Manual Chapter : 3-DNS Reference Guide v3.0: SNMP

Applies To:

Show Versions Show Versions

3-DNS Controller versions 1.x - 4.x

  • 3.0 PTF-02, 3.0 PTF-01, 3.0.0
Manual Chapter


10

SNMP



Working with SNMP on the 3-DNS Controller

This chapter describes the management and configuration tasks for the simple network management protocol (SNMP) agent and management information bases (MIBs) available with the 3-DNS Controller.

Warning: If you want to monitor the 3-DNS Controller using the F5 Networks SEE-IT Network Manager, you must configure the SNMP agent on the 3-DNS Controller.

The 3-DNS SNMP agent and MIBs allow you to monitor the 3-DNS Controller by configuring traps for the SNMP agent or by polling the controller with your standard network management station (NMS). The 3-DNS SNMP agent has the following options to ensure secure management:

  • Community names
  • TCP wrappers
  • View access control mechanism (VACM)

You can use the Configuration utility to configure the 3-DNS SNMP agent to send traps to your management system. You can also set up custom traps by editing several configuration files.

Configuring SNMP on the 3-DNS Controller

To use SNMP on the 3-DNS Controller, you must complete the following tasks:

  • Download the 3-DNS MIBs and load them into your network management station
  • Modify the following configuration files:
    • /etc/hosts.allow
    • /etc/snmpd.conf
    • /etc/snmptrap.conf
    • /etc/syslog.conf
  • Configure options for the checktrap script

Downloading the MIBs

The 3-DNS Controller includes a private 3-DNS SNMP MIB. This MIB is specifically designed for use with the 3-DNS Controller. You can configure the SNMP settings in the Configuration utility or on the command line.

SNMP management software requires that you use the MIB files associated with the device. You can obtain three MIB files from the 3-DNS directory /usr/contrib/f5/mibs, or you can download the files from the Additional Software Downloads section of the Configuration utility home page. The files you need are:

  • 3dns.my
    This is a vendor MIB that contains specific information for properties associated with specific F5 functionality, such as load balancing.
  • rfc1611.my
    This is a DNS server MIB (RFC 1611) that provides standard management information.
  • UCD-SNMP-MIB.txt
    This is a MIB-II (RFC 1213) that contains specific management information for the UC-Davis SNMP agent.

For information about the objects defined in 3dns.my, refer to the descriptions in the object identifier (OID) section of the MIB file. For information about the objects defined in rfc1611.my, refer to RFC 1611.

Understanding configuration file requirements

You need to make changes to several configuration files on the 3-DNS Controller before using the SNMP agent. Once you change these configuration files, you must restart the SNMP agent. The files are discussed in the following sections.

/etc/hosts.deny

The /etc/hosts.deny file must be present to deny, by default, all UDP connections to the SNMP agent. The contents of this file are as follows:

ALL : ALL

/etc/hosts.allow

Note: If you prefer, instead of modifying this file manually, you can use the Configuration utility to specify the hosts that are allowed to access the SNMP agent. See the section titled, To set SNMP properties using the Configuration utility, on page 10-9 .

The /etc/hosts.allow file specifies the hosts that are allowed to access the SNMP agent. You can configure access to the SNMP agent with the /etc/host.allow file in one of two ways:

  • By typing in an IP address, or list of IP addresses, that are allowed to access the SNMP agent.
  • By typing in a network address and mask to allow a range of addresses in a subnetwork to access the SNMP agent.

For a specific list of addresses, type in the list of addresses you want to allow access to the SNMP agent. Addresses in the list must be separated by blank space or by commas. The basic syntax is as follows:

daemon: <IP address> <IP address> <IP address>

For example, if you type the following line, the SNMP agent accepts connections from the specified IP addresses:

snmpd: 128.95.46.5 128.95.46.6 128.95.46.7

For a range of addresses, the basic syntax is as follows, where daemon is the name of the daemon, and NETWORKADDRESS/MASK specifies the network that is allowed access:

daemon: NETWORKADDRESS/MASK

For example, the following line sets the snmpd daemon to allow connections from the 128.95.46.0/255.255.255.0 address:

snmpd: 128.95.46.0/255.255.255.0

The previous example allows the 256 possible hosts from the network address 128.95.46.0 to access the SNMP daemon. You may also use the keyword ALL to allow access for all hosts or all daemons.

/etc/snmpd.conf

The /etc/snmpd.conf file controls most aspects of the SNMP agent. This file is used to set up and configure certain traps, passwords, and general SNMP variable names.

Note: If you prefer, instead of modifying this file manually, you can use the Configuration utility to set these SNMP properties. See the section titled, To set SNMP properties using the Configuration utility, on page 10-9 .

A few of the necessary variables are listed below:

  • System Contact Name
    The System Contact is a MIB-II simple string variable defined by almost all SNMP boxes. It usually contains a user name and an email address. This is set by the syscontact key.
  • Machine Location (string)
    The Machine Location is a MIB-II variable that is supported by almost all boxes. It is a simple string that defines the location of the box. This is set by the syslocation key.
  • Community String
    The community string clear text password is used for basic SNMP security. This also maps to VACM groups, but for initial read-only access it is limited to only one group.
  • Trap Configuration
    Trap configuration is controlled by these entries in the /etc/snmpd.conf file:
    • trapsink <host>
      This sets the host to receive trap information. The <host> is an IP address.
    • trapport <port>
      This sets the port on which traps are sent. There must be one trapport line for each trapsink host.
    • trapcommunity <community string>
      This sets the community string (password) for sending traps. Once set, it also sends a trap upon startup: coldStart(0).
    • authtrapenable <integer>
      Set this variable to 1 so that traps can be sent for authentication warnings. Set the variable to 2 to disable it.
      Note: To change the trap port, be sure the trapport line precedes the trapsink line. If you use more than one trapport line, there must be one trapport line before each trapsink line. The same is true for trapcommunity; if you use more than one trapcommunity line, there must be one trapcommunity line before each trapsink line.
  • System IP Setting
    You must set the system IP address using the sysip command; if this setting is not present, the checktrap.pl script fails to send all 3-DNS-specific traps. Use the following syntax to set the system IP address:

    sysip <3-DNS IP address>

/etc/snmptrap.conf

The configuration in /etc/snmptrap.conf determines which messages generate traps and what those traps are. The file includes OIDS, traps, and regular expression mappings. The configuration file specifies whether to send a specific trap based on a regular expression. An excerpt of the configuration file is shown in Figure 10.1

Figure 10.1 Excerpt from the /etc/snmptrap.conf file

 # Default traps.    
.1.3.6.1.4.1.3375.1.2.2.2.0.1 (SNMP_TRAP: VS.*?state change green.*?red) VIRTUAL SERVER GREEN TO RED

.1.3.6.1.4.1.3375.1.2.2.2.0.2 (SNMP_TRAP: VS.*?state change red.*?green) VIRTUAL SERVER RED TO GREEN

.1.3.6.1.4.1.3375.1.2.2.2.0.3 (SNMP_TRAP: SERVER.*?state change green.*?red) SERVER GREEN TO RED

.1.3.6.1.4.1.3375.1.2.2.2.0.4 (SNMP_TRAP: SERVER.*?state change red.*?green) SERVER RED TO GREEN

.1.3.6.1.4.1.3375.1.2.2.2.0.5 (SNMP_TRAP: iQuery message from big3d) CRC FAILURE

Some of the OIDs have been permanently mapped to specific 3-DNS Controller events. The OIDs that are permanently mapped for the 3-DNS Controller include:

  • Virtual server green to red
  • Virtual server red to green
  • Server green to red
  • Server red to green
  • CRC failure
  • Pool red to green
  • Pool green to red
  • 3-DNS Controller active to standby
  • 3-DNS Controller standby to active

To see messages that are triggering an SNMP trap, look in the var/3dns/log/3dns.log file.

/etc/syslog.conf

To generate traps, you must configure syslog to send syslog lines to checktrap.pl. If the syslog lines match the specified regular expression in the snmptrap.conf file, the checktrap.pl script generates a valid SNMP trap. The following line in the /etc/syslog.conf file causes the syslog utility to send the specified log output to the checktrap.pl script. The checktrap.pl script then compares the logged information to the snmptrap.conf file to determine if a trap should be generated.

local2.warning | exec /sbin/checktrap.pl.

Note: If you uncomment this line, make sure you restart syslogd.

Configuring options for the checktrap script

The checktrap.pl script reads a set of lines from standard input. The script checks each line against a set of regular expressions. If a line matches the regular expression, an SNMP trap is sent.

Options for checktrap

snmpd_conf_file=<snmp configuration file>

This file contains the SNMP variables. The checktrap.pl script gets trap configuration information from this file. The default is /etc/snmpd.conf.

trapd_conf_file=<snmp trap configuration file>

This file contains the regular expression to SNMP trap OID mappings. It also contains a description string that is added to the trap message. The default is /etc/snmptrap.conf.


trap_program=<snmp trap program>

This program sends the trap. This program should be the snmptrap program included with the 3-DNS Controller. The default is /sbin/snmptrap.

no_date_strip

This turns off automatic date stripping. Normally, each input line is expected to begin with a date. Typically, this date is stripped off before the trap is sent. This option keeps the date information in the trap. If you do not add this option, the date is stripped from the trap by default.

usage

This prints a usage string.

Configuring the 3-DNS SNMP agent using the Configuration utility

You can use the Configuration utility to configure the following aspects of the 3-DNS SNMP agent:

  • Client access
    You can define a network address and netmask for a workstation from which SNMP requests are acceptable.
  • System information
    You can name a system contact, a machine location, and a community string.
  • Trap configuration
    You can enter a trap sink and a trap community.

To set SNMP properties using the Configuration utility

The Configuration utility provides sample SNMP settings for your reference. To use the 3-DNS SNMP MIB, you must replace these sample settings with settings appropriate to your environment and your specific SNMP management software.

  1. In the navigation pane, click SNMP.
    The SNMP Configuration screen opens.
  2. Add the SNMP settings. For help on configuring the SNMP settings, click Help on the toolbar.

Configuring host SNMP settings on the 3-DNS Controller

After defining a host server, you need to configure its SNMP settings if you want to use SNMP host probing. Remember that you must first set up at least one SNMP probing factory on any 3-DNS Controller, BIG-IP Controller, or EDGE-FX Cache that runs the big3d agent.

The SNMP prober collects the following information:

  • Memory utilization
  • CPU utilization
  • Disk space utilization
  • Kilobytes/second
  • Current Connections
  • Packet rate

    The 3-DNS Controller uses the packet rate information for load balancing. The information is displayed in the Host Statistics screen in the Configuration utility for your convenience.

To configure host SNMP settings using the Configuration utility

  1. In the navigation pane, expand the Servers item, and click Host Servers.
  2. From the Host Server column, click a host server.
    The Modify Host screen opens.
  3. On the toolbar, click SNMP Configuration.
    The Host SNMP Configuration screen opens.
  4. Add the host SNMP settings. For help on configuring the host SNMP settings, click Help on the toolbar.

To configure host SNMP settings using the command line utility

  1. At the command prompt, type 3dnsmaint to open the 3-DNS Maintenance menu.
  2. On the 3-DNS Maintenance menu, choose Edit 3-DNS Configuration to open the wideip.conf file.
  3. Locate or add the host server statement.

    All server statements should appear after the sync_group statement and before wideip statements.

  4. Define the server type, address, name, prober, probe protocol, and port information as usual.
  5. Add the snmp statement.
  6. Define the virtual server information as usual.

Figure 10.2 Configuring host SNMP settings

 server {    
type host
address <IP address>
name <"host_name">
probe_protocol <tcp | icmp>
[ prober <IP address> ]
port <port number> | service <"service name">
[ snmp {
agent <generic | ucd | solstice | ntserv | ciscold2 | ciscold3>
port <port number>
community <"community string">
timeout <seconds>
retries <number>
version <SNMP version>
} ]
vs {
address <virtual server IP address>
port <port number> | service <"service name">
[ probe_protocol <tcp | icmp> ]
}
}

Figure 10.2 shows the SNMP syntax in bold.

Configuring SNMP agents on hosts

For host probing to work, you need to verify that the SNMP agent is properly configured on the host. We recommend that you refer to the documentation provided with your host SNMP software for complete configuration information.