Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring SNMP on NFX150, NFX250 NextGen, and NFX350 Devices

SNMP monitors network devices from a central location. NFX Series (NFX150, NFX250 NextGen, and NFX350) devices support querying of MIB data by using SNMPv2c and SNMPv3. Separate SNMP agents (known as the SNMP process or snmpd) reside on the vjunos0 and Host OS. The vjunos0 acts as the proxy for the Host OS. The system and chassis related MIB data is available in vjunos0.

Starting in Junos OS Release 21.4R1, NFX Series devices support LM-SENSORS-MIB, ENTITY-SENSORS-MIB, and libvirt MIB. The LM-SENSORS-MIB and ENTITY-SENSORS-MIB data is available on vjunos0 whereas the libvirt MIB data is available on the Host OS. You can use the libvirt MIB to monitor virtual machines. This topic discusses the SNMP implementation for the libvirt MIB.

How to Configure SNMPv2c to Access Libvirt MIB Data

SNMPv2c uses community strings, which act as passwords when determining the SNMP clients and how clients can access the data in the SNMP agent. The community string is not pre-configured on NFX Series devices. To access MIBs data using SNMPv2c, you must configure a community string and an SNMP proxy for the Host OS. The community string is added to the Host OS.

Figure 1 illustrates the communication flow for SNMPv2c on NFX Series devices.

Figure 1: Communication Flow for SNMPv2c on NFX Series DevicesCommunication Flow for SNMPv2c on NFX Series Devices

When a user issues SNMP commands like snmpwalk, snmpget with the community string from the network management server:

  • The request goes to the SNMP daemon in vjunos0. The SNMPD reads the community string in the SNMP request and redirects the request to the Host OS using the internal routing instance nfx-host.
  • The SNMPD in the Host OS processes the request and sends the response to vjunos0, which then sends it to the network management server.

To configure SNMPv2c:

  1. Configure the SNMPv2c community string in the Host OS:
    Note:

    Ensure that a community with the same name does not already exist on the device.

  2. Configure the proxy in vjunos0:

How to Configure SNMPv3 to Access Libvirt MIB Data

SNMPv3 provides a secure way to access MIB data as it supports authentication and encryption. SNMPv3 uses the user-based security model (USM) for message security and the view-based access control model (VACM) for access control. USM specifies authentication and encryption, and VACM specifies access-control rules. Figure 2 illustrates the communication flow for SNMPv3 on NFX Series devices. For SNMPv3, you must create:

  • An SNMPv3 user under the vmhost hierarchy in Host OS with the authentication type and privacy
  • An SNMPv3 proxy with the user name and context
Figure 2: Communication Flow for SNMPv3 on NFX Series DevicesCommunication Flow for SNMPv3 on NFX Series Devices

When a user issues SNMP commands like (snmpwalk, snmpget) with the user name and authentication credentials from the network management server:

  • The request goes to the SNMP daemon in vjunos0. The SNMPD reads the context for the Host OS in the SNMP request and redirects the request to the Host OS using the internal routing instance nfx-host.
  • The SNMPD in the Host OS processes the request and sends the response to vjunos0, which then sends it to the network management server.

To configure SNMPv3:

  1. Configure the local engine information for USM:
  2. Configure the remote engine and remote user. You must configure the remote-engine id as 80001f8804686f7374. The remote engine ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host. When sending an inform message, the agent uses the credentials of the user configured on the remote engine (inform target).
  3. Configure VACM:
  4. Configure SNMPv3 on the Host OS:
  5. Configure SNMP v3 proxy:

How to Query Libvirt MIB Data

You can use the snmpget, snmpgetnext, and snmpwalk commands to read the MIB information. Note that you cannot use snmpset to configure the libvirt MIB.

The libvirt MIB provides the following information:

  • Name of active virtual guest (domain name)
  • Current state of the active guest (state of domain)
  • Number of virtual CPUs the virtual guest uses (cpu count defined for domain)
  • Current amount of memory (in MiB) used by the virtual guest (current allocated memory)
  • Memory limit for the domain (the maximum amount of memory (in MiB) that can be used by the virtual guest)
  • CPU time used by the virtual guest, in nanoseconds (CPU time)
  • Status of the virtual guest (row status)

The following are sample outputs of the snmpwalk command when you execute it on NMS:

  • SNMPv2c:
  • SNMPv3:

The following is a sample output of the snmpwalk command when you exexute it on the NFX Series device:

Supported Chassis MIBs and Traps

NFX Series devices support the following chassis MIBs:

  • jnxFruContentsIndex
  • jnxFruL1Index
  • jnxFruL2Index
  • jnxFruL3Index
  • jnxFruName
  • jnxFruType
  • jnxFruSlot
  • jnxFruTemp
  • jnxFruOfflineReason
  • jnxFruLastPowerOff
  • jnxFruLastPowerOn
  • jnxFruPowerUpTime
  • jnxFruChassisId
  • jnxFruChassisDescr
  • jnxFruPsdAssignment

NFX Series devices support the following traps:

  • jnxFanFailure
  • jnxFanOK
  • jnxPowerSupplyFailure
  • jnxPowerSupplyOK
  • jnxOverTemperature
  • jnxTemperatureOK
  • jnxPowerSupplyRemoved (only for NFX350)

Supported libvirt MIB Traps

The libvirt MIB monitors the virtual machines and sends asynchronous traps to the network management server. For example, if a domain (VNF) crashes unexpectedly, a notification is sent to the network management server. The traps are generated in the Host OS and sent to the snmptrapd daemon on vjunos0. The snmptrapd daemon forwards the traps to the network management server.

The libvirt trap has the following definition structure:

Here is a sample output of an snmp libvirt trap:

The current state of the active guest can be one of the following:

  • running(1)
  • blocked(2)
  • paused(3)
  • shutdown(4)
  • shutoff(5)
  • crashed(6)

How to Enable libvirt SNMPv2c Trap Support

To enable SNMPv2c trap support:

  1. Configure the community name for the trap:

  2. Configure the client-address, which is the source address from which the trap originates. If you do not configure the source address, the hypervisor address (192.168.1.1) is used as the client address.

  3. Configure port-forwarding. You can configure multiple IP adresses.

How to Enable libvirt SNMPv3 Trap Support

To enable SNMPv3 trap support:

  1. Configure the user name for the trap:

  2. Configure the client-address, which is the source address from which the trap originates. If you do not configure the source address, the hypervisor address (192.168.1.1) is used as the client address.

  3. Configure the AES and SHA passwords for the user:

  4. Configure port-forwarding for libVirtMIB trap support. You can configure multiple IP adresses.