What are some good resources for understanding SNMP MIBs? - snmp

I know a little about SNMP, but not enough. I need to develop an application that can read standard SNMP MIBs and read/write the various properties. The network end is no problem, but the actual MIBs and exactly what they may contain is something of a black art to me.
I believe I should be able to use LIBSMI to 'parse' the MIBs, but I don't really understand what the output of the 'parser' is going to be, and how best to use it.
All suggestions welcome...

At the risk of throwing you in the deep end, you might want to take a look at net-snmp. The default installation contains a number of standard mibs with their associated implementation. It also contains a utility (mib2c) that will generate boilerplate code from your mib files.
Once you've read your way through a couple of mibs you should have no trouble familiarising yourself with the way that snmp does things.

Most standard MIB documents were defined in corresponding RFCs published at IETF.
http://www.ietf.org/
Please go to this site to find more details.

Muonics Mib Smithy User Guide provides a good overview of how to build a MIB, which can help you understand the necessary elements for parsing.
You should also look at the ASN.1 ITU specification X.690, because that is the language SNMP is defined in. It also helps if you scour the SNMP RFCs for any Bachus-Naur formatting in the SNMP RFCs. I'm going to suggest you start with RFC3642 and RFC2252.

Related

SNMP MIB Structure Conventions for nodes below the Enterprise Identifier

I have developed a Linux/Umbutu program running on what will be an imbedded P-based device. I wish for that piece of code to be able to send and receive the SNMP data for the entire product. So, I know the OID down to the company level, 1.3.6.1.4.1.34843, and I further know that the two SNMP enabled products we sell are 1.3.6.1.4.1.34843.1 and 1.3.6.1.4.1.34843.2. Pretty sure mine will be .3.
The question is, is there a known structure/convention for the nodes below this point? What I read seems to imply that I can use whatever structure I want. Would ...34843.1.0 exist? Is it a node to fetch (get) the list or max-count of same-level nodes? Would ...34843.1.0.0 exist? Would it make any sense? The guy who developed the first two MIBs is out of town for a while and I can't really ask him, and I'd like to make sure I understand his answer when he gives it to me.
Is there a document that describes the required/suggested organization? Probably some RFC, right. So, is there a document in a language spoken by humans?
Thanks in advance.
The most popular resource is the understanding SNMP MIBs book by Perkins and McGinnis. It describes MIBs in a more readable format. The Net-SNMP tutorials online might be helpful too, as they discuss a lot about MIBs. If you want the RFC, then RFC2578 is the right thing to read.
The quick hierarchy guidance would be something along the lines of:
Use 3 sections: one for objects, one for notifications, and one for conformance information
For notifications, root them at the .0 (see RFC3584 for details on why)
For each table, you might want a scalar showing the number of objects in a table and potentially a LastChanged object for showing how frequently configuration within the table might have changed).
There is a lot more guidance that can be found in the books and other sources listed above than can be repeated here, of course. RFCs 4181, and 5249 may be helpful as well.

Does the order of attributes in SNMP Traps matter

I am using some SNMP traps for monitoring of applications. Now I was told that some monitoring systems might have problems if the order of the attributes within the the traps was not the same as defined in the MIB. From the Complexity of the OIDs that could easily be used to re-order the attributes I was surprised by this, so I tried to find the relevant section of the RFC, but I could neither find something that said any ordering is allowed nor anything that said it is important. In other secondary documentation about SNMP I was not able to find anything usefull either.
So this is more a curiosity question, that could however also help in further projects using SNMP. Could anyone point me to the correct documentation as far as this problem is concerned. Or is this something that one software might handle while other software might not handle this and I should check the actual documentation for that software?
I found the relevant document.
Section 3.1.2 specifies:
The VARIABLES clause, which need not be present, defines the
ordered sequence of MIB objects which are contained within
every instance of the trap type. Each variable is placed, in
order, inside the variable-bindings field of the SNMP Trap-
PDU. Note that at the option of the agent, additional
variables may follow in the variable-bindings field.
Thanks to the person who pointed this out to me.

Writing my own MIB - any references of how to do so?

Mapping some OIDs to system commands is actually all I need
However, I could not find yet a resource which explain how to compose such thing.
Any idea?
There are books about SNMP and MIBs, such as the SNMP MIB Handbook. If you want to learn by example, read some RFCs that define MIBs, such as the Printer MIB.
I read SNMP MIB Handbook. I was a novice of the matter and it lead me inside MIBs very easly. VERY WELL ORGANIZED. Suggested!
I also bought Unserstanding SNMP MIBs, but I didn't read it. After a brief look seems to be very complete.
Good luck!
The Bible of MIBs is considered to be Understanding SNMP MIBs. If you're a book sort of person, that's the recommended reading. The RFCs for MIBS are well worth reading too (RFC2578 through 79) but don't give you a great feel for the corner and "how to" cases.

SNMP OIDs Documentation

I am looking for documentation on SNMP IODs return values. For example, the MIB IBM-SYSTEM-HEALTH-MIB 1.3.6.1.4.1.2.6.159.1.1.30 , it provides information on temperature, voltage, and fan status.
1.3.6.1.4.1.2.6.159.1.1.30.3.1.2 provides information on Current State. However, I am not sure what the return values 0 and 3 mean.
Does anyone know where I can find any documentation on these return values for OIDs?
Thanks in advance.
Like lextm-MSFT said, you can find the answer in your vendor's MIB file. If you can't find them on your vendor's support website, Bytesphere (http://www.oidview.com/mibs/vendors.html) is an excellent resource for enterprise MIBs.
You must have the MIB document at hand and check out description section for each objects. Besides, consult IBM support team to see if they have other official documents on that.

How stable are Cisco IOS OIDs for querying data with SNMP across different model devices?

I'm querying a bunch of information from cisco switches using SNMP. For instance, I'm pulling information on neighbors detected using CDP by doing an snmpwalk on .1.3.6.1.4.1.9.9.23
Can I use this OID across different cisco models? What pitfalls should I be aware of? To me, I'm a little uneasy about using numeric OIDs - it seems like I should be using a MIB database or something and using the named OIDs, in order to gain cross-device compatibility, but perhaps I'm just imagining the need for that.
Once a MIB has been published it won't move to a new OID. Doing so would break network management tools and cause support calls, which nobody wants. To continue your example, the CDP MIB has been published at Cisco's SNMP Object Navigator.
For general code cleanliness it would be good to define the OIDs in a central place, especially since you don't want to duplicate the full OID for every single table you need to access.
The place you need to be most careful is a unique MIB in a product which Cisco recently acquired. The OID will change, if nothing else to move it into their own Enterprise OID space, but the MIB may also change to conform to Cisco's SNMP practices.
It is very consistent.
Monitoring tools depend on the consistency and the MIBs produced by Cicso rarely change old values and usually only implement new ones.
Check out the Cisco OID look up tool.
Notice how it doesn't ask you what product the look up is for.
-mw
The OIDs can vary with hardware but also with firmware version for the same hardware as, over time, the architecture of the management functions can change and require new MIBs. It is worth checking whether any of the OIDs you intend to use are in deprecated MIBs, or become so in the life of the application, as this indicates not only that the MIB could one day be unsupported but also that there is likely to be improved, richer data or access to data. It is also good practice to test management apps against a sample upgraded device as part of the routine testing of firmware updates before widespread deployment.
An example of a change of OID due to a MIB being deprecated is at
http://www.cisco.com/en/US/tech/tk648/tk362/technologies_configuration_example09186a0080094aa6.shtml
"This document shows how to copy a
configuration file to and from a Cisco
device with the CISCO-CONFIG-COPY-MIB.
If you start from Cisco IOSĀ® software
release 12.0, or on some devices as
early as release 11.2P, Cisco has
implemented a new means of Simple
Network Management Protocol (SNMP)
configuration management with the new
CISCO-CONFIG-COPY-MIB. This MIB
replaces the deprecated configuration
section of the OLD-CISCO-SYSTEM-MIB. "
I would avoid putting in numeric OIDs and instead use 'OID names' and leave that hard work (of translating) to whatever SNMP API you are using.
If that is not possible, then it is okay to use OIDs as they should not change per the SNMP MIB guidelines. Unless the device itself changes but that requires a new MIB anyway which can't reuse old OIDs.
This is obvious, but be sure to look at the attributes of the SNMP MIB variable. Be sure not to query variables that have a status of 'obsolete'.
Jay..
In some cases, using the names instead of the numerical representations can be a serious performance hit due to the need to read and parse the MIB files to get the numerical representations of the OIDs that the lower level libraries need.
For instance, say your using a program to collect something every minute, then loading the MIBs over and over is very inefficient.
As stated by others, once published, the name to numerical mapping will never change, so the fact that you're hard-coding stuff into your programs is not really a problem.
If you have access to command line SNMP tools, check out 'snmptranslate' for a nice tool to get back and forth from text to numerical OIDs.
I think that is a common misconception (about MIB reload each time you resolve a name).
Most of the SNMP APIs (such as AdventNet, CMU) load the MIBS at startup and after that there is no 'overhead' of loading MIBs everytime you ask for a 'translation' from name to oid and vice versa. What's more, some of them cache the results and at that point, there is no difference between name lookups and directly coding the OID.
This is a bit similar to specifying an "IP Address" versus a 'hostname'.

Resources