Avi Load Balancer supports SNMPv2c and SNMPv3. SNMPv3 enables user authentication with the server and payload encryption for the messages exchanged with the Avi Load Balancer Controller.
The MIB file, AVI-NETWORKS-MIB.my, is the same for both SNMPv2c and SNMPv3 implementations and is available for download at https://github.com/vmware/alb-sdk. It contains a description of the Avi Load Balancer SNMP configuration objects and notifications.
This topic explains the MIB definitions for the Avi Load Balancer objects and the definitions for the notifications (traps). An example of configuring a custom alert based on an SNMP notification also is provided.
The authentication type - SHA256 is supported.
Responding to SNMP Queries
To fetch SNMP objects from Avi Load Balancer, an external host needs to query the SNMP daemon, which runs only on the Controller cluster leader. It is, therefore, best to configure the external host to direct queries to the cluster IP of the Avi Load Balancer Controller cluster. If cluster IP is unavailable, the external host must know the IP addresses of each Controller, and the host can try three times before it finds the current leader’s SNMP daemon.
Firewall rules must be configured to give that external host access to port 161 on the cluster IP or each of the Controller IPs.
During a brief period, say 1 to 4 minutes, while a Controller cluster is recovering from the failure of its leader, queries to the cluster IP will fail, which the external host can interpret as Avi Load Balancer is down. However, the data plane (SEs) would be up and delivering virtual services to clients.
Configuring SNMP Polling
To configure the community string for SNMP polling,
Navigate to
.Under Access, select the required SNMP version and enter the relevant community string in SNMP Community.
Configuring SNMP System
You can configure the common system parameters, for instance, sysName, sysLocation and sysContact in the Avi Load Balancer Platform. In a Controller cluster, sysName is configured for each Controller node as the node name in the Cluster object. sysLocation and sysContact are specified in SystemConfiguration object. Because the SNMP configuration is specified at the SystemConfiguration object level, it applies to all clouds overseen by the Controller cluster.
Configuring SNMP System Parameters using UI
- To configure the SNMP system parameters for SNMPv2, follow the steps:
-
Navigate to
.Under Access, select SNMP V2 as the SNMP version and enter the relevant community string in SNMP Community.
- To configure the SNMP system parameters for SNMPv3, follow the below steps:
-
Navigate to
.Under Access, select SNMP V3 as the SNMP version and enter the details in the fields.
Configuring SNMP System Parameters using CLI
- Version = SNMP_VER2
-
The following is the CLI to configure the SNMP system parameters:
[admin:10-10-24-96]: > show systemconfiguration +----------------------------------+----------------------------------+ | Field | Value | +----------------------------------+----------------------------------+ | uuid | default | | dns_configuration | | | search_domain | | | ntp_configuration | | | ntp_servers[1] | | | server | 0.us.pool.ntp.org | | ntp_servers[2] | | | server | 1.us.pool.ntp.org | | ntp_servers[3] | | | server | 2.us.pool.ntp.org | | ntp_servers[4] | | | server | 3.us.pool.ntp.org | | portal_configuration | | | enable_https | True | | redirect_to_https | True | | enable_http | True | | sslkeyandcertificate_refs[1] | System-Default-Portal-Cert | | sslkeyandcertificate_refs[2] | System-Default-Portal-Cert-EC256 | | use_uuid_from_input | False | | sslprofile_ref | System-Standard | | enable_clickjacking_protection | True | | allow_basic_authentication | True | | password_strength_check | False | | disable_remote_cli_shell | False | | global_tenant_config | | | tenant_vrf | False | | se_in_provider_context | True | | tenant_access_to_provider_se | True | | email_configuration | | | smtp_type | SMTP_LOCAL_HOST | | from_email | [email protected] | | mail_server_name | localhost | | mail_server_port | 25 | | docker_mode | False | | snmp_configuration | | | community | <sensitive> | | sys_location | San Jose, CA | | sys_contact | [email protected] | | version | SNMP_VER2 | +----------------------------------+----------------------------------+ [admin:10-10-24-96]: >
- Version = SNMP_VER3
-
The following is the CLI to configure the SNMP system parameters:
[admin:10-10-24-96]: > show systemconfiguration +----------------------------------+----------------------------------+ | Field | Value | +----------------------------------+----------------------------------+ | uuid | default | | dns_configuration | | | search_domain | | | ntp_configuration | | | ntp_servers[1] | | | server | 0.us.pool.ntp.org | | ntp_servers[2] | | | server | 1.us.pool.ntp.org | | ntp_servers[3] | | | server | 2.us.pool.ntp.org | | ntp_servers[4] | | | server | 3.us.pool.ntp.org | | portal_configuration | | | enable_https | True | | redirect_to_https | True | | enable_http | True | | sslkeyandcertificate_refs[1] | System-Default-Portal-Cert | | sslkeyandcertificate_refs[2] | System-Default-Portal-Cert-EC256 | | use_uuid_from_input | False | | sslprofile_ref | System-Standard | | enable_clickjacking_protection | True | | allow_basic_authentication | True | | password_strength_check | False | | disable_remote_cli_shell | False | | global_tenant_config | | | tenant_vrf | False | | se_in_provider_context | True | | tenant_access_to_provider_se | True | | email_configuration | | | smtp_type | SMTP_LOCAL_HOST | | from_email | [email protected] | | mail_server_name | localhost | | mail_server_port | 25 | | docker_mode | False | | snmp_configuration | | | sys_location | San Jose, CA | | sys_contact | [email protected] | | version | SNMP_VER3 | | snmp_v3_config | | | user | | | username | snmpv3user | | auth_type | SNMP_V3_AUTH_SHA | | auth_passphrase | <sensitive> | | priv_type | SNMP_V3_PRIV_AES | | priv_passphrase | <sensitive> | | engine_id | 0x123456789ABCDEF | +----------------------------------+----------------------------------+ [admin:10-10-24-96]: >
Configuring SNMP System Parameters using API
In the three REST API examples that follow, the portions of the PUT that apply to aspects of the system other than SNMP are excluded. A series of three vertical dots indicate their absence.
API SNMPv2 Configuration
- API SNMPv2 Configuration
-
Note:
For backward compatibility, the omission of the version parameter causes Avi Load Balancer to default to
“SNMP_VER2”
.PUT api/systemconfiguration { . . . "snmp_configuration": { "version": "SNMP_VER2", "sys_contact": "[email protected]", "community": "public", "sys_location": "San Jose, CA" }, . . . } }
- API SNMPv3 Configuration
-
Note:
If other than SNMPv2 is desired, the version parameter must be explicitly included. It is explicitly set to
“SNMP_VER3”
as shown in the below example.As of SNMPv3,
The possible values for
auth_type
are“SNMP_V3_AUTH_MD5”
and“SNMP_V3_AUTH_SHA”
.The possible values for
priv_type
are“SNMP_V3_PRIV_AES”
and“SNMP_V3_PRIV_DES”
.As per the SNMP RFC5343, the snmpEngineID value must be between 5 and 32 octets long. It is recommended to use decimal format to configure Engine ID.
For RFC5343 compliant engineid, the engineid text in configuration should be between 1 to 27 characters.
PUT api/systemconfiguration { . . . "snmp_configuration": { "version": "SNMP_VER3", "sys_contact": "[email protected]", "snmp_v3_config": { "user": { "username": "snmpv3user", "auth_type": "SNMP_V3_AUTH_MD5", "priv_passphrase": "<sensitive>", "auth_passphrase": "<sensitive>", "priv_type": "SNMP_V3_PRIV_AES" }, "engine_id": "0x8000000001020304" } }, . . . } }