SNMPV3

[=?ISO-8859-2?Q?Jacek_Pop=B3awski?=]

Do you have any experience with Python in SNMPv3 area?
I just realized that pySNMP we are using supports only v1 and v2c,
development version probably supports SNMPv3 but I am unable to find any
v3-specific documentation, could you help me?
Is there any other solution than pySNMP?

 

[py]

the most recent version of PySNMP (like 4.1.x) has SNMP v3 support.
(not sure if its 100% or not...check with developer).

Anyhow I think the documentation explains how to use PySNMP
(http://pysnmp.sourceforge.net/docs/4.1.x/index.html) ....i think the
"interface" is common amongst the different SNMP versions that are
supported by PySNMP. So i think if you use the
CommandGenerator.nextCmd method...its the same format for snmp v2 and
v3, etc.

It took me a little bit to grasp the API but once I did it works well
(although I am not using SNMP v3)

 

[Frithiof Andreas Jensen]

Do you have any experience with Python in SNMPv3 area?

SNMP suck per design and SNMPv3 suck even more by adding complexity to that
design IMO.

SNMPv2 sort of works well within the limits of the design of SNMP, so that
is what I would use.

The main difference between SNMPv2 and SNMPv3 is that v3 comes with a
self-contained security system with it's own rules/tools &
yet-another-set-of-credencials-to-control. If you do not need the security,
SNMPv2 will work fine, and you don't need it because you will not change
anything via SNMP anyway.

I just realized that pySNMP we are using supports only v1 and v2c,
development version probably supports SNMPv3 but I am unable to find any
v3-specific documentation, could you help me?

Not really - I have deployed SNMPv3 in a demo network and gotten a
management system based on SNMPv2 & SNMPv3 to work. This was a long lesson
in how things that are broken by design will remain broken forever.

So, I would not worry about it; informs, polling and probing can be done
adequately with SNMPv2. Most tools do not bother with SNMPv3 either.

Changing configurations by "setting" parameters cannot be made reliable with
SNMP so there is no need for SNMPv3's security features (which are
complicated in themselves and a real pain to manage, probably impossibly so
for more than a few access levels on very few nodes).

SNMPv3 Informs are the worst part: They must be authenticated, which means
that the Username and engineID the trap is sent from must be registered with
the Informsink or the Inform cannot be received. I.O.W: A SMURF attack on
the configuration of the management station (and the manager, who has to
collect/create engineID's manually).

Is there any other solution than pySNMP?

Well, netconf is working it's way through IETF:
http://www.ietf.org/html.charters/netconf-charter.html ;-) Netconf on top of
XML-RPC would be very Pythonic.

It looks like they got most things right this time - especially the parts
about netconf NOT being self-contained so one can build on already-deployed
and debugged protocols and standards!!