mrose@CHEETAH.NYSER.NET (Marshall Rose) (03/06/90)
ISODE 6.0 went out the door on 24 January, timed to coincide with the beginning of the UK JNT pilot project in Directory. Thus far, there haven't been any show-stoppers: the release appears to be quite stable, with only a few, minor problems reported. Beta testing of the ISODE MHS, the PP system developed by University College London and University of Nottingham is continuing. Things look good here, though I am one step removed, having been devoting my time towards general ISODE issues rather than focusing on MHS. This will change in about a month. The only substantive report in ISODE to report since the 6.0 release has been the upgrade of the 4BSD/ISODE SNMP software. The rest of this message talks about that. If you're not interested, skip to the next message. In ISODE 6.0, an implementation of an SNMP agent for 4BSD was included. The purpose of including this agent was to make available, to the widest possible audience in the Internet, an easy to get, easy to install, and easy to run SNMP agent installation. There are many who feel that the continued operation of the Internet relies on each and every element (host, gateway, etc.) being network managable. Since, 4BSD is the system of choice in the Internet, having an openly available SNMP agent seems to be a good thing. It should be noted that even though my employer (PSI, Inc., formerly NYSERNet, Inc.) has been licensing SNMP technology since its inception, that the 4BSD/ISODE SNMP implementation is a completely independent piece of code, devoid of licensing constraints (and also devoid of all formal support). Certainly Marty Schoffstall at PSI should be thanked for taking a broader view of issues rather than a narrow "what is this going to do to our technology sales" perspective. And, he didn't even need much convincing. (I merely paid him a respectful visit, and when he was in the hospital recooperating, he was most cooperative.) The SNMP agent in ISODE 6.0 was fairly complete in offering a read-only view of the MIB-II. Since that time, work has proceeded in three areas: 1. Jeff Honig of Cornell University Theory Center fixed a lot of buglets. Well, a few, actually, but it's worth noting that the software got a thorough shaking out. 2. A protocol for having arbitrary UNIX daemons export a MIB module to the SNMP agent was defined. In addition, an implementation of this protocol and correspondent API was produced. 3. The GNU Awk program was modified to be SNMP-capable, so as to provide a means of rapid-prototyping network management applications. The rest of this message talks about the last two items. >> SNMP Multiplexing (SMUX) On kernel/user systems such as BSD UNIX, an agent speaking the SNMP is often implemented as a user-process, which reads kernel variables in order to realize the Internet-standard MIB. This approach works fine as long as all of the information needed by the SNMP agent resides in either the kernel or in stable storage (i.e., files). However, when other user-processes are employed to implement other network services, such as routing protocols, communication between the SNMP agent the and other processes is problematic. In order to solve this problem, a new protocol, the SNMP multiplexing (SMUX) protocol is introduced. When a user-process, termed a SMUX peer, wishes to export a MIB module, it initiates a SMUX association to the local SNMP agent, registers itself, and (later) fields management operations for objects in the MIB module. Carrying this approach to its fullest. It is possible to generalize the SNMP agent so that it knows about only the SNMP group of the Internet-standard MIB. All other portions of the Internet-standard MIB can be implemented by another process. This is quite useful, for example, when a computer manufacturer wishes to provide SNMP access for its operating system in binary form. The 4BSD/ISODE SNMP agent is not generalized to this extent, but could easily be made so by a vendor. In addition to defining the SMUX protocol, we also defined a MIB for the SMUX. This lets a manager check on the daemons which have exported MIB modules to the SNMP agent. Obviously, this MIB module must also be implemented in the local SNMP agent. The SMUX protocol has been implemented and the correspondent API has been described in a wonderful 35 page document. In addition, a daemon, the SMUX UNIX daemon, has been written which knows about the system mbufs. In the future, it's possible to imagine that it will also know about generalized process information. >> GNU Awk A month back, I saw an announcement of the CMU SNMP package, which had a really neat idea. They took the popular netstat program and modified it to use SNMP iteractions to read information rather than just groking the kernel. I liked this idea so much that I decided to steal it! But, the CMU people did a lot more work than I thought they needed: they actually modified the netstat source. Instead, I thought, what one needed was a rapid-prototyping language for SNMP. Well, the rapid-prototyping language for UNIX is called awk, and the version of awk which is easiest for the most people to get the source to is GNU Awk. So, I modified my copy of GNU Awk (2.11 beta) to know about SNMP. The idea is that I now write awk scripts that read, process, and display SNMP variables from whatever agents I am interested in. For example, here is how I produce the output of "netstat -i": /////// BEGIN { printf "%-4s %-5s %-14s %-14s %-7s %-5s %-7s %-5s %-4s %-5s\n", "Name", "Mtu", "Net/Dest", "Address", "Ipkts", "Ierrs", "Opkts", "Oerrs", "Drop", "Queue"; didone = 0; for (i in ifIndex) { didone = 1; dest = ""; addr = ""; for (j in ipAdEntAddr) { if (ipAdEntIfIndex == ifIndex) { split(addr = ipAdEntAddr, a, "."); split(ipAdEntNetMask, b, "."); dest = bit_and(a[1],b[1]) "." \ bit_and(a[2],b[2]) "." \ bit_and(a[3],b[3]) "." \ bit_and(a[4],b[4]); break; } } printf (length(ifDescr) <= 4 ? "%-4s " : "%s\n "), ifDescr; printf "%-5d %-14s %-14s %-7d %-5d %-7d %-5d %-4d %-5d\n", ifMtu, dest, addr, ifInUcastPkts+ifInNUcastPkts, ifInErrors, ifOutUcastPkts+ifOutNUcastPkts, ifOutErrors, ifOutDiscards, ifOutQLen; if (oflag) for (j in clnpAdEntAddr) { if (clnpAdEntIfIndex == ifIndex) { printf "%-4s %-5s %-14s NS+%s\n", "", "", "", clnpAdEntAddr; break; } } } if (!didone && DIAGNOSTIC) printf "ifTable: %s\n", DIAGNOSTIC; } /////// This may seem really complicated, but it's simple. The awk program is one BEGIN block, meaning that it's executed once and then gawk exits. First, we print out the names of the columns, and then we loop for each row in the ifTable ("for (i in ifIndex)"). For each row in this table: - we first find the IP address associated with the interface. This is done by walking the ipAddrTable ("for (j in ipAdEntAddr)"). So, tables walks can be nested. Once we find the right address entry, we generate the interface network and host addresses and break out of the inner-loop. - we then print out the name of the interface (ifDescr) followed by all the rest of the information. - if OSI information was desired (for a forthcoming BSD release), then OSI addressing information is printed out. Finally, after scanning the table, if no rows were found and some protocol/internal error occurred, then a textual diagnostic is printed. So, I wrote a shell script which parses a command line to netstat, and invokes gawk on the write awk script. I then modified the SNMP agent to know about UNIX-specific MIB variables that are useful in making the netstat output appear more UNIX-like. So, when I run gawk and talk to a UNIX box, I get all the columns of output I want. When I talk to some other box, I get the subset of the information provided by MIB-I/II. The output of the shell script above looks like this: /////// % s-netstat -i Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs Drop Queue le0 1500 192.52.180.0 192.52.180.1 357417 35 327444 0 0 0 lo0 1536 127.0.0.0 127.0.0.1 35709 0 35709 0 0 0 /////// As you might imagine, when walking the table, the power SNMP get-next operator is used once for each row. This minimizes network traffic considerably and also adds reduces the chance of inconsistency in the data set. Needless to say, if we were to define UNIX-specific MIB variables for things like SendMail, or Sun RPC/NFS, then one could easily write awk scripts to mimic the output of mailq, mailstats, nfsstat, rpcinfo, etc. I'm not particularly interested in doing more work on the 4BSD/ISODE SNMP software, other than the routine maintenance work that occurs with ISODE software. I think we've pretty much met the charter of producing a solid SNMP agent along with development tools for extending the agent and prototyping management applications. /mtr ps: the ISODE work above was supported, in part, by the U.S. Defense Advanced Research Projects Agency and the Rome Air Development Center of the U.S. Air Force Systems Command under contract number F30602-88-C-0016. The content of the information contained therein does not necessarily reflect the position or the policy of the U.S. Government, and no official endorsement should be inferred.