Virtual network interfaces

In some use-cases it may be convenient to represent backend SNMP agents (or parts of a single agent) as a set of independent SNMP agents at the frontend, e.g. server side of SNMP Proxy Forwarder. In such cases you could set up many virtual (AKA secondary) network interfaces at the server host and configure SNMP Proxy Forwarder to route SNMP messages based on their destination addresses.

This only works on Linux and requires Python 3.3+.

Server configuration

Server is configured to:

  • listen on UDP socket at all interfaces
  • use POSIX sendmsg()/recvmsg() calls for the UDP socket by turning on the virtual-interface option
  • distinguish messages sent to 127.0.0.1 from messages sent to 127.0.0.2
  • forward SNMP PDUs to different clients/trunks based on SNMP message destination address
  • respond to queries, performed over SNMPv2c, from the same IP to which the request was sent
#
# SNMP forwarder: Agent part configuration
#

config-version: 2
program-name: snmpfwd-server

snmp-credentials-group {
  snmp-engine-id: 0x0102030405070809

  snmp-community-name: public
  snmp-security-name: public
  snmp-security-model: 2
  snmp-security-level: 1

  snmp-transport-domain: 1.3.6.1.6.1.1.100

  # enable destination address sensing (when it's a vif) as well
  # as using it for responding
  snmp-transport-options: virtual-interface

  snmp-bind-address: 0.0.0.0:1161

  snmp-credentials-id: snmp-credentials
}

context-group {
  snmp-context-engine-id-pattern: .*?
  snmp-context-name-pattern: .*?

  snmp-context-id: any-context
}

content-group {
  snmp-pdu-type-pattern: .*?
  snmp-pdu-oid-prefix-pattern-list: .*?

  snmp-content-id: any-content
}

peers-group {
  snmp-transport-domain: 1.3.6.1.6.1.1.100
  snmp-peer-address-pattern-list: .*?

  vif-1 {
    snmp-bind-address-pattern-list: 127\.0\.0.\1:[0-9]+?

    snmp-peer-id: 101
  }

  vif-2 {
    snmp-bind-address-pattern-list: 127\.0\.0.\2:[0-9]+?

    snmp-peer-id: 102
  }

}

trunking-group {
  trunk-bind-address: 127.0.0.1
  trunk-peer-address: 127.0.0.1:30301
  trunk-ping-period: 60
  trunk-connection-mode: client

  trunk-id: trunk-1
}

routing-map {
  matching-snmp-context-id-list: any-context
  matching-snmp-content-id-list: any-content
  matching-snmp-credentials-id-list: snmp-credentials

  client-1 {
    matching-snmp-peer-id-list: 101

    using-trunk-id-list: trunk-1
  }

   client-2 {
    matching-snmp-peer-id-list: 102

    using-trunk-id-list: trunk-1  # still using trunk-1 for simplicity
  }
}

Download server configuration file.

Client configuration

Client is configured to:

  • listen on server-mode unencrypted trunk connection
  • use POSIX sendmsg()/recvmsg() calls for the UDP socket by turning on the virtual-interface option
  • place inbound PDUs into SNMP v2c messages and forward them towards SNMP agent running at demo.snmplabs.com
#
# SNMP forwarder: Manager part configuration
#

config-version: 2
program-name: snmpfwd-client

peers-group {
  snmp-engine-id: 0x0102030405070809

  snmp-transport-domain: 1.3.6.1.6.1.1.1

  # time out SNMP request in 1 second
  snmp-peer-timeout: 100
  snmp-peer-retries: 0

  snmp-community-name: public
  snmp-security-name: public
  snmp-security-model: 2
  snmp-security-level: 1

  # enable sending packets from any local interface (vif)
  # without explicitly binding to it
  snmp-transport-options: virtual-interface

  snmp-bind-address: 0.0.0.0:0
  snmp-peer-address: 104.236.166.95:161
  snmp-peer-id: snmplabs
}

trunking-group {
  trunk-bind-address: 127.0.0.1:30301
  trunk-ping-period: 60
  trunk-connection-mode: server

  trunk-id: <discover>
}

original-snmp-peer-info-group {
  orig-snmp-bind-address-pattern: .*?
  orig-snmp-context-name-pattern: .*?

  orig-snmp-pdu-type-pattern: .*?
  orig-snmp-oid-prefix-pattern: .*?

  orig-snmp-engine-id-pattern: .*?
  orig-snmp-context-engine-id-pattern: .*?

  orig-snmp-transport-domain-pattern: .*?
  orig-snmp-peer-address-pattern: .*?

  orig-snmp-security-level-pattern: .*?

  orig-snmp-security-name-pattern: .*?
  orig-snmp-security-model-pattern: .*?

  orig-snmp-peer-id: any-manager
}

server-classification-group {
  server-snmp-credentials-id-pattern: .*?
  server-snmp-context-id-pattern: .*?
  server-snmp-content-id-pattern: .*?
  server-snmp-peer-id-pattern: .*?

  server-classification-id: any-classification
}

routing-map {
  matching-trunk-id-list: trunk-1
  matching-orig-snmp-peer-id-list: any-manager
  matching-server-classification-id-list: any-classification

  using-snmp-peer-id-list: snmplabs
}

Download client configuration file.