Linux Kernel AgentX Sub-Agents

Linux Kernel AgentX Sub-Agents

Oliver [email protected]

Institute of Operating Systems and Computer Networks

Technical University Braunschweig, Germany

page 1/20Oliver Wellnitz, IBR, TU Braunschweig Diplomanden- und Doktorandenseminar, October 2002

Linux Kernel AgentX sub-agents

http://www.ibr.cs.tu-bs.de/~wellnitz/kagentxd/

http://www.ibr.cs.tu-bs.de/~wellnitz/

Overview

� Network Managment (SNMP and AgentX)

� Motivation

� Linux Kernel Implementation

� Conclusions and Outlook



Why Network Management?

� Large computer networks cannot be managed manually

� Heterogeneous LANs

� Network management is essential

Standard network managment protocol in the Internet:

Simple network managment protocol (SNMP)



Simple Network Management Protocol

SNMP contains three principal components:

� SNMP managerrequests and processes information from SNMP agents

� SNMP agentson each device, provides management information to SNMPmanagers

� Management Information Bases (MIBs)define the data models of certain management areas,contain scalars and tables, MIB tree



Simple Network Managment Protocol (cont.)

SNMP agents

Get/Set

Notification

SNMP manager

Get/Set

Notification

Get/SetNotification

! Power

COL 1 2 3 4 5 6 7 8 1 2 3 6 25 50 801210010

Ether 10/100

� ��

� � � ��

� � � ��



Extensible Agents

Goals

� Seperate SNMP protocol engine from MIB instrumentation

� Facilitate the (dynamic) extension with new MIB modules

� Extensible agents should be transparent for managers

Get / Set / Traps

Get / Set / Traps

Protocol

Get / Set

SNMPProtocol

Traps

SNMP Agent

Subagent

Subagent

SNMPSNMPManager

SubagentMaster Agent



Subagent Protocols

� SNMP multiplexing protocol (SMUX),RFC 1227, May 1991

� SNMP distributed programm interface (DPI),RFC 1228, May 1991

� Enhanced MANagement Agent Through Extensions(EMANATE), commercial product

� Agent eXtensibility (AgentX),RFC 2741, January 2000



AgentX Protocol Features

� Simplified variable enconding (SNMP uses ASN.1/BER)

� No authentication, no encryption ( � simple to implement)

� Registration conflict arbitration

� Index allocation

� Multiple sessions with one connection

� Multiphase set operation

� Mature (First subagent protocol on IETF’s standards track)



Motivation

Problems of today’s userspace SNMP agents for Linux

� Various methods to gather information from the kernel(ioctl, specific system call, /proc filesystem)

� Specific kernel interfaces may change

� SNMP Notifications are difficult to implement

� Functionality and management of kernel subsystem are splitand often diverge



Management Architecture Overview

......

Master AgentSNMP AgentX Module

SubsystemKernelUserspaceUserspace

SubagentUserspace

SubagentUserspace

KernelUserspace

Kernel

SubagentKernel

SubagentKernel

MgmtInfo

MgmtInfo

MgmtInfo

MgmtInfo

SubsystemSubsystemSubsystem



Kernel AgentX Architecture

SNMP

Masteragent

Ag

entX

mo

du

leM

IB m

od

ules

functions

Notificationemitting

functions

Notificationemitting

functionsCallback

functionsCallback

Socket layer

Session layer

AgentX protocol layer

Receivingthread

specific layerMIB / subsystemKernel subsystem

Kernel subsystem



Subagent Registration

� Register MIB region

� Registration contains list of callback functions

� More than one registration is possible

� Callback functions handle all requests for a specific MIBsubregion

� Asynchronous subagent registration does not depend on masteragent



Get / GetNext / GetBulk Processing

� Transfrom GetNext / GetBulk into (several) Get requests

� Subagent callback functions work on a single variable

� Split up large requests and reassemble responses(Multiplexing)

� Produce errors for requests that cannot be assigned to asubagent callback function



Example: GetBulk processing

BB

B CA

CAA

C C

Manager

Subagent

SNMP

SNMP Agent

Subagent

1 2AgentXSNMP

Master agent module



Set Transaction

Start

Success

Success

AbortTransactionfailed

Transactioncompleted

TestSet

CommitSet

CleanupSet

UndoSet

Transactionaborted

� Four different AgentX PDUs

� Multiphase set operation to maintain atomic nature of SNMPset requests (all-or-nothing)

� Multiplexing similar to Get/GetNext/GetBulk requests

� Stateless subagents; Undo data is stored within the AgentXmodule



Implemented MIB Modules

� Interfaces MIB (IF-MIB, RFC 2863) module

�

Read-only informational elements (ifname, speed, mtu, etc.)

�

Can set interface up/down via ifAdminStatus

�

Can send trap when interface status changes

�

Standalone kernel module

� Linux Netfilter MIB module

�

No exisiting MIB, developed our own (with Frank Strauß)

�

Focuses on Netfilter core functions

�

Can show / alter / add Netfilter rules

�

Integrated in the Netfilter subsystem



Conclusions

Easy access to information from inside the kernel

Can efficiently support SNMP notifications

Kernel subsystem and management are integrated

Requires little knowledge of SNMP or AgentX protocol

No immediate information gain except for notifications

Programming inside the kernel is more critical to machinestability



Outlook

� Not publicly released yet but planned to

� Get feedback from the network management and the Linuxcommunity

� Implement more Standard MIBs



Links

Linux Kernel AgentX sub-agents, Diplomarbeit, September 2002http://www.ibr.cs.tu-bs.de/ �wellnitz/kagentxd/

The Simple Webhttp://www.simpleweb.org

IETF AgentX Working Grouphttp://www.scguild.com/agentx/

The NET-SNMP projecthttp://www.net-snmp.org



http://www.ibr.cs.tu-bs.de/~wellnitz/kagentxd

http://www.simpleweb.org

http://www.scguild.com/agentx/

http://www.net-snmp.org

Thanks for listening.

Questions? Comments?



Documents

Linux Kernel AgentX Sub-Agents