Home page logo

nanog logo nanog mailing list archives

Re: Writable SNMP
From: Jared Mauch <jared () puck nether net>
Date: Tue, 6 Dec 2011 11:16:02 -0500

On Dec 6, 2011, at 11:07 AM, Keegan Holley wrote:

For a few years now I been wondering why more networks do not use writable
SNMP.  Most automation solutions actually script a login to the various
equipment.  This comes with extra code for different vendors, different
prompts and any quirk that the developer is aware of and constant patches
as new ones come up.  Writable SNMP seems like an easier way to deal with
scripted configuration changes as well as information gathering.
Admittedly, you will have to deal with proprietary mibs and reformat the
data once it's returned.  Most people consider it insecure, but in reality
it's no worse than any other management protocol.  Yes I know netconf is
better, but in most circles I'd have problems explaining what netconf is,
why it's better and that I'm not making it up.  So I'll take what I can get.

Some of the problems is the bulk nature of some config changes (or transactional
nature on those that support atomic operations) have been harder to automate.

Anyone that has spent any quantity of time with ASN.1 generally would agree.

I recall some bay networks gear you could only program with the proper OID
as the cli was basically a SNMP-SET operation on the device.

The errors/feedback tends to be very poor over SNMP as well as you may need
to walk/revisit a large number of elements to make things happen properly.

Have you had a good experience with using SNMP-Write?  I have not.

- Jared

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]