[SNMP4J] Agent setup for V3 "set/get" requests and "inform" notifications

Mark Gorokhov mark.gorokhov at comtechmobile.com
Mon May 7 22:00:34 CEST 2007 

Thanks. It works now.

Mark G.

-----Original Message-----
From: Frank Fock [mailto:fock at agentpp.com] 
Sent: Thursday, May 03, 2007 6:00 PM
To: Mark Gorokhov
Cc: snmp4j at agentpp.org
Subject: Re: [SNMP4J] Agent setup for V3 "set/get" requests and "inform"
notifications

Mark,

I have investigated this issue now in detail. The
problem occurs, when the agent sends its inform
message with the same address and port as it listens
for SNMP requests (this is the default for
SNMP4J-Agent). In this case, MIB Explorer's engine ID
cache contains an entry with its own engine ID
after it has received an inform request from an agent.

This behavior is false. Since MIB Explorer is based
on SNMP4J, the bug is contained in SNMP4J, in particular
in MPv3. SNMP4J version 1.8.2 will fix this bug.

A new MIB Explorer version will be available at least
on Monday 7th May.

Best regards,
Frank

Mark Gorokhov wrote:
> Frank,
> 
> The problem remains active without clean solution.
> 
> Let's take a bird eye view and see an agent as a black box. 
> This agent has a single V3 user defined. 
> 
> Here is what we have:
> - MIB Explorer works with the agent without any issues with 
> SET/GET requests _or_ inform notifications. These operations
> are mutually exclusive.
> 
> - MIB Explorer is able to configure the agent with "Discover 
> Engine ID" action to work with SET/GET requests _and_ with 
> inform notifications. This removes limitation "mutually exclusive"
> described in previous statement.
> 
> The conclusion: snmp4j V3 agent is missing some functionality which
> should allow it to work with SET/GET requests _and_ with inform 
> notifications without "mutually exclusive" limitation or special 
> settings from MIB Explorer.
> 
> Could be snmp4j agent fixed or my reasoning is not correct?
> 
> Thanks
> Mark G.
> 
> -----Original Message-----
> From: snmp4j-bounces at agentpp.org [mailto:snmp4j-bounces at agentpp.org]
On
> Behalf Of Mark Gorokhov
> Sent: Monday, April 30, 2007 4:23 PM
> To: Frank Fock
> Cc: snmp4j at agentpp.org
> Subject: RE: [SNMP4J] Agent setup for V3 "set/get" requests and
"inform"
> notifications
> 
> Frank,
> 
> Yes, the step (3) does the trick. It works as a workaround and
> not as a clean solution. Let me explain why I feel that some
> better way should be found:
> 
> - Agent restart breaks MIBExplorer-to-agent contract and requires
> MIB Explorer user to repeat "Discover Engine ID" action. This
> might be annoying if agent is restarted often. 
> 
> - Restarted agent leaves MIB Explorer user frustrated: agent is
> not responding. Is this because of agent is dead or restarted?
> This requires additional MIB Explorer user training.
> 
> - Not all MIB browsers have "Discover Engine ID" functionality.
> Our SNMP gurus mentioned that EM7 and OpenView do not have it.
> I'm using MIB Explorer for development only and have to ensure 
> my code compatibility with other MIB browsers.
> 
> - Why usm.addUser(user.getSecurityName(), engineID, user) does 
> not require MIB Explorer "Discover Engine ID" action for SET/GET
> operation while usm.addUser(user.getSecurityName(), null, user)
> does? This leads to a thought that "Discover Engine ID" action
> could be avoided with proper SNMP4J support.
> 
> My findings in SNMP4J so far led me to UsmUserTable and 
> UsmUserKey classes. The class UsmUserTable should allow 
> coexistence of two entries:
>     Entry-1: UsmUserKey[engineID=myappEngineID, userA]
>     Entry-2: UsmUserKey[engineID=null, userA]
> Entry-1 works for SET/GET requests by default implementation. 
> Entry-2 will be initialized to browserEngineID while 
> MIBExplorer-to-agent handshake for INFORM notifications. 
> Agent restart will not break this contract (discovery) because 
> each INFORM starts with handshake confirmation.
> 
> Is this approach reasonable to implement?
> 
> Thanks
> Mark G.
> 
> -----Original Message-----
> From: Frank Fock [mailto:fock at agentpp.com] 
> Sent: Friday, April 27, 2007 4:22 PM
> To: Mark Gorokhov
> Cc: snmp4j at agentpp.org
> Subject: Re: [SNMP4J] Agent setup for V3 "set/get" requests and
"inform"
> notifications
> 
> Hi Mark,
> 
> In order to use the same user for GET/SET from manager to agent and
> INFORM requests from agent to manager with SNMP4J-Agent as
> agent and MIB Explorer as manager, follow these steps:
> 
> (1) Add the user on the agent side without specifying an engine ID:
> usm.addUser(user.getSecurityName(), null, user);
> (2) Add the same user in MIB Explorer and check the "Principal"
> flag to allow incoming SNMPv3 request (like INFORMs) on behalf
> of that user.
> (3) Add a SNMPv3 target with that user to MIB Explorer's config
> and select the previously added user for it. After you have specified
> the agent's address and port, execute "Discover Engine ID" from the
> context menu to assign the agent's engine ID to that target.
> 
> I guess you missed step (3) and that caused MIB Explorer to look
> into its own local cache of engine IDs and finds (only) its own engine
> ID
> associated with the user because of a previously received INFORM
> request from the agent.
> 
> Hope this helps.
> 
> Best regards,
> Frank
> 
> Mark Gorokhov wrote:
>> I'm setting up a V3 agent for "set/get" requests and "inform"
>> notifications for the same user.
>>
>> Setting up an USM User by calling
>>    usm.addUser(
>>       user.getSecurityName(), 
>>       usm.getLocalEngineID(), 
>>       user);
>> works for "set/get" requests but fails for "inform" notifications.
>>
>> Setting up an USM User by calling
>>    usm.addUser(
>>       user.getSecurityName(), 
>>       null, 
>>       user);
>> works for "inform" notifications but fails for "set/get" requests.
>>
>> Attempt to add the same user twice with usm.getLocalEngineID() and
>> "null" returns error -1406 for get-request: invalid engine ID
>>
>> How to overcome this conflict? Could be the same user object reused
> for
>> V3 "set/get" requests and "inform" notifications?
>>
>> Thanks,
>> Mark G.
> 
> _______________________________________________
> SNMP4J mailing list
> SNMP4J at agentpp.org
> http://lists.agentpp.org/mailman/listinfo/snmp4j

-- 
AGENT++
http://www.agentpp.com
http://www.mibexplorer.com
http://www.mibdesigner.com

More information about the SNMP4J mailing list