After using SNMP to query a remote device for a particular ObjectType and getting the response ObjectType (which includes the MIB identity and the corresponding value), it is useful to be able to programmatically parse the PySNMP ObjectIdentity. This allows you to read the OID hierarchy and get a list human-readable MIB variable names for each node in the list.
The information obtained with SNMP from network devices ranges from being simple timeseries type data like interface metrics to complex and sensitive status information about the features and protocols that the device is running. It is critical to protect this information when in transit between an SNMP agent and manager by utilizing SNMPv3. Sensitive data from network devices being sent in SNMP responses can be used by malicious parties to perform reconnaissance about your environment, learn which protocols and features you utilize, and prepare for a more specific attack based on the information that is learned.
Up until now my articles (PySNMP HLAPI, Compiling MIB's for PySNMP) have focused on using simple SNMP GET requests with PySNMP's getCmd. This works great for simple SNMP queries where you only need one piece of information. When performing gathering of larger data sets with SNMP, issuing single SNMP GET requests for each data point can be very inefficient. Often times you are limited by the latency that exists between the SNMP manager (your script/code) and the SNMP agent running on a network device. In this article we will explore PySNMP's implementation of SNMP GET NEXT and GET BULK using the nextCmd and bulkCmd command generators and how to retrieve the ifTable table of data from an SNMP agent.
The ability to refer to a SNMP MIB variable by name is an important aspect for increasing readability and understanding of your Python scripts. PySNMP comes with several common pre-compiled MIB's in a format that its capable of using, but if you need to query a MIB variable it doesn't ship with, you're left refering to the variable as an SNMP OID. Having to remember what a particular OID is for, or creating a mapping table between a MIB variable name and its OID (such as a Python dictionary), can become tedious. Additionally, parsing a PySNMP ObjectType class instance that isn't fully translated to the MIB variable name can make things more complicated.
I've previously written about PySNMP's simpler SNMP query using one-liner command generator as a method to send SNMP queries using an OID. That method allows you to avoid having to compile MIB's that do not come as a default in the PySNMP library. In the next few posts I want to outline how to use PySNMP's high-level API (hlapi) and how to complie any MIB's that may be missing. This will help you use PySNMP in its intended fashion, and using the name of the OID which provides for better readability.
Within this article I will explore PySNMP's hlapi by breaking down it's own quick start 'fetch SNMP variable example. The hlapi was designed to be an easy to use API for as close to a 'one-liner' SNMP query as you can get. The examples in this guide will focus on the synchronous implementation (performing one SNMP task at a time), but there is the capability to implement PySNMP asynchronously if you are looking for increased speed and scalability.
Ansible can be a very powerful automation tool, allowing you to interact with hundreds or thousands of network devices at once. The automation is defined through a combination of inventory files, variable files, and playbooks (with optional task files and roles). The combination of these features makes a very powerful automation tool, but with that comes a high-level of risk. In this guide I highlight a few best practices to follow when executing Ansible playbooks. By following these best practices you will have increased confidence that you are implementing the correct tasks against the correct set of devices, and avoid any surprises!
The need to query network devices for information on a repeated and consistent basis always been a critical function of performing network management. Monitoring the health of your network devices, building reports for use by management, querying the status of a particular function, and so on. There are an increasing number of ways to perform this type of data gathering. From the extremes of manually logging in to run a CLI command or check a web GUI, to using the latest API or Netconf, network engineers have their choice of protocol to use. However, nothing is as common and widely deployed as Simple Network Management Protocol (SNMP). Most network monitoring platforms will rely on using SNMP, especially if a particular network platform is a decentralized platform like common routers and switches, requiring each network device to be queried individually instead of through a centralized controller.
With the various methods for performing network automation, one of the challenging aspects to consider is inventory management. One of the tools available to us is Ansible which expects an inventory file in YAML format with specific variable or to use a dynamic inventory. But Ansible doesn't solve all automation use-cases. I have used Ansible for configuration management, but I have also used many different Python scripts for generating reports and performing complex operations that seemed easier to implement directly in Python than in Ansible. There is no 'one size fits all' solution to network automation.