[147248] in North American Network Operators' Group
Re: Writable SNMP
daemon@ATHENA.MIT.EDU (Jared Mauch)
Tue Dec 6 11:16:59 2011
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <CABO8Q6QsPUDv88SJKAEn2VutE7s0fdLpSLGL2dAo54UvSDr_PA@mail.gmail.com>
Date: Tue, 6 Dec 2011 11:16:02 -0500
To: Keegan Holley <keegan.holley@sungard.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Dec 6, 2011, at 11:07 AM, Keegan Holley wrote:
> For a few years now I been wondering why more networks do not use =
writable
> SNMP. Most automation solutions actually script a login to the =
various
> equipment. This comes with extra code for different vendors, =
different
> prompts and any quirk that the developer is aware of and constant =
patches
> as new ones come up. Writable SNMP seems like an easier way to deal =
with
> scripted configuration changes as well as information gathering.
> Admittedly, you will have to deal with proprietary mibs and reformat =
the
> data once it's returned. Most people consider it insecure, but in =
reality
> it's no worse than any other management protocol. Yes I know netconf =
is
> better, but in most circles I'd have problems explaining what netconf =
is,
> why it's better and that I'm not making it up. So I'll take what I =
can get.
Some of the problems is the bulk nature of some config changes (or =
transactional
nature on those that support atomic operations) have been harder to =
automate.
Anyone that has spent any quantity of time with ASN.1 generally would =
agree.
I recall some bay networks gear you could only program with the proper =
OID
as the cli was basically a SNMP-SET operation on the device.
The errors/feedback tends to be very poor over SNMP as well as you may =
need
to walk/revisit a large number of elements to make things happen =
properly.
Have you had a good experience with using SNMP-Write? I have not.
- Jared=
