search

etingof / snmpfwd

SNMP Proxy Forwarder
http://snmplabs.com/snmpfwd/
BSD 2-Clause "Simplified" License
67 stars 18 forks source link

How to send same SNMP Trap to Multiple servers? #41

Open tripsankur opened 4 years ago

tripsankur commented 4 years ago

Hi, This is more of a Technical Question than an issue. We are planning to use SNMP Lab to work as a proxy between the Manager and the agent. We want to send the same trap collected by SNMP Lab forwarder to multiple destinations. Is it possible? If yes, can I please get some information about how? Any guidance will be very helpful.

Regards Ankur Tripathi

tripsankur commented 4 years ago

@etingof any help would be appreciated. Thanks.

etingof commented 4 years ago

That should be possible to do in multiple ways.

If you want to emit traps all from the same place, I'd start with configuring and enlisting all your TRAP targets in using-snmp-peer-id option.

The other way could be to have multiple snmpfwd clients, potentially running on different sites, and linked with a single snmpfwd server by trunk connections.

Finally, a way to go would be to use SNMP transport tags (that's probably the more "official" way from RFC standpoint), however I am not sure it has much use in snmpfwd context.

tripsankur commented 4 years ago

Thanks @etingof .

tripsankur commented 4 years ago

@etingof Is it possible to run multiple snmpfwd clients and server on the same machine?

etingof commented 4 years ago

Most certainly, these are just user processes from OS perspective.

tripsankur commented 4 years ago

Hi @etingof ,

Thanks for the response. I have a three more questions, hope you will be able to help out.

1 - Is it possible to divert the SNMP traffic on the basis of the sender (i.e. Network element). We want to send the traffic to different SNMP Manager from the proxy depending on the IP of the network element. The plan is to have one SNMP Fwd server and 3 SNMP Fwd clients and distribute the load according to the IP Range. But I have not found any configuration which will support it. Please let me know if this can be done.

2 - Is there a performance metric available for SNMP Proxy in terms of handling the load that we can use?

3 - Do we need to provide the SNMP Credentials (such as engine id etc) in the configuration if the only purpose is to forward the SNMP message to the SNMP Manager? Basically, if I only want to forward the UDP as it is, do I need to do any configurations?

Thanks again.

Regards Ankur

etingof commented 4 years ago

1 - Is it possible to divert the SNMP traffic on the basis of the sender (i.e. Network element). We want to send the traffic to different SNMP Manager from the proxy depending on the IP of the network element. The plan is to have one SNMP Fwd server and 3 SNMP Fwd clients and distribute the load according to the IP Range. But I have not found any configuration which will support it. Please let me know if this can be done.

I think this should be doable. On your server side you should probably classify your TRAP emitters by their network address, then route messages to the trunk of your choice. That way you get your SNMP traffic distributed among SNMP Fwd clients.

2 - Is there a performance metric available for SNMP Proxy in terms of handling the load that we can use?

I am not sure I understand your question. Forwarder performance depends on many factors, if it ever becomes a bottleneck, I think some tweaking could hopefully improve things...

3 - Do we need to provide the SNMP Credentials (such as engine id etc) in the configuration if the only purpose is to forward the SNMP message to the SNMP Manager? Basically, if I only want to forward the UDP as it is, do I need to do any configurations?

If you operate entirely on L3, may be you do not need SNMP Fwd at all? Some kind of VPN would suffice, no?

tripsankur commented 4 years ago

Thanks for the response @etingof

1 - Is it possible to divert the SNMP traffic on the basis of the sender (i.e. Network element). We want to send the traffic to different SNMP Manager from the proxy depending on the IP of the network element. The plan is to have one SNMP Fwd server and 3 SNMP Fwd clients and distribute the load according to the IP Range. But I have not found any configuration which will support it. Please let me know if this can be done.

I think this should be doable. On your server side you should probably classify your TRAP emitters by their network address, then route messages to the trunk of your choice. That way you get your SNMP traffic distributed among SNMP Fwd clients.

I am trying this now.

2 - Is there a performance metric available for SNMP Proxy in terms of handling the load that we can use?

I am not sure I understand your question. Forwarder performance depends on many factors, if it ever becomes a bottleneck, I think some tweaking could hopefully improve things...

I just want to find out the incoming trap rate it can handle and route to different Managers if it runs on 64GB, 4 Core CPU.

3 - Do we need to provide the SNMP Credentials (such as engine id etc) in the configuration if the only purpose is to forward the SNMP message to the SNMP Manager? Basically, if I only want to forward the UDP as it is, do I need to do any configurations?

If you operate entirely on L3, may be you do not need SNMP Fwd at all? Some kind of VPN would suffice, no?

We will have a combination of SNMP traps (v1, v2, v3) coming in from different Network Elements. We are planning to put an abstraction between the SNMP Agents and SNMP Manager, so that going forward any change towards the SNMP Manager side should not require a change at SNMP Agent. Let me know your thoughts.

pmorch commented 4 years ago

I'm piggy-backing onto this issue. Please let me know if I should file a separate issue.

Is it possible to send same SNMP Trap to Multiple servers, while keeping/spoofing the original source IP address?

We have hundreds of identical (lets call them) switches that all need to send to three recipients but they can only each be configured to send to one recipient. The idea is that the switches send to snmpfwd and it in turn sends traps to the three servers. But if the source address is snmpfwd's the three servers can't identify the original trap emitter switch.

So I'm trying to achieve something similar to what I can get with: sleinen/samplicator: Send copies of (UDP) datagrams to multiple receivers, with optional sampling and spoofing. But snmpfwd "knows about SNMP" and would allow me to control which traps get fowarded where, instead of a blind "copy all UPD packets recieved on port 162 to all these N destinations with original source IP intact" approach that samplicator provides.

The transparent proxy example seems not to be about traps. I took inpsiration from it and tried this:

$ diff -u client.conf.orig client.conf
--- client.conf.orig    2019-12-04 05:05:39.961353185 +0100
+++ client.conf 2019-12-04 05:05:11.017694434 +0100
@@ -9,7 +9,8 @@
   snmp-engine-id: 0x0102030405070809

   snmp-transport-domain: 1.3.6.1.6.1.1.1
-  snmp-bind-address: 0.0.0.0:0
+  snmp-transport-options: transparent-proxy
+  snmp-bind-address: ${snmp-peer-address}

   # time out SNMP request in 1 second
   snmp-peer-timeout: 100

Which gave:

$ sudo ./bin/snmpfwd-client.py --config-file=../client.conf --logging-method=stdout --log-level=debug --process-user=root --process-group=root

<lots of output, then this when a trap was about to be sent:>

2019-12-04 05:04:20,995 ERROR poll error: Traceback (most recent call last):
;  File "/home/capmon/snmpfwd/lib/python3.5/site-packages/pysnmp/carrier/asyncore/dispatch.py", line 46, in runDispatcher
    use_poll=True, map=self.__sockMap, count=1)
;  File "/usr/lib/python3.5/asyncore.py", line 207, in loop
    poll_fun(timeout, map)
;  File "/usr/lib/python3.5/asyncore.py", line 188, in poll2
    readwrite(obj, flags)
;  File "/usr/lib/python3.5/asyncore.py", line 123, in readwrite
    obj.handle_error()
;  File "/usr/lib/python3.5/asyncore.py", line 110, in readwrite
    obj.handle_write_event()
;  File "/usr/lib/python3.5/asyncore.py", line 442, in handle_write_event
    self.handle_write()
;  File "/home/capmon/snmpfwd/lib/python3.5/site-packages/pysnmp/carrier/asyncore/dgram/base.py", line 149, in handle_write
    self.socket, outgoingMessage, transportAddress
;  File "/home/capmon/snmpfwd/lib/python3.5/site-packages/pysnmp/carrier/sockmsg.py", line 108, in sendto
    addr = ipaddress.ip_address(_to.getLocalAddress()[0])
;  File "/usr/lib/python3.5/ipaddress.py", line 54, in ip_address
    address)
;ValueError: '${snmp-peer-address}' does not appear to be an IPv4 or IPv6 address
caused by <class 'ValueError'>: '${snmp-peer-address}' does not appear to be an IPv4 or IPv6 address

So instead, for fun, I tried hard coding another source address:

$ diff -u client.conf.orig client.conf
--- client.conf.orig    2019-12-04 05:05:39.961353185 +0100
+++ client.conf 2019-12-04 05:07:54.019843886 +0100
@@ -9,7 +9,7 @@
   snmp-engine-id: 0x0102030405070809

   snmp-transport-domain: 1.3.6.1.6.1.1.1
-  snmp-bind-address: 0.0.0.0:0
+  snmp-bind-address: 1.2.3.4

   # time out SNMP request in 1 second
   snmp-peer-timeout: 100

But then I got:

$ sudo ./bin/snmpfwd-client.py --config-file=../client.conf --logging-method=stdout --log-level=debug --process-user=root --process-group=root^C
capmon@capmon:~/snmpfwd$ sudo ./bin/snmpfwd-client.py --config-file=../client.conf --logging-method=stdout --log-level=debug --process-user=root --process-group=root
2019-12-04 05:08:52,773 INFO configuring SNMP peer snmplabs-v1 (at .peers-group)...
2019-12-04 05:08:52,806 INFO new engine-id 0x0102030405070809
2019-12-04 05:08:52,808 ERROR Traceback (most recent call last):;
2019-12-04 05:08:52,808 ERROR   File "/home/capmon/snmpfwd/lib/python3.5/site-packages/pysnmp/carrier/asyncore/dgram/base.py", line 47, in openClientMode;    self.socket.bind(iface);
2019-12-04 05:08:52,808 ERROR OSError: [Errno 99] Cannot assign requested address;
2019-12-04 05:08:52,809 ERROR ;During handling of the above exception, another exception occurred:;;
2019-12-04 05:08:52,809 ERROR Traceback (most recent call last):;
2019-12-04 05:08:52,809 ERROR   File "./bin/snmpfwd-client.py", line 910, in <module>;    main();
2019-12-04 05:08:52,810 ERROR   File "./bin/snmpfwd-client.py", line 626, in main;    t = transport.openClientMode(bindAddr);
2019-12-04 05:08:52,810 ERROR   File "/home/capmon/snmpfwd/lib/python3.5/site-packages/pysnmp/carrier/asyncore/dgram/base.py", line 50, in openClientMode;    'bind() for %s failed: %s' % (iface is None and "<all local>" or iface, sys.exc_info()[1]));
2019-12-04 05:08:52,810 ERROR pysnmp.carrier.error.CarrierError: bind() for ('1.2.3.4', 0) failed: [Errno 99] Cannot assign requested addresscaused by <class 'OSError'>: [Errno 99] Cannot assign requested address;
2019-12-04 05:08:52,810 INFO process terminated
etingof commented 4 years ago

Sorry for delay!

Design-wise, spoofing should work just fine for traps. If you could give me a minimal transparent TRAP forwarder configuration that fails, I can try to debug that and include into examples afterwards.

With the second traceback - it appears as if you omit snmp-transport-options: transparent-proxy option so the tool tried to bind that address rather than spoof.

Sanz70 commented 1 year ago

Hi Etingof

need help, i want to send snmp trap that i filtered by some oid to another server like zabbix, could it possible? i dont have any idea how to use this snmpfwd

lextm commented 1 year ago

@Sanz70 Posting here won't give you any answer. Read https://github.com/etingof/pysnmp/issues/429 to learn more.