Using and configuring SNMP Gateway
Purpose of the SNMP Gateway
SNMP Gateway is one of the applications delivered as part of the DWARFG_LONG suite. It's purpose is to allow devices, that are not able to run DWARFG_LONG agent but can provide some limited information over the SNMP protocol, to appear in DWARFG_LONG.
In comparison with the full-blood agent, the devices limited to the SNMP protocol provide much less information in much less flexible way. In principle, you would be able to do only monitoring for these devices. Whenever there are both options to install agent on the device and scan the device over SNMP, choose the agent always.
Installing components needed for SNMP Gateway
SNMP Gateway depends on a Python library PureSNMP. That library is not automatically installed when DWARFG_LONG is deployed unless the "--nondeb" option was specified when running the installation. The reason for this component not being installed automatically is that the PureSNMP is not part of the Debian repository and needs to be installed from outside source using the pip system.
To install the PureSNMP library (together with other Python external SW components) the server admin needs to execute following dwarfg command as root user:
- dwarfg_inst_pyext
If your server is offline (not connected to the Internet), follow these instructions:
- Deploy DWARFG_LONG on another machine that is connected to the Internet using the bundled free license.
- Execute following commands as root to download the packages into a directory:
- mkdir dg_external
- chmod a+w dg_external
- dwarfg_inst_pyext --download dg_external
- chmod go-w dg_external
- Copy the dg_external directory to the target machine (with production DWARFG_LONG deployment that is not connected to the Internet)
- As a root user, run the external SW components installation using the copied directory, without the need for Internet access like this:
- dwarfg_inst_pyext dg_external
Principial differences between SNMP Gateway and agent-based mode of operation
The SNMP Gateway works in the way that it scans all the registered SNMP device entries actively in a periodic fashion, translating the received data to the agent-compatible format and forwarding the data to the DWARFG_LONG system. Because of that, the Gateway is able to scan only the devices that could be reached directly from the machine the Gateway is running on. Which is, in the default settings, only the same machine where the DWARFG_LONG is deployed.
The SNMP scan is just that - a scan. Gateway opens up a connection to the device and reads available SNMP data. There is nor a control script neither any other piece of SW being installed on the device. In principle, if you really need to monitor some device but are not able to install an agent on that device (reason for that being irrelevant), you can use the SNMP Gateway for this purpose - given the device supports SNMP protocol.
Given there is no agent running on the device, there are many limitations like:
- No management actions are possible
- Agent profiles are not applicable - all SNMP devices share the same settings (see below on configuration)
- Devices that are behind NAT (not accessible from the server directly) cannot be handled by the Gateway (unless you run a separate Gateway elsewhere - see below)
- Only a very limited part of the SNMP tree is unrestood unless the DWARFG_LONG explicitely supports the particular device type (see below)
- The Gateway consumes considerable resources on server, increasing the CPU demands by an order of magnitude and RAM demands a few times.
Supported devices
At the moment (the initially released version of the SNMP Gateway), has regular support only for the Advantech router devices. The Gateway was actually developed so that the DWARFG_LONG system would be able to monitor Advantech V1 line of routers, that are too limited (storage, CPU, RAM) to be able to run DWARFG_LONG agent.
The SNMP Gateway is able to connect via SNMP also to other device types but (at the moment) there is virtually no meaningfull information provided except that the device is online or not.
Gateway running in standalone mode
The SNMP Gateway supports running in a standalone mode without any dependency on DWARFG_LONG server. However that mode is not fully productized on for the first release including the Gateway. If you want to use the Gateway in this mode, running the Gateway outside of the direct access from the DWARFG_LONG deployment server and thus effectively overcoming the NAT limitation, you need to rely on support to help you with setting that configuration. Alternatively you can try doing it yourself but there are no guarantees of this mode flawless functionality at this time. Just a few hints:
- Download the SNMP Gateway archive like any other agent (from the full download list). Note that this may not be possible for the first relase.
- You will need a Linux box with Python3 installed to run the DWARFG_LONG SNMP Gateway.
- First run the Gateway from command line manually. Proceed to running it as a service only after you have it working and reporting at least one device to DWARFG_LONG.
- Count with a need of installing additional libraries - pay attention to the error messages.
- You cannot add/delete SNMP requested devices via GUI in this setup as the server is not connected to the Gateway in any way. Use commandline parameters of the Gateway for this.
- Once you have a working setup, make sure you put all the needed configuration options into the INI file (an example one is provided).
- If you want to run the Gateway as a system service on the Linux box, you will need to provide a systemd script (when using systemd). You can use the systemd config file for the Gateway service running on the DWARG_LONG server as a starting point. Note that you need commandline access to DWARFG_LONG server to obtain the systemd configuration.
- Note about using non-systemd daemon management tool - the DWARFG_LONG SNMP Gateway is not a full-fledged daemon in itself, it uses the systemd functionality to achieve that. Therefore, if you use different software for service management, you will probably need to implement a few additional steps to properly daemonize the process.
Gateway configuration (in server mode)
There are a few parameters allowing you to tune up the SNMP Gateway, managing both the throughput and consumed system resources:
- Number of Gateway processes/threads (Threads) ... if you need to handle many devices over SNMP, try increasing this number so that the devices are handled in parallel.
- Size of the SNMP device batch (Batch) ... number of devices that are handled in one process sweep. Additional parameter to increase the throughtput. This parameter is especially handly if some of your devices are inaccessible from time to time or if the connection may be unstable.
- SNMP timeout (Timeout) ... timeout for SNMP connection from Gateway to the device. In case your devices takes longer to respond, try increasing this. In case your devices are often inaccessible, decrease this to improve performance.
- Number of SNMP retries (Gateway Retries) ... how many times does the Gateway attempts to connect to the device before skipping it. There is not much sense in increasing this parameter except when the connection to your devices is unstable. Note that any increase of this parameter impacts throughput negatively and if the connection to your devices is stable, it is best to decrease this parameter to 1.
- Gateway scan interval (Interval) ... length of one scanning cycle (in seconds). When set to e.g. 120 seconds, then if all the devices are scanned under 120 seconds, the Gateway waits so that the next cycle does not start earlier than 120 seconds since the start of the previous one. Note that if the scan takes longer, the parameter has no effect.
- Loglevel (Log Level) ... choose between 15 (most verbose), 20 (informational), 25 (notable), 30 (warnings), 40 (errors) and 50 (only critical messages)
- Enforcing SSL Mode (Enforced SSL Mode) ... SNMP Gateway reads the SSL mode from general configuration. If you have a very specific custom setting that does not follow general configuration, you may enforce SSL mode for the SNMP Gateway using this option. 1 means enforce SSL, -1 means enforce non-SSL, 0 means respect general settings (default).