Home » Integration Of Net SNMP

Integration of NETSNMP application on a Firewall device

DESCRIPTION

The existing SNMP implementation has to be rewritten because it does not support a single point of management for multi-blade and cluster architectures. It also suffers from the following limitations:

It is single threaded hence does not scale well
Requires significant code modifications to add new MIBs

The existing implementation needs to be rewritten to provide a single point of management support for standalone, HA, and clustered configurations of Firewall instances running on service blades. The new implementation will provide for flexible registration of MIBs, and provide for greater system-wide stability.

SOLUTIONS

This requires the target device to provide tunneled network access for SNMP traffic to the MA, both as a server (for SNMP get operations), and as a client (for traps/informs). Net-SNMP provides a mib conversion tool called mib2c that converts a MIB definition file into stubbed-out ‘C’ code. This was used as the starting point for the support of each MIB.

The NetSnmp subagent (SA) runs in the same process (i.e. memory space) as the target device, because it requires access to internal configuration data, counters, etc, that must be reported via SNMP.

The SA will remain single-threaded within a given instance. However, the Master agent(MA) can introduce parallelism amongst multiple instances of target device in a cluster/HA environment. Given that multiple processes (MA and SA) must cooperate to handle SNMP messages

In order to best leverage the Net-SNMP SA code, a single instance of the SA is created for all contexts. The context associated with an SNMP get operations will be inferred based on the context-specific interface on which the request is received.

The SA runs as a thread in the context of the control point. This allows the driver-code to maintain knowledge of the context associated with the request via the context specific functions, throughout the lifetime of handling that request.

CHALLENGES

The Target Firewall device runs a single monolithic process which runs in user-space and owns the data interfaces. Hence, processes other than that do not have external network access.
Conversion of all the existing MIBs to follow NetSnmp standards.

Featured Case Studies

Filter

All 01. DPDK/VPP 02. eBPF 03. Networking 04. Virtualized Networking 05. Wired/Wireless 06. Kernel Systems 07. QA Automation 08. IOT/Embedded 08. Log Collector 10. Software SPM 11. Misc.

Don't wait any longer, let us solve your tech problems!

Benison can help engineer even the craziest ideas converting them into secure solutions, awesome experiences and better Return On Investments.

Integration of NETSNMP application on a Firewall device

DESCRIPTION

SOLUTIONS

CHALLENGES

Featured Case Studies

Filter

NextGen UTMS Box using VPP/DPDK

Sidecar-based System Call Auditing using eBPF

eBPF-based File I/O Monitoring

L4 VPN Performance Improvements

Monitoring Clipboard Activity using eBPF

Cloud Based VPN Brokers and Gateways

Don't wait any longer, let us solve your tech problems!

Benison Technologies is looking for you!

If you are a tech geek or know someone who is, fill in the form to work with us.

Find your Dream Job

Services

Technologies

Solutions