Home page logo
/

nanog logo nanog mailing list archives

Re: Writable SNMP
From: Keegan Holley <keegan.holley () sungard com>
Date: Wed, 7 Dec 2011 11:19:24 -0500


There's no reason one can't program a device with SNMP, the main issue
IMHO
has always been what I dubbed "config drift".  You have your desired
configuration and variances that happen over time.  If you don't force
a 'wr mem' or similar event after you trigger a 'copy tftp run'
operation,
you may have troubles that are not apparent if there is a power failure
or other lossage.  The boot-time parser doesn't interpret SNMP, it parses
text.  This and other reasons have made people fail-safe to using the
language
most easily interpreted by the device.

Yup, I think the OP was maybe getting at:
 "Why can't I snmp configure my cisco/juniper/alteon device?"

I took that to mean (probably naively?) that they also would validate
configs and update drift out of the configuration. You CAN force a 'wr
mem' via snmp as well, of course (in cisco world).


It was more curiosity.  I'm looking in to scripting and starting to get
tired of having to account for ssh/telnet, credentials, differences in
platforms and code from the same vendor and my various failed attempts to
do all of the above.  Most of the automation suites I've seen work via
logins, rancid,HP NA etc etc.  Although there are better programmers that
can and have made it work it still seems cumbersome to me. I've pretty much
made the assumption that writable SNMP was a bad idea but have never
actually tried it.  I was curious what others were using, netconf or just
scripted logins. I'm also fighting a losing battle to convince people that
netconf isn't evil.  It strikes me as odd that if I wanted to talk to a
database/website full of credit card and billing info there's a long list
of API's I could use, but if I wanted to talk to the router or firewall in
front of it I can only use ssh or telnet.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault