NSX Advanced Load Balancer supports SNMPv2c and SNMPv3. SNMPv3 enables user authentication with the server and payload encryption for the messages exchanged with the NSX Advanced Load Balancer Controller.

The MIB file, AVI-NETWORKS-MIB.my, is the same for both SNMPv2c and SNMPv3 implementations and is available for download at https://github.com/vmware/alb-sdk. It contains a description of the NSX Advanced Load Balancer SNMP configuration objects and notifications.

This topic explains the MIB definitions for the NSX Advanced Load Balancer objects and the definitions for the notifications (traps). An example of configuring a custom alert based on an SNMP notification also is provided.

Note:

The authentication type - SHA256 is supported.

Responding to SNMP Queries

To fetch SNMP objects from NSX Advanced Load Balancer, an external host needs to query the SNMP daemon, which runs only on the Controller cluster leader. It is, therefore, best to configure the external host to direct queries to the cluster IP of the NSX Advanced Load Balancer Controller cluster. If cluster IP is unavailable, the external host must know the IP addresses of each Controller, and the host can try three times before it finds the current leader’s SNMP daemon.

Firewall rules must be configured to give that external host access to port 161 on the cluster IP or each of the Controller IPs.

During a brief period, say 1 to 4 minutes, while a Controller cluster is recovering from the failure of its leader, queries to the cluster IP will fail, which the external host can interpret as NSX Advanced Load Balancer is down. However, the data plane (SEs) would be up and delivering virtual services to clients.

Configuring SNMP Polling

To configure the community string for SNMP polling,

  1. Navigate to Administration > System Settings > EDIT > Access.

  2. Under Access, select the required SNMP version and enter the relevant community string in SNMP Community.



Configuring SNMP System

You can configure the common system parameters, for instance, sysName, sysLocation and sysContact in the NSX Advanced Load Balancer Platform. In a Controller cluster, sysName is configured for each Controller node as the node name in the Cluster object. sysLocation and sysContact are specified in SystemConfiguration object. Because the SNMP configuration is specified at the SystemConfiguration object level, it applies to all clouds overseen by the Controller cluster.

Configuring SNMP System Parameters using UI

To configure the SNMP system parameters for SNMPv2, follow the below steps:
  1. Navigate to Administration > System Settings > EDIT > Access.

  2. Under Access, select SNMP V2 as the SNMP version and enter the relevant community string in SNMP Community.



To configure the SNMP system parameters for SNMPv3, follow the below steps:
  1. Navigate to Administration > System Settings > EDIT > Access.

  2. Under Access, select SNMP V3 as the SNMP version and enter the details in the fields.



Configuring SNMP System Parameters using CLI

Version = SNMP_VER2

The following is the CLI to configure the SNMP system parameters:

[admin:10-10-24-96]: > show systemconfiguration
+----------------------------------+----------------------------------+
| Field                            | Value                            |
+----------------------------------+----------------------------------+
| uuid                             | default                          |
| dns_configuration                |                                  |
|   search_domain                  |                                  |
| ntp_configuration                |                                  |
|   ntp_servers[1]                 |                                  |
|     server                       | 0.us.pool.ntp.org                |
|   ntp_servers[2]                 |                                  |
|     server                       | 1.us.pool.ntp.org                |
|   ntp_servers[3]                 |                                  |
|     server                       | 2.us.pool.ntp.org                |
|   ntp_servers[4]                 |                                  |
|     server                       | 3.us.pool.ntp.org                |
| portal_configuration             |                                  |
|   enable_https                   | True                             |
|   redirect_to_https              | True                             |
|   enable_http                    | True                             |
|   sslkeyandcertificate_refs[1]   | System-Default-Portal-Cert       |
|   sslkeyandcertificate_refs[2]   | System-Default-Portal-Cert-EC256 |
|   use_uuid_from_input            | False                            |
|   sslprofile_ref                 | System-Standard                  |
|   enable_clickjacking_protection | True                             |
|   allow_basic_authentication     | True                             |
|   password_strength_check        | False                            |
|   disable_remote_cli_shell       | False                            |
| global_tenant_config             |                                  |
|   tenant_vrf                     | False                            |
|   se_in_provider_context         | True                             |
|   tenant_access_to_provider_se   | True                             |
| email_configuration              |                                  |
|   smtp_type                      | SMTP_LOCAL_HOST                  |
|   from_email                     | [email protected]          |
|   mail_server_name               | localhost                        |
|   mail_server_port               | 25                               |
| docker_mode                      | False                            |
| snmp_configuration               |                                  |
|   community                      | <sensitive>                      |
|   sys_location                   | San Jose, CA                     |
|   sys_contact                    | [email protected]                    |
|   version                        | SNMP_VER2                        |
+----------------------------------+----------------------------------+
[admin:10-10-24-96]: >
Version = SNMP_VER3

The following is the CLI to configure the SNMP system parameters:

[admin:10-10-24-96]: > show systemconfiguration
+----------------------------------+----------------------------------+
| Field                            | Value                            |
+----------------------------------+----------------------------------+
| uuid                             | default                          |
| dns_configuration                |                                  |
|   search_domain                  |                                  |
| ntp_configuration                |                                  |
|   ntp_servers[1]                 |                                  |
|     server                       | 0.us.pool.ntp.org                |
|   ntp_servers[2]                 |                                  |
|     server                       | 1.us.pool.ntp.org                |
|   ntp_servers[3]                 |                                  |
|     server                       | 2.us.pool.ntp.org                |
|   ntp_servers[4]                 |                                  |
|     server                       | 3.us.pool.ntp.org                |
| portal_configuration             |                                  |
|   enable_https                   | True                             |
|   redirect_to_https              | True                             |
|   enable_http                    | True                             |
|   sslkeyandcertificate_refs[1]   | System-Default-Portal-Cert       |
|   sslkeyandcertificate_refs[2]   | System-Default-Portal-Cert-EC256 |
|   use_uuid_from_input            | False                            |
|   sslprofile_ref                 | System-Standard                  |
|   enable_clickjacking_protection | True                             |
|   allow_basic_authentication     | True                             |
|   password_strength_check        | False                            |
|   disable_remote_cli_shell       | False                            |
| global_tenant_config             |                                  |
|   tenant_vrf                     | False                            |
|   se_in_provider_context         | True                             |
|   tenant_access_to_provider_se   | True                             |
| email_configuration              |                                  |
|   smtp_type                      | SMTP_LOCAL_HOST                  |
|   from_email                     | [email protected]          |
|   mail_server_name               | localhost                        |
|   mail_server_port               | 25                               |
| docker_mode                      | False                            |
| snmp_configuration               |                                  |
|   sys_location                   | San Jose, CA                     |
|   sys_contact                    | [email protected]                    |
|   version                        | SNMP_VER3                        |
|   snmp_v3_config                 |                                  |
|     user                         |                                  |
|       username                   | snmpv3user                       |
|       auth_type                  | SNMP_V3_AUTH_SHA                 |
|       auth_passphrase            | <sensitive>                      |
|       priv_type                  | SNMP_V3_PRIV_AES                 |
|       priv_passphrase            | <sensitive>                      |
|     engine_id                    | 0x123456789ABCDEF                |
+----------------------------------+----------------------------------+
[admin:10-10-24-96]: >

Configuring SNMP System Parameters using API

Note:

In the three REST API examples that follow, the portions of the PUT that apply to aspects of the system other than SNMP are excluded. A series of three vertical dots indicate their absence.

API SNMPv2 Configuration

API SNMPv2 Configuration
Note:

For backward compatibility, the omission of the version parameter causes NSX Advanced Load Balancer to default to “SNMP_VER2”.

PUT api/systemconfiguration
{
    .
    .
    .
    "snmp_configuration": {
        "version": "SNMP_VER2", "sys_contact": "[email protected]",
        "community": "public", "sys_location": "San Jose, CA"
    },

    .
    .
    .
}

}
API SNMPv3 Configuration
Note:

If other than SNMPv2 is desired, the version parameter must be explicitly included. It is explicitly set to “SNMP_VER3” as shown in the below example.

As of SNMPv3,

  • The possible values for auth_type are “SNMP_V3_AUTH_MD5” and “SNMP_V3_AUTH_SHA”.

  • The possible values for priv_type are “SNMP_V3_PRIV_AES” and “SNMP_V3_PRIV_DES”.

  • As per the SNMP RFC5343, the snmpEngineID value must be between 5 and 32 octets long. It is recommended to use decimal format to configure Engine ID.

  • For RFC5343 compliant engineid, the engineid text in configuration should be between 1 to 27 characters.

PUT api/systemconfiguration
{
    .
    .
    .
    "snmp_configuration": {
            "version": "SNMP_VER3", "sys_contact": "[email protected]",
            "snmp_v3_config": {
            "user":
            { "username": "snmpv3user", "auth_type": "SNMP_V3_AUTH_MD5",
             "priv_passphrase": "<sensitive>", "auth_passphrase": "<sensitive>",
              "priv_type": "SNMP_V3_PRIV_AES" },
              "engine_id": "0x8000000001020304"
              }
        },

    .
    .
    .
}

}