you should consider to patch snmpd and comment out the
	144	troublesome @code{snmp_log()} line in the function
	145	@code{netsnmp_agent_check_packet()} in @code{agent/snmp_agent.c}.
	146
76b89b4a	147	@node MIB and command reference
d191eba1	148	@section MIB and command reference
	149
	150	The following OID numbers are used for the interprocess communication of snmpd and
0ff4b9c9	151	the Quagga daemons with SMUX only.
d191eba1	152	@example
d191eba1	153	(OIDs below .iso.org.dod.internet.private.enterprises)
54aa6b2d	154	zebra .1.3.6.1.4.1.3317.1.2.1 .gnome.gnomeProducts.zebra.zserv
	155	bgpd .1.3.6.1.4.1.3317.1.2.2 .gnome.gnomeProducts.zebra.bgpd
	156	ripd .1.3.6.1.4.1.3317.1.2.3 .gnome.gnomeProducts.zebra.ripd
	157	ospfd .1.3.6.1.4.1.3317.1.2.5 .gnome.gnomeProducts.zebra.ospfd
	158	ospf6d .1.3.6.1.4.1.3317.1.2.6 .gnome.gnomeProducts.zebra.ospf6d
d191eba1	159	@end example
718e3744	160
0ff4b9c9 VB	161	Sadly, SNMP has not been implemented in all daemons yet. The following
0ff4b9c9 VB	162	OID numbers are used for querying the SNMP daemon by a client:
d191eba1	163	@example
54aa6b2d	164	zebra .1.3.6.1.2.1.4.24 .iso.org.dot.internet.mgmt.mib-2.ip.ipForward
	165	ospfd .1.3.6.1.2.1.14 .iso.org.dot.internet.mgmt.mib-2.ospf
	166	bgpd .1.3.6.1.2.1.15 .iso.org.dot.internet.mgmt.mib-2.bgp
	167	ripd .1.3.6.1.2.1.23 .iso.org.dot.internet.mgmt.mib-2.rip2
	168	ospf6d .1.3.6.1.3.102 .iso.org.dod.internet.experimental.ospfv3
d191eba1	169	@end example
718e3744	170
0ff4b9c9	171	The following syntax is understood by the Quagga daemons for configuring SNMP using SMUX:
718e3744	172	@deffn {Command} {smux peer @var{oid}} {}
	173	@deffnx {Command} {no smux peer @var{oid}} {}
	174	@end deffn
	175
	176	@deffn {Command} {smux peer @var{oid} @var{password}} {}
	177	@deffnx {Command} {no smux peer @var{oid} @var{password}} {}
	178	@end deffn
a3957e38	179
0ff4b9c9 VB	180	Here is the syntax for using AgentX:
	181	@deffn {Command} {agentx} {}
	182	@deffnx {Command} {no agentx} {}
	183	@end deffn
	184
a3957e38	185	@include snmptrap.texi