doc/user/snmp.rst

   1 .. _snmp-support:
   2
   3 ************
   4 SNMP Support
   5 ************
   6
   7 :abbr:`SNMP (Simple Network Managing Protocol)` is a widely implemented feature
   8 for collecting network information from router and/or host. FRR itself does
   9 not support SNMP agent (server daemon) functionality but is able to connect to
  10 a SNMP agent using the SMUX protocol (:rfc:`1227`) or the AgentX protocol
  11 (:rfc:`2741`) and make the routing protocol MIBs available through it.
  12
  13 Note that SNMP Support needs to be enabled at compile-time and loaded as module
  14 on daemon startup. Refer to :ref:`loadable-module-support` on the latter.
  15
  16 .. _getting-and-installing-an-snmp-agent:
  17
  18 Getting and installing an SNMP agent
  19 ====================================
  20
  21 There are several SNMP agent which support SMUX or AgentX. We recommend to use
  22 the latest version of `net-snmp` which was formerly known as `ucd-snmp`. It is
  23 free and open software and available at `http://www.net-snmp.org/ <http://www.net-snmp.org/>`_
  24 and as binary package for most Linux distributions. `net-snmp` has to be
  25 compiled with `--with-mib-modules=agentx` to be able to accept connections from
  26 FRR using AgentX protocol or with `--with-mib-modules=smux` to use SMUX
  27 protocol.
  28
  29 Nowadays, SMUX is a legacy protocol. The AgentX protocol should be preferred
  30 for any new deployment. Both protocols have the same coverage.
  31
  32 .. _agentx-configuration:
  33
  34 AgentX configuration
  35 ====================
  36
  37 .. program:: configure
  38
  39 To enable AgentX protocol support, FRR must have been build with the
  40 :option:`--enable-snmp` or `--enable-snmp=agentx` option. Both the
  41 master SNMP agent (snmpd) and each of the FRR daemons must be configured. In
  42 :file:`/etc/snmp/snmpd.conf`, the ``master agentx`` directive should be added.
  43 In each of the FRR daemons, ``agentx`` command will enable AgentX support.
  44
  45 ::
  46
  47    /etc/snmp/snmpd.conf:
  48       #
  49       # example access restrictions setup
  50       #
  51       com2sec readonly default public
  52       group MyROGroup v1 readonly
  53       view all included .1 80
  54       access MyROGroup "" any noauth exact all none none
  55       #
  56       # enable master agent for AgentX subagents
  57       #
  58       master agentx
  59
  60    /etc/frr/ospfd.conf:
  61       ! ... the rest of ospfd.conf has been omitted for clarity ...
  62       !
  63       agentx
  64       !
  65
  66
  67 Upon successful connection, you should get something like this in the log of
  68 each FRR daemons:
  69
  70 ::
  71
  72   2012/05/25 11:39:08 ZEBRA: snmp[info]: NET-SNMP version 5.4.3 AgentX subagent connected
  73
  74
  75 Then, you can use the following command to check everything works as expected:
  76
  77 ::
  78
  79   # snmpwalk -c public -v1 localhost .1.3.6.1.2.1.14.1.1
  80   OSPF-MIB::ospfRouterId.0 = IpAddress: 192.168.42.109
  81   [...]
  82
  83
  84 The AgentX protocol can be transported over a Unix socket or using TCP or UDP.
  85 It usually defaults to a Unix socket and depends on how NetSNMP was built. If
  86 need to configure FRR to use another transport, you can configure it through
  87 :file:`/etc/snmp/frr.conf`:
  88
  89 ::
  90
  91    /etc/snmp/frr.conf:
  92       [snmpd]
  93       # Use a remote master agent
  94       agentXSocket tcp:192.168.15.12:705
  95
  96
  97 .. _smux-configuration:
  98
  99 SMUX configuration
 100 ==================
 101
 102 To enable SMUX protocol support, FRR must have been build with the
 103 :option:`--enable-snmp` option.
 104
 105 A separate connection has then to be established between the SNMP agent (snmpd)
 106 and each of the FRR daemons. This connections each use different OID numbers
 107 and passwords. Be aware that this OID number is not the one that is used in
 108 queries by clients, it is solely used for the intercommunication of the
 109 daemons.
 110
 111 In the following example the ospfd daemon will be connected to the snmpd daemon
 112 using the password "frr_ospfd". For testing it is recommending to take exactly
 113 the below snmpd.conf as wrong access restrictions can be hard to debug.
 114
 115 ::
 116
 117    /etc/snmp/snmpd.conf:
 118       #
 119       # example access restrictions setup
 120       #
 121       com2sec readonly default public
 122       group MyROGroup v1 readonly
 123       view all included .1 80
 124       access MyROGroup "" any noauth exact all none none
 125       #
 126       # the following line is relevant for FRR
 127       #
 128       smuxpeer .1.3.6.1.4.1.3317.1.2.5 frr_ospfd
 129
 130    /etc/frr/ospf:
 131       ! ... the rest of ospfd.conf has been omitted for clarity ...
 132       !
 133       smux peer .1.3.6.1.4.1.3317.1.2.5 frr_ospfd
 134       !
 135
 136
 137 After restarting snmpd and frr, a successful connection can be verified in the
 138 syslog and by querying the SNMP daemon:
 139
 140 ::
 141
 142    snmpd[12300]: [smux_accept] accepted fd 12 from 127.0.0.1:36255
 143    snmpd[12300]: accepted smux peer: \\
 144       oid GNOME-PRODUCT-ZEBRA-MIB::ospfd, frr-0.96.5
 145
 146    # snmpwalk -c public -v1 localhost .1.3.6.1.2.1.14.1.1
 147    OSPF-MIB::ospfRouterId.0 = IpAddress: 192.168.42.109
 148
 149
 150 Be warned that the current version (5.1.1) of the Net-SNMP daemon writes a line
 151 for every SNMP connect to the syslog which can lead to enormous log file sizes.
 152 If that is a problem you should consider to patch snmpd and comment out the
 153 troublesome `snmp_log()` line in the function `netsnmp_agent_check_packet()` in
 154 `agent/snmp_agent.c`.
 155
 156 MIB and command reference
 157 =========================
 158
 159 The following OID numbers are used for the interprocess communication of snmpd and
 160 the FRR daemons with SMUX only.::
 161
 162   .    (OIDs below .iso.org.dod.internet.private.enterprises)
 163   zebra .1.3.6.1.4.1.3317.1.2.1 .gnome.gnomeProducts.zebra.zserv
 164   bgpd  .1.3.6.1.4.1.3317.1.2.2 .gnome.gnomeProducts.zebra.bgpd
 165   ripd  .1.3.6.1.4.1.3317.1.2.3 .gnome.gnomeProducts.zebra.ripd
 166   ospfd .1.3.6.1.4.1.3317.1.2.5 .gnome.gnomeProducts.zebra.ospfd
 167   ospf6d        .1.3.6.1.4.1.3317.1.2.6 .gnome.gnomeProducts.zebra.ospf6d
 168
 169
 170 Sadly, SNMP has not been implemented in all daemons yet. The following
 171 OID numbers are used for querying the SNMP daemon by a client:::
 172
 173   zebra .1.3.6.1.2.1.4.24   .iso.org.dot.internet.mgmt.mib-2.ip.ipForward
 174   ospfd .1.3.6.1.2.1.14     .iso.org.dot.internet.mgmt.mib-2.ospf
 175   bgpd  .1.3.6.1.2.1.15     .iso.org.dot.internet.mgmt.mib-2.bgp
 176   ripd  .1.3.6.1.2.1.23     .iso.org.dot.internet.mgmt.mib-2.rip2
 177   ospf6d        .1.3.6.1.3.102      .iso.org.dod.internet.experimental.ospfv3
 178
 179
 180 The following syntax is understood by the FRR daemons for configuring SNMP
 181 using SMUX:
 182
 183 .. index:: smux peer OID
 184 .. clicmd:: smux peer OID
 185 .. index:: no smux peer OID
 186 .. clicmd:: no smux peer OID
 187 .. index:: smux peer OID PASSWORD
 188 .. clicmd:: smux peer OID PASSWORD
 189 .. index:: no smux peer OID PASSWORD
 190 .. clicmd:: no smux peer OID PASSWORD
 191
 192 Here is the syntax for using AgentX:
 193
 194 .. index:: agentx
 195 .. clicmd:: agentx
 196 .. index:: no agentx
 197 .. clicmd:: no agentx
 198
 199
 200 .. include:: snmptrap.rst