Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

SNMP Traps in Contrail Insights

 

Contrail Insights supports monitoring of SNMP traps sent from network devices. Traps are unsolicited messages sent from an SNMP agent to remote network management systems or trap receivers.

Configuring Devices to Forward SNMP Traps

For Contrail Insights to listen to SNMP traps from devices, you need to configure the devices to forward the traps because they are not forwarded by default. This can be done either manually from the Junos OS CLI of the device or through Contrail Insights software development kit (SDK).

Check the SNMP Trap Configuration on Device

Before Contrail Insights Version 3.1:

In Contrail Insights version 3.0, Contrail Insights only supports SNMPv2 traps. After the device is configured to forward SNMP traps, you can verify the configuration by logging into the Junos OS CLI and running the following command:

The output should be similar to the following example:

For additional details regarding configuration, refer to Configuring SNMP Traps.

After Contrail Insights Version 3.1:

When Contrail Insights version 3.1 or later is installed, SNMP trap configuration on the device needs to be updated because the configuration for the devices on Contrail Insights version 3.0 is no longer valid. In Contrail Insights version 3.1 or later, Contrail Insights supports both SNMPv2 and SNMPv3. You need to configure the device using the following sample configuration so that Contrail Insights will collect the SNMP traps.

After the device is configured to forward SNMP traps, you can verify the configuration by logging into Junos OS CLI and running the following command:

The output should be similar to the following example for SNMPv2:

Note

The security-name public in the following configuration refers to the SNMPv2 community name you set in your device. Set the SNMPv2 community name before you add this SNMP trap configuration.

The output should be similar to the following example for SNMPv3:

For additional details regarding configuration, refer to Configuring SNMPv3 Traps on a Device Running Junos OS.

The variables security-model, security-level, and security-name are related to the SNMPv3 configuration you set in this device. Configure the device with SNMPv3 credentials before you enable SNMPv3 traps.

Configuring Contrail Insights to Enable SNMP Traps Monitoring from Network Devices

Enable Listening to SNMP Traps for Network Devices

In Contrail Insights Dashboard, Settings > Network Devices, you can add or edit SNMP device configuration and enable Contrail Insights to collect the SNMP traps for those configured devices. As long as you have posted the snmp_trap_network_device plug-in from Ansible, Contrail Insights will automatically start listening on SNMP traps from all SNMP network devices configured in Contrail Insights.

Note

The field SnmpEngineId is needed when you want to enable SNMPv3 traps for a device. This field is not required for normal SNMP polling.

Create Network Device JSON File for SNMPv2c

The list of network devices that needs to be monitored should be added to a JSON file with the following format. There can be multiple devices in the JSON file.

The user.snmp needs to be included in Source field. Contrail Insights automatically starts monitoring the traps sent from all user.snmp devices configured in Contrail Insights. For more details about other fields and how to post network devices using Ansible, refer to Configure Network Device from JSON File.

Create Network Device JSON File for SNMPv3

The list of network devices that needs to be monitored should be added to a JSON file using the following format. There can be multiple devices in the JSON file. For SNMPv3 traps, you need to specify the SnmpEngineId for SnmpConfig.

Configuring Contrail Insights Network Device Monitoring Plug-Ins

Contrail Insights needs to be configured at the time of installation to enable the SNMP trap plug-in. Contrail Insights has a built-in SNMP trap plug-in in the certified_plugins folder in the Ansible installation directory. This needs to be included in the plug-in descriptor in the appformix_plugins variable in group_vars/all.

Enable SNMP Trap to Show in Contrail Insights Dashboard

There is a built-in SNMP trap rule that is configured in profiles/network_device_snmp_trap_profile.json to enable SNMP trap pop-up in the Contrail Insights Dashboard Alarm page. The trap is posted to Contrail Insights by default and every time traps are sent to Contrail Insights Agent, the traps appear in the Contrail Insights Dashboard Alarm page and display detailed information about the traps Contrail Insights receives.

Figure 1: SNMP Traps Enabled and Displayed in Contrail Insights Dashboard.
SNMP Traps Enabled and Displayed in Contrail Insights
Dashboard.

SNMP Trap Data for External Notification

When Contrail Insights receives a SNMP trap, Contrail Insights displays the trap in Dashboard > Alarms as rule network_device_snmp_trap and sends it to Apache Kafka, if Kafka has been configured in Contrail Insights. You can associate the rule network_device_snmp_trap with external notifiers such as PagerDuty, ServiceNow, Slack, Custom Notifier, and so on.

Following is an example JSON file sent to external notifiers for SNMP trap:

You can find a brief description of the SNMP trap in the status > description field, detailed information of the SNMP trap in the status > metaData field, and status > entityId tells you which network device this trap belongs to.

Install MIBs in Contrail Insights Network Agents

When Contrail Insights receives the traps from devices, Contrail Insights might not be able to decode the OID into a proper user understandable string if corresponding MIBs are not installed in your Contrail Insights Agents. You need to download the MIBs and either manually copy all of the *.txt MIB files to all network agents /usr/share/snmp/mibs/ or use Contrail Insights Ansible to deploy the MIB files.

To install MIBs from Ansible see Custom SNMP Plug-Ins.