SNMPv3 INFORM in a high available setup

SNMP is, and will be for a long time, one of the key protocols in monitoring. Widely used in hardware and appliance monitoring, and for sending events and alerts via TRAP or INFORM.
Now the problem of SNMPv1 or v2 is, that it has no real security. SNMPv3 offers that, but might cause you headaches, trying to understand, how it works.
With this post I want to explain, how snmptrapd can be used in a high availability setup, with the security of SNMPv3. I hope this gives you an inside and a quick start guide to try it out.

Security model

If you never worked with SNMPv3, just a quick introduction to authentication and security. There are no communities anymore, but a few other parameters are required:

  • securityName (username)
  • authProtocol (MD5 or SHA hashing algorithm)
  • authKey (secret to authenticate the peer)
  • privProtocol (AES or DES to encrypt the data)
  • privKey (secret to encrypt data)

Note: All keys are symmetric, which means both ends of the communication need to use the same keys (and protocol settings).
You can also disable authKey and/or privKey, but than why use SNMPv3? Check the manpage of snmptrapd for how to configure it in detail.

TRAP or INFORM?

With SNMPv3 a new notification type got introduced, called “INFORM”. The main differences between both types are:

  • INFORM is using a protocol to ensure delivery (Receiver sends an ack)
  • TRAP is working similar to v1/2, but its tricky with SNMPv3 security
  • INFORM has protection against message replay

(mehr …)

Markus Frosch
Markus Frosch
Principal Consultant

Markus arbeitet bei NETWAYS als Principal Consultant und unterstützt Kunden bei der Implementierung von Nagios, Icinga und anderen Open Source Systems Management Tools. Neben seiner beruflichen Tätigkeit ist Markus aktiver Mitarbeiter im Debian Projekt.