Implement SNMPv3 support

Bug #1248094 reported by Morten Brekkevold
24
This bug affects 4 people
Affects Status Importance Assigned to Milestone
Network Administration Visualized
Confirmed
Wishlist
Unassigned

Bug Description

The underlying NET-SNMP backend supports SNMPv3. Implement support for this in NAV.

This entails, among other things:

* Re-modeling how credentials are stored and entered into NAV via SeedDB, as simple community strings will no longer suffice.
* SNMP version can no longer be autodetected, but must be explicitly set when adding a device.
* Both the synchronous and asynchronous SNMP facades of NAV must have their APIs changed to allow more complex session parameters.
* The synchronous tools snmptrapd (w/plugins), arnold, portadmin and psuwatch must be reviewed and refactored.
* We likely need to rewrite the handling of BRIDGE-MIB for Cisco equipment to use SNMPv3 contexts for switching between VLANs, as community indexing is no longer an option under v3.
* Review and refactor code that tries to verify SNMP support by checking whether a community has been set on an IP device (as this model will disappear).

Revision history for this message
Bernd Zeimetz (bzed) wrote :

Is anybody working on this? If not I'll see if I can implement it.

Revision history for this message
Morten Brekkevold (mbrekkevold) wrote :

Hi Bernd, not currently, no, but I'm delighted to hear someone is interested in working on it :)

We are planning to look at NETCONF support in 2015, which will also necessitate some of the same changes to NAV's data model for storing management credentials.

I'm not sure where or if we have documented our ideas for this, but we are thinking along the lines of a separate "management credentials" table or store, where named sets of unique credentials are stored. Each IP Device/Netbox would then have a relation to this table, so that adding a Netbox in SeedDB entails selecting a pre-stored set of credentials from a dropdown list.

We'll gladly answer any questions you might have (and I would recommend the nav-dev mailing list, or our #nav IRC channel on freenode).

Revision history for this message
Bernd Zeimetz (bzed) wrote :

Unfortunately I did not yet find the time to look into snmp v3 and I doubt I will find the time soonish. Is the some plan when v3 will arive?

Revision history for this message
Morten Brekkevold (mbrekkevold) wrote : Re: [Bug 1248094] Re: Implement SNMPv3 support

> Unfortunately I did not yet find the time to look into snmp v3 and I
> doubt I will find the time soonish. Is the some plan when v3 will arive?

I'd forgotten all about this since I last heard from you.

We've already begun implementation of a "management credentials" store,
and the University of Linköping seems to be willing to pay us to fix
SNMPv3 support, so we may actually get there in 2016.

Changed in nav:
status: New → Confirmed
description: updated
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers