SNMP4J compatibility with Openshift 4.8 and 4.10 platforms

gayathri · October 18, 2022, 2:23pm

We had brought up the snmp manager (with SNMP4J library) pod in OCP4.8 and the SNMP PDU is sent with the correct context Engine Id of the network element.

Where as in OCP4.10, context Engine ID is missing in packets originating from snmp Manager.

Logs:
2022-10-18 08:33:22.518 scheduling-1 DEBUG Adding cache entry: StateReference[msgID=32446,pduHandle=PduHandle[586025367],securityEngineID=,securityModel=org.snmp4j.security.USM@7085a535,securityName=FMS,securityLevel=1,contextEngineID=,contextName=FMS,retryMsgIDs=null]

Addition details with OCP4.8 /4.10:
• OCP 4.10 uses OVN-Kubernetes for cluster networking since we have Dual stack enabled here from cluster level, and in Openshift 4.8 cluster networking is Openshift SDN since it is only IPv4.

AGENTPP · October 19, 2022, 12:24am

You probably meant “securityEngineID” instead “contextEngineID” right?
The security engine ID I discovered from the agent if auto-discovery is enabled in SNMP4J.
As the discovery mechanism is standardised, there must not be any compatibility issue.

gayathri · October 19, 2022, 5:34am

Thanks for the reply!
SNMP agent is a net-snmp module in the network element.
SNMP4J is the management pod - which sends get/set requests to net-snmp agent.
When sending get requests from SNMP4J management pod - context engineId which identifies the network element is not sent in the PDU in OCP4.10 where as context engineID is sent in OCP4.8.
The network element identifies the PDU with contextEngineId and responds to the SNMP4J pod but does not respond when context engineID is not in PDU in OCP4.10.

AGENTPP · October 19, 2022, 6:24pm

OK, you insist that the field contextEngineID is the problem. That field needs to be set on the ScopedPDU you sent. Thus, it is not set by the API, it is set by the API programmer.

gayathri · October 20, 2022, 6:20pm

Thank you for the suggestion. I have not set the contextEngineId explicitly in scoped PDU.
Will try to use setContextEngineID() as per suggestion.

What is done already ?

    SecureTarget target ;
    target.setAddress(new UdpAddress(ip + port));
   snmp.send(pdu, target, null, listener);

Here is a snippet that sets the address. The same code is being used - in one platform it sets the context EngineId and it does not set context in other platform.

Does target address set - in turn set context EngineId in PDU also? I see that the ContextId is set in tcpdump?

AGENTPP · October 20, 2022, 10:52pm

If the contextEngineID is not set (i.e., is empty) in the ScopedPDU to be sent then there are two options:

If the contextEngineID is empty (null) and there is a contextEngineID discovered for the target address, then this will be used. Otherwise, if target is a SecureTarget, the contextEngineID is discovered according to the method defined in RFC 5343.
It will be set to the authoritative engine ID by MPv3.prepareOutgoingMessage.

Hope this helps.