SNMP is, and will be for a long time, one of the key protocols in monitoring. Widely used in hardware and appliance monitoring, and for sending events and alerts via TRAP or INFORM.
Now the problem of SNMPv1 or v2 is, that it has no real security. SNMPv3 offers that, but might cause you headaches, trying to understand, how it works.
With this post I want to explain, how snmptrapd can be used in a high availability setup, with the security of SNMPv3. I hope this gives you an inside and a quick start guide to try it out.
Security model
If you never worked with SNMPv3, just a quick introduction to authentication and security. There are no communities anymore, but a few other parameters are required:
- securityName (username)
- authProtocol (MD5 or SHA hashing algorithm)
- authKey (secret to authenticate the peer)
- privProtocol (AES or DES to encrypt the data)
- privKey (secret to encrypt data)
Note: All keys are symmetric, which means both ends of the communication need to use the same keys (and protocol settings).
You can also disable authKey and/or privKey, but than why use SNMPv3? Check the manpage of snmptrapd for how to configure it in detail.
TRAP or INFORM?
With SNMPv3 a new notification type got introduced, called „INFORM“. The main differences between both types are:
- INFORM is using a protocol to ensure delivery (Receiver sends an ack)
- TRAP is working similar to v1/2, but its tricky with SNMPv3 security
- INFORM has protection against message replay
