12   SNMP

Clixon supports SNMP for retreiving and setting values via netsnmp using a MIB-YANG mapping defined in RFC6643.

12.1   Architecture

_images/snmp.jpg

The SNMP frontend acts as an intermediate daemon between the Net-SNMP daemon (snmpd) and the Clixon backend. Clixon-snmp communicates over the AgentX protocol to snmpd typically via a UNIX socket, and over the internal IPC protocol to the Clixon backend.

Clixon-snmp implements RFC 6643 Translation of Structure of Management Information Version 2 (SMIv2) MIB Modules to YANG Modules. The RFC defines how a MIB is translated to YANG using extensions that define a mapping between YANG statements and SMI object IDs and types in the MIB.

In principle, it is also possible to construct a MIB from YANG using the same method, although this is more limited and may involve manual work.

A user can then communicate with snmpd using any of the SNMP v2/v3 tools, such as snmpget, snmpwalk and others.

Note

SNMP support is introduced in Clixon version 5.8

12.2   Configuration

12.2.1   Net-SNMP

Note

Use Net-SNMP version 5.9 or later

To set up AgentX communication between clixon_snmp and snmpd a Unix or TCP socket is configured. This socket is also configured in Clixon (see below). An example snmpd.conf is as follows:

master       agentx
agentaddress 127.0.0.1,[::1]
rwcommunity  public localhost
agentXSocket unix:/var/run/snmp.sock
agentxperms  777 777

It is necessary to ensure snmpd does not to load modules implemented by Clixon. For example, if Clixon implements the IF-MIB and system MIBs, snmpd should not load those modules. This can be done using the “-I” flag and prepending a “-” before each module:

-I -ifTable -I -system_mib -I -sysORTable

Further, Clixon itself does not start netsnmp itself, you need to ensure that netsnmp is running when clixon_snmp is started. Likewise, if snmpd is restarted, clixon_snmp must also be restarted.

Note

Net-snmp must be started via systemd or some other external mechanism before clixon_snmp is started.

12.2.2   Clixon

To build the snmp support, netsnmp is enabled at configure time. Two configure options are added for SNMP:

  • --enable-netsnmp Enable SNMP support.
  • --with-mib-generated-yang-dir For tests: Directory of generated YANG specs (default: $prefix/share/mibyang)

Then type “make” to build the “clixon_snmp” executable and “make install” to install.

12.2.3   clixon_snmp command line options

$ clixon_snmp -h
usage:clixon_snmp
where options are
     -h              Help
     -D <level>      Debug level
     -f <file>       Configuration file (mandatory)
     -l (e|o|s|f<file>) Log on std(e)rr, std(o)ut, (s)yslog(default), (f)ile
     -z              Kill other clixon_snmp daemon and exit
     -o "<option>=<value>"   Give configuration option overriding config file (see clixon-config.yang)

12.2.4   clixon_snmp configuration

There are two SNMP related options in the Clixon configuration:

CLICON_SNMP_AGENT_SOCK
String description of the AgentX socket that clixon_snmp listens to.
CLICON_SNMP_MIB
Names of MIBs that are used by clixon_snmp.

Example:

<CLICON_SNMP_AGENT_SOCK>unix:/var/run/snmp.sock</CLICON_SNMP_AGENT_SOCK>
<CLICON_SNMP_MIB>IF-MIB</CLICON_SNMP_MIB>

Note that the socket /var/run/snmp.sock is the same as configured in “snmpd.conf” above.

12.3   MIB mapping

Clixon registers MIBs with netsnmp by using YANG specifications. To achieve this, the MIB is first converted (according to RFC6643) to YANG format.

12.3.1   Generating YANG

MIB to YANG conversion can be done using the smidump tool, version 0.5 or later. Manual mapping is also possible. In Debian smidump is available in the package “smitools”. You may also find existing repos with converted MIBs.

To convert a MIB to YANG, invoke smidump with the “-f yang” flag and point it to a MIB. MIBs will usually be in the directory “/usr/share/snmp/mibs/”:

$ smidump -f yang /usr/share/snmp/mibs/IF-MIB.txt > IF-MIB.yang

Note

smidump 0.5 or later must be used

Once a MIB is converted to YANG, two things should be done:

  1. The YANG is registered as an SNMP module using the CLICON_SNMP_MIB configuration option
  2. The YANG file must be placed so that it can be found using the regular Clixon YANG finding mechanism, as described in Finding YANG files

12.3.2   Config vs state

By default, all RFC6643 mappings are config false, ie, no configuration data.

To change to configuration data, a deviation statement is made as the following example illustrates:

  deviation "/clixon-types:CLIXON-TYPES-MIB" {
   deviate replace {
      config true;
   }
}

For more info, see Section 11 in RFC 6643.

12.3.3   Types

Scalar types are mapped between SMI and YANG types using RFC6643. All types as used by IF-MIB, System and Entity MIBs are supported.

12.3.4   Tables

SNMP tables are supported for config and state and are mapped to YANG lists. It is possible to get and set individual values either via the SNMP API, or via any of the other CLIXON frontends.

Table indexes can be integers and non-integers. Multiple table indexes are supported.

As an implementation detail, Clixon uses the table abstraction in the netsnmp agent library, not table-data or table-instance.

12.3.5   RowStatus

Clixon supports SMIv2 RowStatus for table handling. Where RowStatus is used, the status of the row is returned and set to either active, notInService or notReady.

When writing the status of the row can be set to either createAndGo, createAndWait, active or destroy.

The rowstatus firled itself and all row values in createAndWait mode uses an internal cache which is held in memory by the clixon snmp agent. This internal cache is flushed to Clixon when setting a row to active, like a “pre-commit phase”. When clixon_snmp is restarted, the cache is cleared.