[SNMP4J] Agent setup for V3 "set/get" requests and "inform" notifications

Mark Gorokhov mark.gorokhov at comtechmobile.com
Thu May 3 16:15:41 CEST 2007 

Frank,

The problem remains active without clean solution.

Let's take a bird eye view and see an agent as a black box. 
This agent has a single V3 user defined. 

Here is what we have:
- MIB Explorer works with the agent without any issues with 
SET/GET requests _or_ inform notifications. These operations
are mutually exclusive.

- MIB Explorer is able to configure the agent with "Discover 
Engine ID" action to work with SET/GET requests _and_ with 
inform notifications. This removes limitation "mutually exclusive"
described in previous statement.

The conclusion: snmp4j V3 agent is missing some functionality which
should allow it to work with SET/GET requests _and_ with inform 
notifications without "mutually exclusive" limitation or special 
settings from MIB Explorer.

Could be snmp4j agent fixed or my reasoning is not correct?

Thanks
Mark G.

-----Original Message-----
From: snmp4j-bounces at agentpp.org [mailto:snmp4j-bounces at agentpp.org] On
Behalf Of Mark Gorokhov
Sent: Monday, April 30, 2007 4:23 PM
To: Frank Fock
Cc: snmp4j at agentpp.org
Subject: RE: [SNMP4J] Agent setup for V3 "set/get" requests and "inform"
notifications

Frank,

Yes, the step (3) does the trick. It works as a workaround and
not as a clean solution. Let me explain why I feel that some
better way should be found:

- Agent restart breaks MIBExplorer-to-agent contract and requires
MIB Explorer user to repeat "Discover Engine ID" action. This
might be annoying if agent is restarted often. 

- Restarted agent leaves MIB Explorer user frustrated: agent is
not responding. Is this because of agent is dead or restarted?
This requires additional MIB Explorer user training.

- Not all MIB browsers have "Discover Engine ID" functionality.
Our SNMP gurus mentioned that EM7 and OpenView do not have it.
I'm using MIB Explorer for development only and have to ensure 
my code compatibility with other MIB browsers.

- Why usm.addUser(user.getSecurityName(), engineID, user) does 
not require MIB Explorer "Discover Engine ID" action for SET/GET
operation while usm.addUser(user.getSecurityName(), null, user)
does? This leads to a thought that "Discover Engine ID" action
could be avoided with proper SNMP4J support.

My findings in SNMP4J so far led me to UsmUserTable and 
UsmUserKey classes. The class UsmUserTable should allow 
coexistence of two entries:
    Entry-1: UsmUserKey[engineID=myappEngineID, userA]
    Entry-2: UsmUserKey[engineID=null, userA]
Entry-1 works for SET/GET requests by default implementation. 
Entry-2 will be initialized to browserEngineID while 
MIBExplorer-to-agent handshake for INFORM notifications. 
Agent restart will not break this contract (discovery) because 
each INFORM starts with handshake confirmation.

Is this approach reasonable to implement?

Thanks
Mark G.

-----Original Message-----
From: Frank Fock [mailto:fock at agentpp.com] 
Sent: Friday, April 27, 2007 4:22 PM
To: Mark Gorokhov
Cc: snmp4j at agentpp.org
Subject: Re: [SNMP4J] Agent setup for V3 "set/get" requests and "inform"
notifications

Hi Mark,

In order to use the same user for GET/SET from manager to agent and
INFORM requests from agent to manager with SNMP4J-Agent as
agent and MIB Explorer as manager, follow these steps:

(1) Add the user on the agent side without specifying an engine ID:
usm.addUser(user.getSecurityName(), null, user);
(2) Add the same user in MIB Explorer and check the "Principal"
flag to allow incoming SNMPv3 request (like INFORMs) on behalf
of that user.
(3) Add a SNMPv3 target with that user to MIB Explorer's config
and select the previously added user for it. After you have specified
the agent's address and port, execute "Discover Engine ID" from the
context menu to assign the agent's engine ID to that target.

I guess you missed step (3) and that caused MIB Explorer to look
into its own local cache of engine IDs and finds (only) its own engine
ID
associated with the user because of a previously received INFORM
request from the agent.

Hope this helps.

Best regards,
Frank

Mark Gorokhov wrote:
> I'm setting up a V3 agent for "set/get" requests and "inform"
> notifications for the same user.
> 
> Setting up an USM User by calling
>    usm.addUser(
>       user.getSecurityName(), 
>       usm.getLocalEngineID(), 
>       user);
> works for "set/get" requests but fails for "inform" notifications.
> 
> Setting up an USM User by calling
>    usm.addUser(
>       user.getSecurityName(), 
>       null, 
>       user);
> works for "inform" notifications but fails for "set/get" requests.
> 
> Attempt to add the same user twice with usm.getLocalEngineID() and
> "null" returns error -1406 for get-request: invalid engine ID
> 
> How to overcome this conflict? Could be the same user object reused
for
> V3 "set/get" requests and "inform" notifications?
> 
> Thanks,
> Mark G.

_______________________________________________
SNMP4J mailing list
SNMP4J at agentpp.org
http://lists.agentpp.org/mailman/listinfo/snmp4j

More information about the SNMP4J mailing list