[SNMP]: Modify minigraph parser to update SNMP_AGENT_ADDRESS_CONFIG #17045
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
table Signed-off-by: Suvarna Meenakshi <[email protected]>
Signed-off-by: Suvarna Meenakshi <[email protected]>
Signed-off-by: Suvarna Meenakshi <[email protected]>
SuvarnaMeenakshi
requested review from
dgsudharsan,
venkatmahalingam,
arlakshm and
abdosi
|
/azp run |
|
Commenter does not have sufficient privileges for PR 17045 in repo sonic-net/sonic-buildimage |
arlakshm
reviewed
Nov 4, 2023
This was referenced Nov 16, 2023
Open
when using SNMP_AGENT_ADDRESS_CONFIG. Signed-off-by: Suvarna Meenakshi <[email protected]>
arlakshm
previously approved these changes
Nov 20, 2023
and not just Loopback0 Signed-off-by: Suvarna Meenakshi <[email protected]>
qiluo-msft
reviewed
Nov 28, 2023
| @@ -1717,6 +1718,19 @@ def parse_xml(filename, platform=None, port_config_file=None, asic_name=None, hw | |||
| results['LOOPBACK_INTERFACE'][host_lo_intf[0]] = {} | |||
|
|
|||
| results['MGMT_VRF_CONFIG'] = mvrf | |||
| # Update SNMP_AGENT_ADDRESS_CONFIG with Management IP and Loopback IP | |||
| # if available. | |||
| if not is_multi_asic() and asic_name is None: | |||
There was a problem hiding this comment.
For host namespace, asic_name will be None and SNMP_AGENT_ADDRESS_CONFIG is only required for host namespace in case of multi-asic devices. For single asic device asic_name will always be None, but added this check to ensure that we only generate for host namespace.
Minigraph parser generates config for host and each namespace separately.
This is done by passing the right asic_name/
qiluo-msft
reviewed
Nov 28, 2023
src/sonic-config-engine/minigraph.py
Outdated
| snmp_key = mgmt_if[1].split('/')[0] + '|' + str(port) + '|' | ||
| results['SNMP_AGENT_ADDRESS_CONFIG'][snmp_key] = {} | ||
| # Add Loopback IP as agent address for single asic | ||
| for loip in results['LOOPBACK_INTERFACE']: |
There was a problem hiding this comment.
the len(loip) is to make sure that the loip inside LOOPBACK_INTERFACE is actually in the format <name of interface>|<IP address> and not just the name of the IP address.
For example, we have
"LOOPBACK_INTERFACE": {
"Loopback0": {}, ------------------ This does not contain the IP address, so we don't need to parse this.
"Loopback0|10.1.0.32/32": {}, ---- here the len(loip) will be 2 and we will be able to get the IP address.
(Pdb) loip
('Loopback0', '10.1.0.32/32')
(Pdb) len(loip)
2
There was a problem hiding this comment.
results['MGMT_INTERFACE'] is generated by this script itself, it is more efficient to parse from original data, not parsing from generated data.
There was a problem hiding this comment.
Makes sense, I have modified as suggested.
qiluo-msft
reviewed
Nov 28, 2023
qiluo-msft
reviewed
Nov 28, 2023
| @@ -1717,6 +1718,19 @@ def parse_xml(filename, platform=None, port_config_file=None, asic_name=None, hw | |||
| results['LOOPBACK_INTERFACE'][host_lo_intf[0]] = {} | |||
|
|
|||
| results['MGMT_VRF_CONFIG'] = mvrf | |||
| # Update SNMP_AGENT_ADDRESS_CONFIG with Management IP and Loopback IP | |||
| # if available. | |||
| if not is_multi_asic() and asic_name is None: | |||
qiluo-msft
reviewed
Nov 28, 2023
| @@ -1717,6 +1718,19 @@ def parse_xml(filename, platform=None, port_config_file=None, asic_name=None, hw | |||
| results['LOOPBACK_INTERFACE'][host_lo_intf[0]] = {} | |||
|
|
|||
| results['MGMT_VRF_CONFIG'] = mvrf | |||
| # Update SNMP_AGENT_ADDRESS_CONFIG with Management IP and Loopback IP | |||
| # if available. | |||
| if not is_multi_asic() and asic_name is None: | |||
There was a problem hiding this comment.
I want to check if the device is single asic, then update SNMP_AGENT_ADDRESS_CONFIG.
Hence checking "not is_multi_asic()".
No change required for multi-asic.
Signed-off-by: Suvarna Meenakshi <[email protected]>
Signed-off-by: Suvarna Meenakshi <[email protected]>
review comment. Signed-off-by: Suvarna Meenakshi <[email protected]>
Signed-off-by: Suvarna Meenakshi <[email protected]>
|
Is it a feature in 202205 branch? If so, we will also require the change in NDM side. |
This change will be only in master and not in 202205/2023 branches. |
qiluo-msft
approved these changes
Dec 2, 2023
wen587
approved these changes
Dec 4, 2023
mssonicbld
pushed a commit
to mssonicbld/sonic-buildimage
that referenced
this pull request
Feb 2, 2024
…able (sonic-net#17045) #### Why I did it SNMP query over IPv6 does not work due to issue in net-snmp where IPv6 query does not work on multi-nic environment. To get around this, if snmpd listens on specific ipv4 or ipv6 address, then the issue is not seen. We plan to configure Management IP and Loopback IP configured in minigraph.xml as SNMP_AGENT_ADDRESS in config_db., based on changes discussed in sonic-net/SONiC#1457. ##### Work item tracking - Microsoft ADO **(number only)**:26091228 #### How I did it Modify minigraph parser to update SNMP_AGENT_ADDRESS_CONFIG with management and Loopback0 IP addresses. Modify snmpd.conf.j2 to use SNMP_AGENT_ADDRESS_CONFIG table if it is present in config_db, if not listen on any IP. Main change: 1. if minigraph.xml is used to configure the device, then snmpd will listen on mgmt and loopback IP addresses, 2. if config_db is used to configure the device, snmpd will listen IP present in SNMP_AGENT_ADDRESS_CONFIG if that table is present, if table is not present snmpd will listen on any IP. #### How to verify it config_db.json created from minigraph.xml for single asic VS image with mgmt and Loopback IP addresses. ``` "SNMP_AGENT_ADDRESS_CONFIG": { "10.1.0.32|161|": {}, "10.250.0.101|161|": {}, "FC00:1::32|161|": {}, "fec0::ffff:afa:1|161|": {} }, ..... snmpd listening on the above IP addresses: admin@vlab-01:~$ sudo netstat -tulnp | grep 161 tcp 0 0 127.0.0.1:3161 0.0.0.0:* LISTEN 71522/snmpd udp 0 0 10.250.0.101:161 0.0.0.0:* 71522/snmpd udp 0 0 10.1.0.32:161 0.0.0.0:* 71522/snmpd udp6 0 0 fec0::ffff:afa:1:161 :::* 71522/snmpd udp6 0 0 fc00:1::32:161 :::* 71522/snmpd ```
|
Cherry-pick PR to 202311: #17986 |
mssonicbld
pushed a commit
that referenced
this pull request
Feb 2, 2024
…able (#17045) #### Why I did it SNMP query over IPv6 does not work due to issue in net-snmp where IPv6 query does not work on multi-nic environment. To get around this, if snmpd listens on specific ipv4 or ipv6 address, then the issue is not seen. We plan to configure Management IP and Loopback IP configured in minigraph.xml as SNMP_AGENT_ADDRESS in config_db., based on changes discussed in sonic-net/SONiC#1457. ##### Work item tracking - Microsoft ADO **(number only)**:26091228 #### How I did it Modify minigraph parser to update SNMP_AGENT_ADDRESS_CONFIG with management and Loopback0 IP addresses. Modify snmpd.conf.j2 to use SNMP_AGENT_ADDRESS_CONFIG table if it is present in config_db, if not listen on any IP. Main change: 1. if minigraph.xml is used to configure the device, then snmpd will listen on mgmt and loopback IP addresses, 2. if config_db is used to configure the device, snmpd will listen IP present in SNMP_AGENT_ADDRESS_CONFIG if that table is present, if table is not present snmpd will listen on any IP. #### How to verify it config_db.json created from minigraph.xml for single asic VS image with mgmt and Loopback IP addresses. ``` "SNMP_AGENT_ADDRESS_CONFIG": { "10.1.0.32|161|": {}, "10.250.0.101|161|": {}, "FC00:1::32|161|": {}, "fec0::ffff:afa:1|161|": {} }, ..... snmpd listening on the above IP addresses: admin@vlab-01:~$ sudo netstat -tulnp | grep 161 tcp 0 0 127.0.0.1:3161 0.0.0.0:* LISTEN 71522/snmpd udp 0 0 10.250.0.101:161 0.0.0.0:* 71522/snmpd udp 0 0 10.1.0.32:161 0.0.0.0:* 71522/snmpd udp6 0 0 fec0::ffff:afa:1:161 :::* 71522/snmpd udp6 0 0 fc00:1::32:161 :::* 71522/snmpd ```
yxieca
added
Included in 202311 Branch
and removed
Approved for 202311 Branch
Created PR to 202311 Branch
labels
11 tasks
lguohan
pushed a commit
that referenced
this pull request
May 12, 2024
) Why I did it 1. fix [snmp] Snmpd fails to start when mgmt or Loopback interface is configured with Link local IPv6 address #16001 2. fix Timeout error while fetching response using snmpget #17807 #17045 modified minigraph parser to use management and loopback IPs to support SNMP query over IPv6. With this fix, if mgmt or loopback IP contains link local IP, that will not work as link local IP has to be appended with scope id associating the IP address to a specific interface. This PR change is to ensure that snmp works with link local IPv6 address. How I did it Modify minigraph parser to append the Ip address with % scope id if snmp agent address being used is link local IP address. Modify snmpd.conf.j2 to take this change while checking if an IP address is ipv4 or ipv6. How to verify it Verified by configuring link local ipv6 address. Last login: Wed Mar 13 01:45:09 2024 from 10.1.84.57 admin@<>:~$ sudo netstat -tulnp | grep 161 ... udp6 0 0 fe80::f6ee:31ff:fe9:161 :::* 70355/snmpd Signed-off-by: Suvarna Meenakshi <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
table
Why I did it
SNMP query over IPv6 does not work due to issue in net-snmp where IPv6 query does not work on multi-nic environment.
To get around this, if snmpd listens on specific ipv4 or ipv6 address, then the issue is not seen.
We plan to configure Management IP and Loopback IP configured in minigraph.xml as SNMP_AGENT_ADDRESS in config_db., based on changes discussed in sonic-net/SONiC#1457.
Work item tracking
How I did it
Modify minigraph parser to update SNMP_AGENT_ADDRESS_CONFIG with management and Loopback0 IP addresses.
Modify snmpd.conf.j2 to use SNMP_AGENT_ADDRESS_CONFIG table if it is present in config_db, if not listen on any IP.
Main change:
How to verify it
config_db.json created from minigraph.xml for single asic VS image with mgmt and Loopback IP addresses.
Which release branch to backport (provide reason below if selected)
Tested branch (Please provide the tested image version)
Description for the changelog
Link to config_db schema for YANG module changes
A picture of a cute animal (not mandatory but encouraged)