Linux Kernel AgentX Sub-Agents Oliver Wellnitz wellnitz@ibr.cs.tu-bs.de Institute of Operating Systems and Computer Networks Technical University Braunschweig, Germany page 1/20
Overview Network Managment (SNMP and AgentX) Motivation Linux Kernel Implementation Conclusions and Outlook page 2/20
Why Network Management? Large computer networks cannot be managed manually Heterogeneous LANs Network management is essential Standard network managment protocol in the Internet: Simple network managment protocol (SNMP) page 3/20
Simple Network Management Protocol SNMP contains three principal components: SNMP manager requests and processes information from SNMP agents SNMP agents on each device, provides management information to SNMP managers Management Information Bases (MIBs) define the data models of certain management areas, contain scalars and tables, MIB tree page 4/20
Linux Kernel AgentX sub-agents Simple Network Managment Protocol (cont.) SNMP manager Get/Set Notification Get/Set Notification Get/Set Notification Ether 10/100 100 COL 1 2 3 4 5 6 7 8 1 2 3 6 12 25 50 80 10! Power SNMP agents page 5/20
Extensible Agents Goals Seperate SNMP protocol engine from MIB instrumentation Facilitate the (dynamic) extension with new MIB modules Extensible agents should be transparent for managers SNMP Agent Get / Set Get / Set / Traps Subagent SNMP Manager SNMP Protocol SNMP Master Agent Subagent Protocol Traps Get / Set / Traps Subagent page 6/20
Subagent Protocols SNMP multiplexing protocol (SMUX), RFC 1227, May 1991 SNMP distributed programm interface (DPI), RFC 1228, May 1991 Enhanced MANagement Agent Through Extensions (EMANATE), commercial product Agent extensibility (AgentX), RFC 2741, January 2000 page 7/20
AgentX Protocol Features Simplified variable enconding (SNMP uses ASN.1/BER) No authentication, no encryption ( simple to implement) Registration conflict arbitration Index allocation Multiple sessions with one connection Multiphase set operation Mature (First subagent protocol on IETF s standards track) page 8/20
Motivation Problems of today s userspace SNMP agents for Linux Various methods to gather information from the kernel (ioctl, specific system call, /proc filesystem) Specific kernel interfaces may change SNMP Notifications are difficult to implement Functionality and management of kernel subsystem are split and often diverge page 9/20
Management Architecture Overview Userspace Kernel Userspace Subsystem Userspace Subsystem Kernel Subsystem Kernel Subsystem Mgmt Info Mgmt Info Mgmt Info Mgmt Info Userspace Subagent... Userspace Subagent Kernel Subagent... Kernel Subagent SNMP Master Agent AgentX Module page 10/20
Kernel AgentX Architecture Kernel subsystem Kernel subsystem Callback functions Notification emitting functions MIB / subsystem specific layer Callback functions Notification emitting functions MIB modules SNMP Master agent Receiving thread Session layer AgentX protocol layer Socket layer AgentX module page 11/20
Subagent Registration Register MIB region Registration contains list of callback functions More than one registration is possible Callback functions handle all requests for a specific MIB subregion Asynchronous subagent registration does not depend on master agent page 12/20
Get / GetNext / GetBulk Processing Transfrom GetNext / GetBulk into (several) Get requests Subagent callback functions work on a single variable Split up large requests and reassemble responses (Multiplexing) Produce errors for requests that cannot be assigned to a subagent callback function page 13/20
Example: GetBulk processing SNMP Agent A C A Subagent SNMP Manager A B C SNMP Master agent AgentX module C C 1 2 B B Subagent page 14/20
Start Set Transaction TestSet Success Transaction failed CommitSet Abort UndoSet Success CleanupSet Four different AgentX PDUs Transaction completed Transaction aborted Multiphase set operation to maintain atomic nature of SNMP set requests (all-or-nothing) Multiplexing similar to Get/GetNext/GetBulk requests Stateless subagents; Undo data is stored within the AgentX module page 15/20
Implemented MIB Modules Interfaces MIB (IF-MIB, RFC 2863) module Read-only informational elements (ifname, speed, mtu, etc.) Can set interface up/down via ifadminstatus Can send trap when interface status changes Standalone kernel module Linux Netfilter MIB module No exisiting MIB, developed our own (with Frank Strauß) Focuses on Netfilter core functions Can show / alter / add Netfilter rules Integrated in the Netfilter subsystem page 16/20
Conclusions Easy access to information from inside the kernel Can efficiently support SNMP notifications Kernel subsystem and management are integrated Requires little knowledge of SNMP or AgentX protocol No immediate information gain except for notifications Programming inside the kernel is more critical to machine stability page 17/20
Outlook Not publicly released yet but planned to Get feedback from the network management and the Linux community Implement more Standard MIBs page 18/20
Links Linux Kernel AgentX sub-agents, Diplomarbeit, September 2002 http://www.ibr.cs.tu-bs.de/ wellnitz/kagentxd/ The Simple Web http://www.simpleweb.org IETF AgentX Working Group http://www.scguild.com/agentx/ The NET-SNMP project http://www.net-snmp.org page 19/20
Thanks for listening. Questions? Comments? page 20/20