[AGENT++] SNMP++ library suddenly giving SNMPException: SNMPv3: USM: Unknown SecurityName

Thuse, Saurabh Saurabh_Thuse at bmc.com
Fri Feb 22 11:12:24 CET 2019 

Hi Team,

We are using SNMP++ library in our product where we scan multiple devices at the same time (using multi-threading). For scanning we are using SNMPV3 to get details of each device.

I am seeing issue for Cisco ARS devices while using SNMPV3, SNMP++ library is able to get details like device SysobjectID and Sysdescription, however whenever we try to access IF-MIB table of MIB-2 then we suddenly get SNMPException: SNMPv3: USM: Unknown SecurityName from library.

On all devices there is same user created with same authentication and privacy passwords.

For test I started scanning 8 devices simultaneously, and found that randomly 2-3 devices fails with above exception.

Some log snippets where we do get initial data:

DEBUG:  10.x.x.x: get 1.3.6.1.2.1.1.1.0, 1.3.6.1.2.1.1.2.0
DEBUG:  10.x.x.x: GET via SNMP++: OIDs = 1.3.6.1.2.1.1.1.0, 1.3.6.1.2.1.1.2.0
DEBUG: identifyDevice:  10.x.x.x: Got sysObjectID=1.3.6.1.4.1.9.1.1017
DEBUG:  10.x.x.x: getDeviceInfo(): execute queries
DEBUG:  10.x.x.x: getDeviceInfo(): query scalars
DEBUG:  10.x.x.x: getDeviceInfo(): value for CISCO-STACK-MIB::chassisSerialNumberString is lazy
DEBUG:  10.x.x.x: getDeviceInfo(): value for OLD-CISCO-CHASSIS-MIB::chassisId is lazy
DEBUG:  10.x.x.x: getDeviceInfo(): have 8 scalars to query
DEBUG:  10.x.x.x: get 1.3.6.1.2.1.1.1.0, 1.3.6.1.2.1.1.2.0, 1.3.6.1.2.1.1.4.0, 1.3.6.1.2.1.1.5.0, 1.3.6.1.2.1.1.6.0, 1.3.6.1.4.1.9.9.23.1.3.4.0, 1.3.6.1.4.1.9.9.25.1.1.1.2.5, 1.3.6.1.4.1.9.9.25.1.1.1.2.7
DEBUG:  10.x.x.x: GET via SNMP++: OIDs = 1.3.6.1.2.1.1.1.0, 1.3.6.1.2.1.1.2.0, 1.3.6.1.2.1.1.4.0, 1.3.6.1.2.1.1.5.0, 1.3.6.1.2.1.1.6.0, 1.3.6.1.4.1.9.9.23.1.3.4.0, 1.3.6.1.4.1.9.9.25.1.1.1.2.5, 1.3.6.1.4.1.9.9.25.1.1.1.2.7
DEBUG:  10.x.x.x: getDeviceInfo(): got 10 scalar values
DEBUG:  10.x.x.x: getDeviceInfo(): query tables
DEBUG:  10.x.x.x: getDeviceInfo(): have 3 tables to query
DEBUG:  10.x.x.x: getTable 1.3.6.1.2.1.47.1.1.1.1, columns .2, .3, .4, .5, .6, .7, .10, .11, .12, .13
DEBUG:  10.x.x.x: getTable: Using GETNEXT
DEBUG:  10.x.x.x: GETNEXT WALK via SNMP++: OIDs = 1.3.6.1.2.1.47.1.1.1.1.2, 1.3.6.1.2.1.47.1.1.1.1.3, 1.3.6.1.2.1.47.1.1.1.1.4, 1.3.6.1.2.1.47.1.1.1.1.5, 1.3.6.1.2.1.47.1.1.1.1.6, 1.3.6.1.2.1.47.1.1.1.1.7, 1.3.6.1.2.1.47.1.1.1.1.10, 1.3.6.1.2.1.47.1.1.1.1.11, 1.3.6.1.2.1.47.1.1.1.1.12, 1.3.6.1.2.1.47.1.1.1.1.13
DEBUG:  10.x.x.x: getDeviceInfo(): process data
DEBUG:  10.x.x.x: getDeviceInfo(): have data for sysname
DEBUG:  10.x.x.x: getDeviceInfo(): have data for sysobjectid
DEBUG:  10.x.x.x: getDeviceInfo(): have data for syslocation
DEBUG:  10.x.x.x: getDeviceInfo(): have data for cdpdeviceid
DEBUG:  10.x.x.x: getDeviceInfo(): no value for ciscoImageOsVersion
DEBUG:  10.x.x.x: getDeviceInfo(): no value for ciscoImageSysDescr
DEBUG:  10.x.x.x: getDeviceInfo(): have data for sysdescr
DEBUG:  10.x.x.x: getDeviceInfo(): classify 'Cisco IOS XR Software (Cisco ASR9K Series),  Version 5.1.3[Default]
DEBUG:  10.x.x.x: get 1.3.6.1.4.1.9.5.1.2.19.0
DEBUG:  10.x.x.x: GET via SNMP++: OIDs = 1.3.6.1.4.1.9.5.1.2.19.0
DEBUG:  10.x.x.x: get 1.3.6.1.4.1.9.10.43.1.1.1.0
DEBUG:  10.x.x.x: GET via SNMP++: OIDs = 1.3.6.1.4.1.9.10.43.1.1.1.0
DEBUG:  10.x.x.x: get 1.3.6.1.4.1.9.3.6.3.0
DEBUG:  10.x.x.x: GET via SNMP++: OIDs = 1.3.6.1.4.1.9.3.6.3.0
DEBUG:  10.x.x.x: getDeviceInfo(): post process data
DEBUG:  10.x.x.x: getDeviceInfo(): remove transient values
INFO: finished NetworkDevice_i::getDeviceInfo() for  10.x.x.x

Till this point we are getting data correct. But after this when we query If-MIB then suddenly we get above exception.

INFO: NetworkDevice_i::getMACAddresses() for  10.x.x.x
DEBUG:  10.x.x.x: CiscoRouter::getMACAddresses()
DEBUG:  10.x.x.x: getMACAddresses(): Try pool
DEBUG:  10.x.x.x: getMACAddresses(): execute queries
DEBUG:  10.x.x.x: getMACAddresses(): query scalars
DEBUG:  10.x.x.x: getMACAddresses(): have 1 scalars to query
DEBUG:  10.x.x.x: get 1.3.6.1.2.1.17.1.1.0
DEBUG:  10.x.x.x: GET via SNMP++: OIDs = 1.3.6.1.2.1.17.1.1.0
DEBUG:  10.x.x.x: getMACAddresses(): got 1 scalar values
DEBUG:  10.x.x.x: getMACAddresses(): query tables
DEBUG:  10.x.x.x: getMACAddresses(): have 1 tables to query
DEBUG:  10.x.x.x: getTable 1.3.6.1.2.1.2.2.1, columns .1, .2, .3, .5, .6, .8, .22
DEBUG:  10.x.x.x: getTable: Using GETNEXT
DEBUG:  10.x.x.x: GETNEXT WALK via SNMP++: OIDs = 1.3.6.1.2.1.2.2.1.1, 1.3.6.1.2.1.2.2.1.2, 1.3.6.1.2.1.2.2.1.3, 1.3.6.1.2.1.2.2.1.5, 1.3.6.1.2.1.2.2.1.6, 1.3.6.1.2.1.2.2.1.8, 1.3.6.1.2.1.2.2.1.22
DEBUG:  10.x.x.x: getMACAddresses(): IF-MIB::ifEntry
DEBUG:  10.x.x.x: getMACAddresses(): queries failed: SNMPv3: USM: Unknown SecurityName
DEBUG: NetworkDevice_i::getMACAddresses() for  10.x.x.x - Expected exception raised (this is for tracing purposes only)
Traceback (most recent call last):
  File "./device.py", line 143, in callProxy
  File "network.py", line 940, in getMACAddresses
  File "network.py", line 289, in executeMethod
  File engine.py", line 562, in execute
NoAccessMethod: DiscoveryCORBA.NoAccessMethod(meta=DiscoveryCORBA.MetaData(data=[ModelCORBA.KeyValuePair(key='method_failure_list', value=CORBA.Any(orb.create_sequence_tc(bound=0, element_type=orb.create_sequence_tc(bound=0, element_type=CORBA.TC_any)), [[CORBA.Any(CORBA.TC_string, 'getMACAddresses'), CORBA.Any(CORBA.TC_string, 'SNMPv3: USM: Unknown SecurityName'), CORBA.Any(CORBA.TC_string, 'SNMP v3'), CORBA.Any(CORBA.TC_null, None), CORBA.Any(CORBA.TC_null, None), CORBA.Any(CORBA.TC_null, None)]])), ModelCORBA.KeyValuePair(key='access_results', value=CORBA.Any(orb.create_sequence_tc(bound=0, element_type=CORBA.TC_any), [])), ModelCORBA.KeyValuePair(key='processing_messages', value=CORBA.Any(orb.create_sequence_tc(bound=0, element_type=CORBA.TC_any), [])), ModelCORBA.KeyValuePair(key='cmd_status', value=CORBA.Any(orb.create_sequence_tc(bound=0, element_type=CORBA.TC_any), []))]))

I don't understand why suddenly SNMP++ library gets Unknown SecurityName even though previously it has got data using same credentials.

My initial understanding is, because we are scanning devices concurrently, is it a case that SNMP++ library somehow mixing up session of other device with this device as they all have same user and passwords? Is it a known defect? I also don't know if this is coming from device agent directly or internal to SNMP++. I tried looking into packet captures but as they are encrypted can't really say on that side.

Note : When we are getting above, if I scan failed device individually then we get data correctly without any exception. So issue is only when simultaneous scans are going for devices.

Please provide help to understand where is the issue.

Thanks,
Saurabh Thuse

More information about the AGENTPP mailing list