This chapter covers the management and configuration tasks for the simple network management protocol (SNMP) agent and management information bases (MIBs) available with the BIG-IP Controller.
The BIG-IP SNMP agent and MIBs allow you to manage the BIG-IP Controller by configuring traps for the SNMP agent or polling the controller with your standard network management station (NMS).
You can configure the BIG-IP SNMP agent to send traps to your management system with the Configuration utility. You can also set up custom traps by editing several configuration files.
Security options are available that let you securely manage information collected by the BIG-IP SNMP agent, including Community names, TCP wrappers, and View access control mechanism (VACM).
There are seven basic tasks you must complete in order to use SNMP on the BIG-IP Controller.
The BIG-IP platform includes a private BIG-IP SNMP MIB. This MIB is specifically designed for use with the BIG-IP Controller. You can configure the SNMP settings in the Configuration utility, or on the command line.
SNMP management software requires that you use the MIB files associated with the device. You may obtain two MIB files from the BIG-IP directory /usr/contrib/f5/mibs, or you can download the files from the Additional Software Downloads section of the Configuration utility home page.
For information about the objects defined in the LOAD-BAL-SYSTEM-MIB.txt, refer to the descriptions in the object identifier (OID) section of the MIB file. For information about the objects defined in UCD-SNMP-MIB.txt, refer to RFC 1213.
You need to make changes to several configuration files on the BIG-IP Controller before you use the SNMP agent. Once you change these configuration files, you need to restart the SNMP agent.
This file must be present to deny by default all UDP connections to the SNMP agent. The contents of this file are as follows:
ALL : ALL
The /etc/hosts.allow file is used to specify which hosts are allowed to access the SNMP agent. There are two ways to configure access to the SNMP agent with the /etc/host.allow file. You can type in an IP address, or list of IP addresses, that are allowed to access the SNMP agent, or you can type in an IP address and mask to allow a range of addresses in a subnetwork to access the SNMP agent.
For a specific list of addresses, type in the list of addresses you want to allow to access the SNMP agent. Addresses in the list must be separated by blank space or by commas. The basic syntax is as follows:
daemon: <IP address> <IP address> <IP address>
For example, you can type the following line which sets the SNMP agent to accept connections from the IP addresses specified:
bigsnmpd: 188.8.131.52 184.108.40.206 220.127.116.11
For a range of addresses, the basic syntax is as follows, where daemon is the name of the daemon, and IP/MASK specifies the network that is allowed access. The IP must be a network address:
For example, you might use the following line which sets the bigsnmpd daemon to allow connections from the 18.104.22.168/255.255.255.0 address:
The example above allows the 254 possible hosts from the network address 22.214.171.124 to access the SNMP daemon. Additionally, you may use the keyword ALL to allow access for all hosts or all daemons.
· IP Address or Network Address
Type in an IP address or network address from which the SNMP agent can accept requests. Click the add (>>) button to add the address to the Current List. For a network address, type in a netmask.
If you type a network address in the IP Address or Network Address box, type the netmask for the network address in this box. Click the add (>>) button to add the network address to the Current List.
The /etc/snmpd.conf file controls most of the SNMP agent. This file is used to set up and configure certain traps, passwords, and general SNMP variable names. A few of the necessary variables are listed below:
Note: To change the trap port, the trapport line must precede the trapsink line. If you use more then one trapport line, then there must be one trapport line before each trapsink line. The same follows for trapcommunity. If you use more then one trapcommunity line, then there must be one trapcommunity line before each trapsink line.
· In the System Contact box, enter the contact name and email address for the person who should be contacted if this BIG-IP Controller generates a trap.
· In the Machine Location box, enter a machine location, such as First Floor, or Building 1, that describes the physical location of the BIG-IP Controller.
· In the Community String box, enter a community name. The community name is a clear text password used for basic SNMP security and for grouping machines that you manage.
· Check Auth Trap Enabled to allow traps to be sent for authentication warnings.
· In the Community box, enter the community name to which this BIG-IP controller belongs. Traps sent from this box are sent to the management system managing this community.
· In the Port box, enter the community name to which this BIG-IP controller belongs. Traps sent from this box are sent to the management system managing this community.
· In the Trap box, enter the host that should be notified when a trap is sent by the BIG-IP SNMP agent. After you type the Community, Port, and Trap for the trap sink, click the add (>>) button to add it to the Current List.
To remove a trap sink from the list, click the trap sink you want to remove, and click the remove (<<) button.
The following entry in the /etc/rc.local automatically starts up the SNMP agent when the system boots up (Figure 20.1).
# BIG-IP SNMP Agent
if [ -f /etc/snmpd.conf ]; then
/sbin/bigsnmpd -c /etc/snmpd.conf
If the /etc/snmpd.conf is present on your system, the SNMP agent is automatically started.
This configuration file includes OID, trap, and regular expression mappings. The configuration file specifies whether to send a specific trap based on a regular expression. An excerpt of the configuration file is shown in Figure 20.2.
# Default traps.
.126.96.36.199.4.1.33188.8.131.52.2.6 (ROOT LOGIN) ROOT LOGIN
.184.108.40.206.4.1.33220.127.116.11.2.5 (denial) REQUEST DENIAL
.18.104.22.168.4.1.3322.214.171.124.2.4 (BIG/ip Reset) SYSTEM RESET
.126.96.36.199.4.1.33188.8.131.52.2.3 (Service detected UP) SERVICE UP
.184.108.40.206.4.1.33220.127.116.11.2.2 (Service detected DOWN) SERVICE DOWN
#.18.104.22.168.4.1.3322.214.171.124.2.1 (error) Unknown Error
#.126.96.36.199.4.1.33188.8.131.52.2.1 (failure) Unknown Failure
Some of the OIDs have been permanently mapped to BIG-IP specific events. The OIDs that are permanently mapped for the BIG-IP Controller include:
You may, however, insert your own regular expressions and map them to the 110.1 OID. The /etc/snmptrap.conf file contains two examples for mapping your own OIDs:
By default, the lines for these files are commented out. Use these OIDs for miscellaneous events. When lines match your expression, they are sent to your management software with the 110.2.1 OID.
In order to generate traps, you must configure syslog to send syslog lines to checktrap.pl. If the syslog lines make a match to the specified configuration in the snmptrap.conf file, a valid SNMP trap is generated. The following lines in the /etc/syslog.conf file require the syslog look at information logged, scan the snmptrap.conf file, and determine if a trap should be generated:
local0.* | exec /sbin/checktrap.pl.
local1.* | exec /sbin/checktrap.pl.
auth.* | exec /sbin/checktrap.pl.