The UDP protocol of snmp4j does not support parsing of proxy protocol

xuwenlong · June 14, 2024, 11:33am

The UDP protocol of snmp4j does not support parsing of proxy protocol.

The SNMP system uses a reverse proxy. SNMP4j cannot parse the proxy protocol field in the Nginx request header and cannot obtain the source IP address of the client.

AGENTPP · June 14, 2024, 11:37am

Since when is nginx is supporting UDP?
And since when SNMP protocol?
I am confused , can you give more context information please?

xuwenlong · June 15, 2024, 2:46pm

The ngx_stream_proxy_module module (1.9.0) allows proxying data streams over TCP, UDP (1.9.13),

My SNMP server passes through the Nginx reverse proxy. To obtain the source IP address of the client instead of the Nginx IP address, the SNMP4j needs to support parsing of the proxy protocol.

AGENTPP · June 15, 2024, 10:57pm

Proxy protocols are not part of the SNMP standards, you need to implement that yourself and handover the SNMP message to SNMP4J.

jkatz · June 16, 2024, 8:41pm

Hi,

with the keyword ngx_stream_proxy_module I found the page Module ngx_stream_proxy_module and this proxy module looks like it is just forwarding the UDP packets to the configured destination and then forwarding the response(s) back to the source.

From what I have read on the web page, I would say, that there is nothing that SNMP4J can do for your environment. For the agent, the source of the UDP packets is the address of the Nginx proxy (and there is no possibility to add something like X-Forwarded-For as in HTTP protocol). As I did not set up a test environment with Nginx and this proxy module, feel free to add some more details.

Kind regards,
Jochen

AGENTPP · June 16, 2024, 10:36pm

Hi Jochen,
From my understanding, the nix_stream_proxy_module cannot work with SNMP because UDP does only contain ports and source/target address in its header. That means, nginx cannot send back a SNMP response to the command sender because it cannot determine it (without being able to parse and understand SNMP).
The nginx documentation does not mention SNMP anywhere.
So I doubt that nginx can be used for load-balancing SNMP.

Best regards,
Frank

jkatz · June 18, 2024, 8:25pm

Hi,

as long as the Nginx module remembers all involved addresses and ports (like a NAT gateway or a statefull firewall), it should work. One example on the module page shows the configuration for DNS.

Kind regards,
Jochen