Virtual network interfaces#
In some use-cases it may be convenient to represent backend SNMP agents (or parts of a single agent) as a set of independent SNMP agents at the frontend, e.g. server side of SNMP Proxy Forwarder. In such cases you could set up many virtual (AKA secondary) network interfaces at the server host and configure SNMP Proxy Forwarder to route SNMP messages based on their destination addresses.
This only works on Linux and requires Python 3.3+.
Server configuration#
Server is configured to:
listen on UDP socket at all interfaces
use POSIX sendmsg()/recvmsg() calls for the UDP socket by turning on the virtual-interface option
distinguish messages sent to 127.0.0.1 from messages sent to 127.0.0.2
forward SNMP PDUs to different clients/trunks based on SNMP message destination address
respond to queries, performed over SNMPv2c, from the same IP to which the request was sent
#
# SNMP forwarder: Agent part configuration
#
config-version: 2
program-name: snmpfwd-server
snmp-credentials-group {
snmp-engine-id: 0x0102030405070809
snmp-community-name: public
snmp-security-name: public
snmp-security-model: 2
snmp-security-level: 1
snmp-transport-domain: 1.3.6.1.6.1.1.100
# enable destination address sensing (when it's a vif) as well
# as using it for responding
snmp-transport-options: virtual-interface
snmp-bind-address: 0.0.0.0:1161
snmp-credentials-id: snmp-credentials
}
context-group {
snmp-context-engine-id-pattern: .*?
snmp-context-name-pattern: .*?
snmp-context-id: any-context
}
content-group {
snmp-pdu-type-pattern: .*?
snmp-pdu-oid-prefix-pattern-list: .*?
snmp-content-id: any-content
}
peers-group {
snmp-transport-domain: 1.3.6.1.6.1.1.100
snmp-peer-address-pattern-list: .*?
vif-1 {
snmp-bind-address-pattern-list: 127\.0\.0.\1:[0-9]+?
snmp-peer-id: 101
}
vif-2 {
snmp-bind-address-pattern-list: 127\.0\.0.\2:[0-9]+?
snmp-peer-id: 102
}
}
trunking-group {
trunk-bind-address: 127.0.0.1
trunk-peer-address: 127.0.0.1:30301
trunk-ping-period: 60
trunk-connection-mode: client
trunk-id: trunk-1
}
routing-map {
matching-snmp-context-id-list: any-context
matching-snmp-content-id-list: any-content
matching-snmp-credentials-id-list: snmp-credentials
client-1 {
matching-snmp-peer-id-list: 101
using-trunk-id-list: trunk-1
}
client-2 {
matching-snmp-peer-id-list: 102
using-trunk-id-list: trunk-1 # still using trunk-1 for simplicity
}
}
Download server configuration file.
Client configuration#
Client is configured to:
listen on server-mode unencrypted trunk connection
use POSIX sendmsg()/recvmsg() calls for the UDP socket by turning on the virtual-interface option
place inbound PDUs into SNMP v2c messages and forward them towards SNMP agent running at demo.pysnmp.com
#
# SNMP forwarder: Manager part configuration
#
config-version: 2
program-name: snmpfwd-client
peers-group {
snmp-engine-id: 0x0102030405070809
snmp-transport-domain: 1.3.6.1.6.1.1.1
# time out SNMP request in 1 second
snmp-peer-timeout: 100
snmp-peer-retries: 0
snmp-community-name: public
snmp-security-name: public
snmp-security-model: 2
snmp-security-level: 1
# enable sending packets from any local interface (vif)
# without explicitly binding to it
snmp-transport-options: virtual-interface
snmp-bind-address: 0.0.0.0:0
snmp-peer-address: 104.236.166.95:161
snmp-peer-id: snmplabs
}
trunking-group {
trunk-bind-address: 127.0.0.1:30301
trunk-ping-period: 60
trunk-connection-mode: server
trunk-id: <discover>
}
original-snmp-peer-info-group {
orig-snmp-bind-address-pattern: .*?
orig-snmp-context-name-pattern: .*?
orig-snmp-pdu-type-pattern: .*?
orig-snmp-oid-prefix-pattern: .*?
orig-snmp-engine-id-pattern: .*?
orig-snmp-context-engine-id-pattern: .*?
orig-snmp-transport-domain-pattern: .*?
orig-snmp-peer-address-pattern: .*?
orig-snmp-security-level-pattern: .*?
orig-snmp-security-name-pattern: .*?
orig-snmp-security-model-pattern: .*?
orig-snmp-peer-id: any-manager
}
server-classification-group {
server-snmp-credentials-id-pattern: .*?
server-snmp-context-id-pattern: .*?
server-snmp-content-id-pattern: .*?
server-snmp-peer-id-pattern: .*?
server-classification-id: any-classification
}
routing-map {
matching-trunk-id-list: trunk-1
matching-orig-snmp-peer-id-list: any-manager
matching-server-classification-id-list: any-classification
using-snmp-peer-id-list: snmplabs
}
Download client configuration file.