User Tools
Writing /app/www/public/data/meta/onboarding/snmpmanager/snmp_and_mibs_in_a_nutshell.meta failed
onboarding:snmpmanager:snmp_and_mibs_in_a_nutshell
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| onboarding:snmpmanager:snmp_and_mibs_in_a_nutshell [2017/02/02 12:02] – mmcc | onboarding:snmpmanager:snmp_and_mibs_in_a_nutshell [2021/06/25 10:09] (current) – external edit 127.0.0.1 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== SNMP & Traps in a Nutshell ====== | ||
| + | Author: Cathal O' | ||
| + | |||
| + | ===== Introduction - What is SNMP ===== | ||
| + | |||
| + | SNMP stands for simple network management protocol. As the name suggests, it is a standard protocol designed for managing devices. | ||
| + | |||
| + | Wikipedia has a brief description of the theory [[https:// | ||
| + | |||
| + | One of the most important things to note about SNMP is that it is a fire and forget protocol. This means there is no handshake to verify that anything has actually been received. | ||
| + | |||
| + | As a result, it is very important that monitoring has minimum downtime as devices being monitored will have no feedback that nothing is receiving their messages. | ||
| + | |||
| + | |||
| + | ---- | ||
| + | |||
| + | |||
| + | ===== Traps ===== | ||
| + | |||
| + | The part of the SNMP protocol we are most interested in is the traps. | ||
| + | |||
| + | Traps are how we monitor devices for alarms and issues. | ||
| + | |||
| + | For instance, the devices we monitor are all connected over private networks to our servers. When they experience an issue, they send a small UDP packet called a trap to us. | ||
| + | |||
| + | This shifts the processing from the monitoring software. This means we don't have to constantly poll devices for fault (though we also do that to some extent), the devices send us alarms when they experience faults. | ||
| + | |||
| + | Traps are simple data objects. They are identified by an object identifier (OID). | ||
| + | |||
| + | The OID is a series of numbers separated by dots. An example OID is '' | ||
| + | |||
| + | ---- | ||
| + | |||
| + | |||
| + | ===== Mibs ===== | ||
| + | |||
| + | We use a file called a management information base (MIB) to translate OIDs. | ||
| + | |||
| + | A MIB is a text file with a specific standard structure that defines what the OID values mean. | ||
| + | |||
| + | The [[http:// | ||
| + | |||
| + | MIBs contain a tree structure that is used to translate the numbers of the OID into something understandable. | ||
| + | |||
| + | **//But how do we know what MIB translates each trap?// | ||
| + | |||
| + | The long number in the middle of the OID is the enterprise number. It signifies which company made the device or the software the trap is being sent from and therefore who you can get the MIB from. | ||
| + | |||
| + | These numbers are registered with the [[https:// | ||
| + | |||
| + | If you look up which company is identified by 33582 you'll find it's Errigal. This is one of our own internal traps. | ||
| + | |||
| + | The MIB file to translate it is '' | ||
| + | |||
| + | With this, we can translate the OID and find that this trap is called '' | ||
| + | |||
| + | This is a trap we send to our own systems to signify that we have received an alarm from a device that does not exist on our system yet. | ||
| + | |||
| + | |||
| + | ---- | ||
| + | |||
| + | |||
| + | ===== Varbinds ===== | ||
| + | |||
| + | **//But the trap just telling us that a device is missing isn't exactly very useful. What's missing?// | ||
| + | |||
| + | Traps also contain variable bindings (varbinds). Varbinds, similar to traps themselves, have an OID that identifies their name. | ||
| + | |||
| + | They also have a value. A varbind' | ||
| + | |||
| + | The varbind' | ||
| + | |||
| + | Varbinds for our device missing alarm could be something like this: | ||
| + | |||
| + | |||
| + | ^ Name OID | ||
| + | | .1.3.6.1.4.1.33582.1.1.1.1.0 | ||
| + | | .1.3.6.1.4.1.33582.1.1.1.2.0 | ||
| + | | .1.3.6.1.4.1.33582.1.1.1.3.0 | ||
| + | | .1.3.6.1.4.1.33582.1.1.1.4.0 | ||
| + | | .1.3.6.1.4.1.33582.1.1.1.5.0 | ||
| + | | .1.3.6.1.4.1.33582.1.1.1.6.0 | ||
| + | | .1.3.6.1.4.1.33582.1.1.1.7.0 | ||
| + | | .1.3.6.1.4.1.33582.1.1.1.8.0 | ||
| + | |||
| + | The varbinds each have a specific meaning that is usually documented within the MIB itself. | ||
| + | |||
| + | In this case it would signify: | ||
| + | * That we have received a btscRfSwOn alarm | ||
| + | * From a piece of equipment called VD_WD_PeoplesPark_03-RM_20 | ||
| + | * Which is attached to a host VD_WD_PeoplesPark_03 | ||
| + | * From IP address 9.9.9.9 | ||
| + | * Which we have processed as being part of the MOBILE_ACCESS technology | ||
| + | * And belongs to customer VODA. | ||
| + | |||
| + | If not all of this information makes sense yet don't worry. | ||
| + | |||
| + | Just know that each different type of trap will have different varbinds with different values that have to be interpreted by our software. | ||
| + | |||
| + | We take all this information at a later stage and put it into a standardised format using [[onboarding: | ||
| + | |||
| + | ---- | ||
| + | |||
| + | ===== Trap Handling Diagram ===== | ||
| + | |||
| + | {{ : | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | ===== Onboarding Exercise ===== | ||
| + | |||
| + | * Download the [[http:// | ||
| + | * Explore the MIB and find where in it the '' | ||
| + | * See what other types of alarms and varbinds are defined in the MIB. | ||
Page Tools
